Directory domain
The Directory domain control allows you to specify which domain or directory to use when searching for the user in an enterprise directory. The domain name must match the Base DN of at least one of the directories added to HPE OneView. The options include:
- Subject
- Subject Alternative Name
- Issuer
- Manually specify
- Example:
An Active Directory domain with a name
corp.example.comhas a Base DN ofDC=corp, DC=example, DC=com, whereDCis a domain component that is used to represent the constituent parts of the directory’s domain name.- Data type:
Uppercase and lowercase alphanumeric characters and special characters.
After you select which certificate field HPE OneView must use to extract the domain name, the name is extracted from the DC attributes specified therein. The
DC=(.*) configuration extracts the first domain component from the field. The administrator can only specify DC=(.*) here.
If you select , you can enter a specific domain using dot notation, or an alternate certificate location from which to retrieve domain information to use when querying the directory. You can specify multiple entries or domains in the configuration using ",". Additionally, you can specify the subject, subject alternative name and Issuer DC attributes to support multiple card configuration.
Examples: Selection values for the 'Manually specify' control
In the fields of a certificate, the domain components are usually represented by multiple "DC=" entries. A domain BaseDN, like abc.example.com, is represented by the three entries "DC=abc", "DC=example", and "DC=com".
Use "example.com" as the domain to use when searching for users in an enterprise directory:
example.com
Configure HPE OneView to look in multiple certificate locations for domain information. HPE OneView tries each item in order until it finds a successful user entry in the enterprise directory.
Subject.DC=(.*),Issuer.DC=(.*),SubjectAlternativeName.DirName.DC=(.*),groupA.example.com,groupB.example.com