Authentication settings

By default, an iLO has only one user account: Administrator. But via the API you can create more users and manipulate them. It’s also possible to import SSH keys, configure kerberos settings and configure single-sign on. Some methods accept a lot of arguments, for details on what these arguments mean, I will refer to the ilo scripting guide.

class hpilo.Ilo
get_all_users()

Get a list of all loginnames

>>> ilo.get_all_users()
['Administrator']
get_all_user_info()

Get basic and authorization info of all users

>>> ilo.get_all_user_info()
{'Administrator': {'admin_priv': True,
                   'config_ilo_priv': True,
                   'remote_cons_priv': True,
                   'reset_server_priv': True,
                   'user_login': 'Administrator',
                   'user_name': 'Administrator',
                   'virtual_media_priv': True}}
get_user(user_login)

Get user info about a specific user

>>> ilo.get_user(user_login='Administrator')
{'admin_priv': True,
 'config_ilo_priv': True,
 'remote_cons_priv': True,
 'reset_server_priv': True,
 'user_login': 'Administrator',
 'user_name': 'Administrator',
 'virtual_media_priv': True}
add_user(user_login, user_name, password, admin_priv=False, remote_cons_priv=True, reset_server_priv=False, virtual_media_priv=False, config_ilo_priv=True)

Add a new user to the iLO interface with the specified name, password and permissions. Permission attributes should be boolean values.

mod_user(user_login, user_name=None, password=None, admin_priv=None, remote_cons_priv=None, reset_server_priv=None, virtual_media_priv=None, config_ilo_priv=None)

Set attributes for a user, only specified arguments will be changed. All arguments except user_name and password should be boolean

delete_user(user_login)

Delete the specified user from the ilo

import_ssh_key(user_login, ssh_key)

Imports an SSH key for the specified user. The value of ssh_key should be the content of an id_dsa.pub or id_rsa.pub file

delete_ssh_key(user_login)

Delete a users SSH key

get_dir_config()

Get directory authentication configuration

>>> ilo.get_dir_config()
{'dir_authentication_enabled': False,
 'dir_enable_grp_acct': False,
 'dir_grpacct1_name': 'Administrators',
 'dir_grpacct1_priv': '1,2,3,4,5,6',
 'dir_grpacct1_sid': '',
 'dir_grpacct2_name': 'Authenticated Users',
 'dir_grpacct2_priv': 6,
 'dir_grpacct2_sid': 'S-1-5-11',
 'dir_kerberos_enabled': False,
 'dir_kerberos_kdc_address': '',
 'dir_kerberos_kdc_port': 88,
 'dir_kerberos_realm': '',
 'dir_local_user_acct': True,
 'dir_object_dn': '',
 'dir_server_address': '',
 'dir_server_port': 636,
 'dir_user_context_1': '',
 'dir_user_context_10': '',
 'dir_user_context_11': '',
 'dir_user_context_12': '',
 'dir_user_context_13': '',
 'dir_user_context_14': '',
 'dir_user_context_15': '',
 'dir_user_context_2': '',
 'dir_user_context_3': '',
 'dir_user_context_4': '',
 'dir_user_context_5': '',
 'dir_user_context_6': '',
 'dir_user_context_7': '',
 'dir_user_context_8': '',
 'dir_user_context_9': ''}
mod_dir_config(dir_authentication_enabled=None, dir_local_user_acct=None, dir_server_address=None, dir_server_port=None, dir_object_dn=None, dir_object_password=None, dir_user_context_1=None, dir_user_context_2=None, dir_user_context_3=None, dir_user_context_4=None, dir_user_context_5=None, dir_user_context_6=None, dir_user_context_7=None, dir_user_context_8=None, dir_user_context_9=None, dir_user_context_10=None, dir_user_context_11=None, dir_user_context_12=None, dir_user_context_13=None, dir_user_context_14=None, dir_user_context_15=None, dir_enable_grp_acct=None, dir_kerberos_enabled=None, dir_kerberos_realm=None, dir_kerberos_kdc_address=None, dir_kerberos_kdc_port=None, dir_kerberos_keytab=None, dir_generic_ldap_enabled=None, dir_grpacct1_name=None, dir_grpacct1_sid=None, dir_grpacct1_priv=None, dir_grpacct2_name=None, dir_grpacct2_sid=None, dir_grpacct2_priv=None, dir_grpacct3_name=None, dir_grpacct3_sid=None, dir_grpacct3_priv=None, dir_grpacct4_name=None, dir_grpacct4_sid=None, dir_grpacct4_priv=None, dir_grpacct5_name=None, dir_grpacct5_sid=None, dir_grpacct5_priv=None, dir_grpacct6_name=None, dir_grpacct6_sid=None, dir_grpacct6_priv=None)

Modify iLO directory configuration, only values that are specified will be changed.

start_dir_test(dir_admin_distinguished_name, dir_admin_password, test_user_name, test_user_password)

Test directory authentication with the specified credentials

get_dir_test_results()

Get the results of the authentication directory test

>>> ilo.get_dir_test_results()
{'bind_to_directory_server': {'description': 'LDAP Server Error (2) Server Error Message: unsupported or invalid version',
                              'status': 'Failed'},
 'connect_to_directory_server': {'description': '', 'status': 'Success'},
 'connect_using_ssl': {'description': 'Certificate subject Mismatch, verify OK, error code 20 (unable to get local issuer certificate),  Subject /CN="ldap-server" Issued By /CN="provisioning',
                       'status': 'Warning'},
 'directory_administrator_login': {'description': 'LDAP Server Error (2) Server Error Message: unsupported or invalid version',
                                   'status': 'Failed'},
 'directory_server_dns_name': {'description': 'Directory Server address ldap.example.com resolved to:  10.1.2.3',
                               'status': 'Success'},
 'directory_user_contexts': {'description': 'LDAP Server Error (2) Server Error Message: unsupported or invalid version',
                             'status': 'Failed'},
 'lom_object_exists': {'description': 'LDAP Server Error (2) Server Error Message: unsupported or invalid version',
                       'status': 'Failed'},
 'ping_directory_server': {'description': 'Response received from:  10.1.2.3',
                           'status': 'Success'},
 'user_authentication': {'description': 'Unable to authenticate test user foo  [Invalid credentials]',
                         'status': 'Failed'},
 'user_authorization': {'description': 'LDAP Server Error (2) Server Error Message: unsupported or invalid version',
                        'status': 'Failed'}}
abort_dir_test()

Abort authentication directory test

get_sso_settings()

Get the HP SIM Single Sign-On settings

>>> ilo.get_sso_settings()
{'administrator_role': {'admin_priv': True,
                        'cfg_ilo_priv': True,
                        'login_priv': True,
                        'remote_cons_priv': True,
                        'reset_server_priv': True,
                        'virtual_media_priv': True},
 'operator_role': {'admin_priv': False,
                   'cfg_ilo_priv': False,
                   'login_priv': True,
                   'remote_cons_priv': True,
                   'reset_server_priv': True,
                   'virtual_media_priv': True},
 'trust_mode': 'DISABLED',
 'user_role': {'admin_priv': False,
               'cfg_ilo_priv': False,
               'login_priv': True,
               'remote_cons_priv': False,
               'reset_server_priv': False,
               'virtual_media_priv': False}}
mod_sso_settings(trust_mode=None, user_remote_cons_priv=None, user_reset_server_priv=None, user_virtual_media_priv=None, user_config_ilo_priv=None, user_admin_priv=None, operator_login_priv=None, operator_remote_cons_priv=None, operator_reset_server_priv=None, operator_virtual_media_priv=None, operator_config_ilo_priv=None, operator_admin_priv=None, administrator_login_priv=None, administrator_remote_cons_priv=None, administrator_reset_server_priv=None, administrator_virtual_media_priv=None, administrator_config_ilo_priv=None, administrator_admin_priv=None)
add_sso_server(server=None, import_from=None, certificate=None)

Add an SSO server by name (only if SSO trust level is lowered) or by importing a certificate from a server or directly

delete_sso_server(index)

Delete an SSO server by index

get_twofactor_settings()

Get two-factor authentication settings

>>> ilo.get_twofactor_settings()
{'auth_twofactor_enable': False,
 'cert_owner_subject': None,
 'cert_revocation_check': False}
mod_twofactor_settings(auth_twofactor_enable=None, cert_revocation_check=None, cert_owner_san=None, cert_owner_subject=None)

Modify the twofactor authenticatino settings