Authentication settings¶
By default, an iLO has only one user account: Administrator. But via the API you can create more users and manipulate them. It’s also possible to import SSH keys, configure kerberos settings and configure single-sign on. Some methods accept a lot of arguments, for details on what these arguments mean, I will refer to the ilo scripting guide.
-
class
hpilo.Ilo -
get_all_users()¶ Get a list of all loginnames
>>> ilo.get_all_users() ['Administrator']
-
get_all_user_info()¶ Get basic and authorization info of all users
>>> ilo.get_all_user_info() {'Administrator': {'admin_priv': True, 'config_ilo_priv': True, 'remote_cons_priv': True, 'reset_server_priv': True, 'user_login': 'Administrator', 'user_name': 'Administrator', 'virtual_media_priv': True}}
-
get_user(user_login)¶ Get user info about a specific user
>>> ilo.get_user(user_login='Administrator') {'admin_priv': True, 'config_ilo_priv': True, 'remote_cons_priv': True, 'reset_server_priv': True, 'user_login': 'Administrator', 'user_name': 'Administrator', 'virtual_media_priv': True}
-
add_user(user_login, user_name, password, admin_priv=False, remote_cons_priv=True, reset_server_priv=False, virtual_media_priv=False, config_ilo_priv=True)¶ Add a new user to the iLO interface with the specified name, password and permissions. Permission attributes should be boolean values.
-
mod_user(user_login, user_name=None, password=None, admin_priv=None, remote_cons_priv=None, reset_server_priv=None, virtual_media_priv=None, config_ilo_priv=None)¶ Set attributes for a user, only specified arguments will be changed. All arguments except user_name and password should be boolean
-
delete_user(user_login)¶ Delete the specified user from the ilo
-
import_ssh_key(user_login, ssh_key)¶ Imports an SSH key for the specified user. The value of ssh_key should be the content of an id_dsa.pub or id_rsa.pub file
-
delete_ssh_key(user_login)¶ Delete a users SSH key
-
get_dir_config()¶ Get directory authentication configuration
>>> ilo.get_dir_config() {'dir_authentication_enabled': False, 'dir_enable_grp_acct': False, 'dir_grpacct1_name': 'Administrators', 'dir_grpacct1_priv': '1,2,3,4,5,6', 'dir_grpacct1_sid': '', 'dir_grpacct2_name': 'Authenticated Users', 'dir_grpacct2_priv': 6, 'dir_grpacct2_sid': 'S-1-5-11', 'dir_kerberos_enabled': False, 'dir_kerberos_kdc_address': '', 'dir_kerberos_kdc_port': 88, 'dir_kerberos_realm': '', 'dir_local_user_acct': True, 'dir_object_dn': '', 'dir_server_address': '', 'dir_server_port': 636, 'dir_user_context_1': '', 'dir_user_context_10': '', 'dir_user_context_11': '', 'dir_user_context_12': '', 'dir_user_context_13': '', 'dir_user_context_14': '', 'dir_user_context_15': '', 'dir_user_context_2': '', 'dir_user_context_3': '', 'dir_user_context_4': '', 'dir_user_context_5': '', 'dir_user_context_6': '', 'dir_user_context_7': '', 'dir_user_context_8': '', 'dir_user_context_9': ''}
-
mod_dir_config(dir_authentication_enabled=None, dir_local_user_acct=None, dir_server_address=None, dir_server_port=None, dir_object_dn=None, dir_object_password=None, dir_user_context_1=None, dir_user_context_2=None, dir_user_context_3=None, dir_user_context_4=None, dir_user_context_5=None, dir_user_context_6=None, dir_user_context_7=None, dir_user_context_8=None, dir_user_context_9=None, dir_user_context_10=None, dir_user_context_11=None, dir_user_context_12=None, dir_user_context_13=None, dir_user_context_14=None, dir_user_context_15=None, dir_enable_grp_acct=None, dir_kerberos_enabled=None, dir_kerberos_realm=None, dir_kerberos_kdc_address=None, dir_kerberos_kdc_port=None, dir_kerberos_keytab=None, dir_generic_ldap_enabled=None, dir_grpacct1_name=None, dir_grpacct1_sid=None, dir_grpacct1_priv=None, dir_grpacct2_name=None, dir_grpacct2_sid=None, dir_grpacct2_priv=None, dir_grpacct3_name=None, dir_grpacct3_sid=None, dir_grpacct3_priv=None, dir_grpacct4_name=None, dir_grpacct4_sid=None, dir_grpacct4_priv=None, dir_grpacct5_name=None, dir_grpacct5_sid=None, dir_grpacct5_priv=None, dir_grpacct6_name=None, dir_grpacct6_sid=None, dir_grpacct6_priv=None)¶ Modify iLO directory configuration, only values that are specified will be changed.
-
start_dir_test(dir_admin_distinguished_name, dir_admin_password, test_user_name, test_user_password)¶ Test directory authentication with the specified credentials
-
get_dir_test_results()¶ Get the results of the authentication directory test
>>> ilo.get_dir_test_results() {'bind_to_directory_server': {'description': 'LDAP Server Error (2) Server Error Message: unsupported or invalid version', 'status': 'Failed'}, 'connect_to_directory_server': {'description': '', 'status': 'Success'}, 'connect_using_ssl': {'description': 'Certificate subject Mismatch, verify OK, error code 20 (unable to get local issuer certificate), Subject /CN="ldap-server" Issued By /CN="provisioning', 'status': 'Warning'}, 'directory_administrator_login': {'description': 'LDAP Server Error (2) Server Error Message: unsupported or invalid version', 'status': 'Failed'}, 'directory_server_dns_name': {'description': 'Directory Server address ldap.example.com resolved to: 10.1.2.3', 'status': 'Success'}, 'directory_user_contexts': {'description': 'LDAP Server Error (2) Server Error Message: unsupported or invalid version', 'status': 'Failed'}, 'lom_object_exists': {'description': 'LDAP Server Error (2) Server Error Message: unsupported or invalid version', 'status': 'Failed'}, 'ping_directory_server': {'description': 'Response received from: 10.1.2.3', 'status': 'Success'}, 'user_authentication': {'description': 'Unable to authenticate test user foo [Invalid credentials]', 'status': 'Failed'}, 'user_authorization': {'description': 'LDAP Server Error (2) Server Error Message: unsupported or invalid version', 'status': 'Failed'}}
-
abort_dir_test()¶ Abort authentication directory test
-
get_sso_settings()¶ Get the HP SIM Single Sign-On settings
>>> ilo.get_sso_settings() {'administrator_role': {'admin_priv': True, 'cfg_ilo_priv': True, 'login_priv': True, 'remote_cons_priv': True, 'reset_server_priv': True, 'virtual_media_priv': True}, 'operator_role': {'admin_priv': False, 'cfg_ilo_priv': False, 'login_priv': True, 'remote_cons_priv': True, 'reset_server_priv': True, 'virtual_media_priv': True}, 'trust_mode': 'DISABLED', 'user_role': {'admin_priv': False, 'cfg_ilo_priv': False, 'login_priv': True, 'remote_cons_priv': False, 'reset_server_priv': False, 'virtual_media_priv': False}}
-
mod_sso_settings(trust_mode=None, user_remote_cons_priv=None, user_reset_server_priv=None, user_virtual_media_priv=None, user_config_ilo_priv=None, user_admin_priv=None, operator_login_priv=None, operator_remote_cons_priv=None, operator_reset_server_priv=None, operator_virtual_media_priv=None, operator_config_ilo_priv=None, operator_admin_priv=None, administrator_login_priv=None, administrator_remote_cons_priv=None, administrator_reset_server_priv=None, administrator_virtual_media_priv=None, administrator_config_ilo_priv=None, administrator_admin_priv=None)¶
-
add_sso_server(server=None, import_from=None, certificate=None)¶ Add an SSO server by name (only if SSO trust level is lowered) or by importing a certificate from a server or directly
-
delete_sso_server(index)¶ Delete an SSO server by index
-
get_twofactor_settings()¶ Get two-factor authentication settings
>>> ilo.get_twofactor_settings() {'auth_twofactor_enable': False, 'cert_owner_subject': None, 'cert_revocation_check': False}
-
mod_twofactor_settings(auth_twofactor_enable=None, cert_revocation_check=None, cert_owner_san=None, cert_owner_subject=None)¶ Modify the twofactor authentication settings
-