HP Xw460c HP Integrated Lights-Out 2 User Guide for Firmware 1.75 and 1.77 - Page 51
Directory settings, Subject: DC=com/DC=MyCompany/OU=Employees/CN=John
View all HP Xw460c manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 51 highlights
with CN=John Doe,OU=IT,DC=MyCompany,DC=com, which is the user's actual distinguished name. If the correct password is entered, the user is authenticated. Authentication using Default Directory Schema, part 2: The distinguished name for a user in the directory is [email protected],OU=IT,DC=MyCompany,DC=com, and the following are the attributes of John Doe's certificate: • Subject: DC=com/DC=MyCompany/OU=Employees/CN=John Doe/[email protected] • SAN/UPN: [email protected] • Search context on the Directory Settings page is set to: OU=IT,DC=MyCompany,DC=com In this example, if SAN is selected on the Two-Factor Authentication Settings page, the Directory User field on the login page is populated with [email protected]. After the correct password is entered, the user is authenticated. The user is authenticated even though [email protected] is not the distinguished name for the user. The user is authenticated because iLO 2 attempts to authenticate using the search context fields ([email protected], OU=IT, DC=MyCompany, DC=com) configured on the Directory Settings page. Because this is the correct distinguished name for the user, iLO 2 successfully finds the user in the directory. NOTE: Selecting Subject on the Two-Factor Authentication Settings page causes authentication to fail, because the subject of the certificate is not the distinguished name for the user in the directory. When authenticating using the HP Extended Schema method, HP recommends selecting the SAN option on the Two-factor Authentication Settings page. Directory settings iLO 2 connects to Microsoft® Active Directory, Novell e-Directory, and other LDAP 3.0-compliant directory services for user authentication and authorization. You can configure iLO 2 to authenticate and authorize users using the HP schema directory integration or the schema-free directory integration. iLO 2 only connects to directory services using SSL-secured connections to the directory server LDAP port. The default secure LDAP port is 636. Directory services support is a licensed feature available with the purchase of optional licenses. For more information, see "Licensing (on page 26)". For additional information about directories, see "Directory services (on page 134)." Locally-stored user accounts (found on the User Administration page) can be active while iLO 2 directory support is enabled. This support enables both local- and directory-based user directory-based user accesses. Typically, an administrator can delete local user accounts (except, possibly an emergency access account) after iLO 2 is successfully configured to access the directory service. You can also disable access to these accounts if directory support is enabled. Configuring iLO 2 51