Adding an ldap synchronization policy – H3C Technologies H3C Intelligent Management Center User Manual

Page 381

Advertising
background image

363

{

User Password—Local user passwords in UAM, which can be manually configured, or

synchronized from a certain attribute on the LDAP server. If the parameter is manually configured,
the field displays a series of asterisks (****). If the parameter is synchronized from the LDAP

server, the field displays the attribute description. For more information, see "

Supplementary

information for LDAP user passwords stored in UAM

."

{

Service Type—Login method of the device management user. Valid methods include Telnet, FTP,
SSH, and Terminal.

{

EXEC Priority—Level of the command execution privilege assigned to the device management

user. The value ranges from 0 to 15. A greater value represents a higher privilege for executing
more commands. If the field is empty, the user uses the default level specified on the device.

Bound User IP List area
The list contains one or more IPv4 address ranges permitted for logins. A device management user
can log in to a device only when the IP address of the user is in the list.
IP Address List of Managed Devices area
The list contains one or more IPv4 address ranges of managed devices. Device management users
can only log in to the devices specified in the list.

Adding an LDAP synchronization policy

The procedure of configuring an LDAP synchronization policy for an LDAP server differs with
synchronization type, service sync type, and the way you assign services to the LDAP users. The following

information describes them separately.

Adding a policy when the Service Sync Type is Manual Assignment

To add a policy for an LDAP server when its Service Sync Type is Manual Assignment:

1.

Access the LDAP synchronization policy list page.

2.

Click Add.

3.

Configure basic policy information:

{

Policy Name—Enter a unique policy name.

{

Server Name—Select the LDAP server to which you want to assign the policy. Available options
are all the LDAP servers that have been configured in UAM.

{

Service Group—Displays the service group that the LDAP synchronization policy belongs to. The
system automatically populates this field with the same service group as the LDAP server.

{

Synchronization Priority—Enter the priority of the LDAP synchronization policy. Synchronization
policies with higher priority values are executed first in a scheduled synchronization task.

{

Base DN—Displays the absolute path of the directory that stores user data in the LDAP server.

The system automatically populates this field with the base DN specified for the LDAP server.

{

Sub-Base DN—Enter the absolute path of the subdirectory that stores user data in the LDAP
server. Make sure that it is in the base DN directory or is the same as the base DN directory.

UAM synchronizes the user data under sub-base DN rather than base DN. The DNs of attributes

vary with LDAP servers. To get the correct sub-base DN path, use tools such as Softerra LDAP

Administrator.

{

Filter Condition—Enter a filter to match user data you want to synchronize to UAM. The default

filter condition is (&(objectclass=user)(sAMAccountName=*)(accountExpires>=now)). The most
basic filter takes the format (attribute=value), where you can use the wildcard asterisk (*) in

Advertising
Popular Brands
Popular manuals