H3C Technologies H3C Intelligent Management Center User Manual
Page 367
349
{
Reconnect Interval—Time UAM waits before retrying to connect to the LDAP server after a
connection failure. During this interval, UAM does not try to connect to the LDAP server or accept
any authentication request that must be forwarded to the LDAP server. After the interval expires,
UAM retries to connect to the LDAP server.
{
Connection Wait Time—Time period within which if UAM fails to connect to the LDAP server, the
connection attempt is considered failed.
{
Sync Wait Time—Maximum duration of each synchronization. The sync wait timer starts when
UAM starts synchronizing user data from the LDAP server. When this timer expires, UAM stops
the synchronization, regardless of whether the synchronization is complete or not. If you do not
want to set a time limit, set the timer to 0.
{
User Group—User group to which the users synchronized from the LDAP server to UAM belong.
−
Manual Specify—All LDAP users are synchronized to the user group that is specified in the
synchronization policy assigned to the LDAP server.
−
Synchronize by OU—UAM builds user groups based on the OU structure in the base DN of
the LDAP server, and synchronizes LDAP users to their respective user groups.
{
Parent Group—Parent user group of the user group to which the users synchronized from the
LDAP server to UAM belong. If the field is empty, UAM creates the level 1 user group based on
the topmost level of the OU hierarchy on the LDAP server. This field appears only when the User
Group field displays Synchronize by OU.
{
Service Group—Service group that the LDAP server belongs to. Each service group represents a
set of assignable authorizations.
{
Connectivity—If UAM failed to connect to the LDAP server, this field displays Not Connected
within the reconnect interval. Otherwise, this field displays Connected.
{
Use SSL—If SSL runs between UAM and the LDAP server for encryption, this field displays Yes.
Otherwise, this field displays No. This parameter appears only when IMC is installed on the
Windows server.
Server Information area
{
Base DN—Absolute path of the directory that stores user data on the LDAP server.
{
Admin DN—Administrator on the LDAP server, displayed as the absolute path on the LDAP
server.
{
User Name Attribute—Attribute description used on the LDAP server for usernames.
{
Password Attribute—Attribute description used on the LDAP server for user passwords, which
also serve as LDAP user passwords in UAM. For more information, see "
information for LDAP user passwords stored in UAM
."
{
Account Format—Because the attributes on the LDAP server contain redundant information,
UAM might need to trim the account names obtained from the LDAP server.
Valid values for this parameter include:
−
Unchanged—Does not change the account names.
−
Remove Prefix—Removes the prefix of an account name.
−
Remove Suffix—Removes the suffix of an account name.
−
Add Prefix—Adds a prefix before an account name.
{
Delimiter—Case-sensitive string used to separate the trimmed characters from the remaining
characters. For example, if you select Remove Prefix and set the delimiter to an at sign (@) for
account [email protected], the remaining account name is test.com. If you select Remove Suffix
and set the delimiter to a dot (.) for the account, the remaining account name is Jack@test.