H3C Technologies H3C Intelligent Management Center User Manual
Page 370
352
For the compatibility matrix of Server Type, Service Sync Type, and Real Time AuthN settings,
see
{
Reconnect Interval—Select the time that UAM must wait before retrying to connect to the LDAP
server after a connection failure.
If you select Do Not Connect Auto, you disable UAM automatically retrying to connect to the
LDAP server after a connection failure.
{
Connection Wait Time—Enter the maximum duration of each connection attempt. If UAM fails to
connect to the LDAP server within this period, the connection attempt is considered failed.
{
Sync Wait Time—Set the maximum duration of each synchronization process. The sync wait
timer starts when UAM starts synchronizing user data from the LDAP server. When this timer
expires, UAM stops the synchronization, regardless of whether the synchronization is complete
or not.
If you do not want to set a time limit, set the timer to 0.
{
User Group—Select Manual Specify or Synchronize by OU from the list.
−
Manual Specify—All LDAP users are synchronized to the user group that is specified in the
synchronization policy assigned to the LDAP server.
−
Synchronize by OU—UAM builds user groups based on the OU structure in the base DN of
the LDAP server, and synchronizes LDAP users to their respective user groups.
{
Parent Group—This option appears only when Synchronize by OU is selected for the User
Group field.
Click the Select User Group icon to select a group on the popup Select User Group window.
The selected user group will become the root parent user group of all user groups synchronized
from the LDAP server to UAM.
If you leave this field empty, UAM uses the topmost level of the OU hierarchy on the LDAP
server as the root user group.
You cannot select Ungrouped as the parent group. Otherwise, UAM displays an error
message upon completion of adding the LDAP server.
UAM supports a user group hierarchy of at most five levels, and does not synchronize LDAP
OUs that correspond to level 6 or lower level user groups. For example, if you select a level 2
user group as the parent group, UAM can further synchronize at most three levels of OUs from
the LDAP server and ignores level 4 or lower level OUs.
{
Service Group—Select a service group for the LDAP server from the list. Available options
include all service groups that have been created in UAM and Ungrouped.
{
Use SSL—Select the option to use SSL to encrypt the packets exchanged between UAM and the
LDAP server. When this option is selected, you must import associated certificates to UAM. For
more information, see "
4.
Configure server information.
UAM uses the Administrator DN and password to authenticate to the LDAP server, navigates to the
user data directory according to the base DN, and gets the values in the username and password
attributes, and adds the username and password pairs to its user database.
The base DN, administrator DN, username, and password attribute descriptions vary with LDAP
servers. You can use tools such as Softerra LDAP Administrator to get their attribute descriptions on
the server you are working with.
{
Base DN—Enter the absolute path of the directory that stores user data in the LDAP server.
{
Admin DN—Enter the absolute path that locates the administrator on the LDAP server.