H3C Technologies H3C Intelligent Management Center User Manual
Page 383
365
database and LDAP server but do not have access accounts in UAM. If this option is not selected,
UAM does not add access accounts for such users.
{
Sync Options-Synchronize Users in Current Node Only—Select this option to have UAM
synchronize users under the specified sub-base DN, but not synchronize users in any OU under
the sub-base DN. If this option is not selected, UAM synchronizes all users in the sub-base DN,
including users in the OUs in the sub-base DN.
{
Sync Options-Inherit Parent Group's Service—This option appears only when the selected LDAP
server uses the following settings:
−
Manual Assignment is selected for the Service Sync Type field.
−
The Apply for Service by User Group option is enabled.
−
Synchronize by OU is selected for the User Group field.
For more information about the LDAP server configuration, see "
."
With the Inherit Parent Group's Service option enabled (Yes), UAM applies for the services of
the parent user group for the LDAP users who belong to a group of no service.
−
If the parent user group has no service, UAM uses the services of the parent user group of
that parent group, and so forth until the upper-most user group.
−
If none of these parent user groups have services, UAM does not apply for any service for
the users. When the Inherit Parent Group's Service option is disabled (No), UAM applies
for the same services for each LDAP user as those assigned to the user group to which the
LDAP user belongs.
−
If a user belongs to a user group of no service, UAM does not apply for any service for the
user.
4.
Click Next to enter the page for configuring access user parameters.
5.
Configure access user parameter associations with the attributes on the LDAP server.
Configure basic information
{
User Name—Select the username attribute description used on the LDAP server from the list.
UAM uses the value of the attribute as the username of the LDAP user account when executing
the synchronization policy.
{
Identity Number—Select the identity attribute description used on the LDAP server from the list.
UAM uses the value of the attribute as the LDAP user identity when executing the synchronization
policy.
{
Contact Address—Select the contact address attribute description used on the LDAP server from
the list, or select Do Not Sync. If you select an attribute, UAM uses the value of the attribute as the
user contact address when executing the synchronization policy. If you select Do Not Sync, user
contact addresses are not synchronized from the LDAP server.
{
Telephone—Select the telephone attribute description used on the LDAP server from the list, or
select Do Not Sync. If you select an attribute, UAM uses the value of the attribute as the user
telephone number when executing the synchronization policy. If you select Do Not Sync, user
telephone numbers are not synchronized from the LDAP server.
{
Email—Select the email attribute description used on the LDAP server from the list, or select Do
Not Sync. If you select an attribute, UAM uses the value of the attribute as the user email account
when executing the synchronization policy. If you select Do Not Sync, user email accounts are
not synchronized from the LDAP server.
{
User Group—This option appears only when Manual Specify is selected for the User Group field
for the LDAP server specified in the synchronization policy. Click the Select User Group icon .
The Select User Group window appears. Select an existing user group and click OK. All the