Owner is set to SAN, RILOE II obtains the directory user's login name from the UPN attribute of the SAN. If the Certificate Owner setting is set to Subject, RILOE II obtains the directory user's distinguished name from the subject of the certificate.
Which one of these settings to choose depends on which directory integration method is used, how the directory architecture is designed, and what information is contained in user certificates that are issued. The following examples assume you have the appropriate permissions.
Authentication using Default Directory Schema, part 1: The distinguished name for a user in the directory is CN=John Doe,OU=IT,DC=MyCompany,DC=com, and the following are the attributes of John Doe's certificate:
•Subject: DC=com/DC=MyCompany/OU=IT/CN=John Doe
•SAN/UPN: john.doe@MyCompany.com
Authenticating to RILOE II with username:john.doe@MyCompany.com and password, will work if two- factor authentication is not enforced. After
Authentication using Default Directory Schema, part 2: The distinguished name for a user in the directory is CN=john.doe@MyCompany.com,OU=IT,DC=MyCompany,DC=com, and the following are the attributes of John Doe's certificate:
•Subject: DC=com/DC=MyCompany/OU=Employees/CN=John Doe/E=john.doe@MyCompany.com
•SAN/UPN: john.doe@MyCompany.com
•Search context on the Directory Settings page is set to: OU=IT,DC=MyCompany,DC=com
In this example, if SAN is selected on the
NOTE: Selecting Subject on the
When using the HP Extended schema method, HP recommends selecting the SAN option on the Two- factor Authentication Settings page.
Introduction to certificate services
Certificate Services are used to issue signed digital certificates to network hosts. The certificates are used to establish SSL connections with the host and verify the authenticity of the host.
Installing Certificate Services allows Active Directory to receive a certificate that allows
RILOE II security 66