H3C Technologies H3C Intelligent Management Center User Manual
Page 391
373
value pattern to match any character or character string. For example, the filter (cn=He*)
matches any entry that has a cn attribute value that starts with He.
You can use an advanced filter in the format (operator(attribute1=value)(attribute2=value)) or
(operator(attribute1=value)(operator(attribute2=value))). The operator can be AND (&), OR
(|), or NOT (!). For example, the filter (&(objectclass=a*)(!(cn=b*))) enables UAM to
synchronize any entry that has an objectclass attribute value starting with a but a cn attribute
value not starting with b. The default filter is (&(objectclass=*)(cn=*)), which matches entries that
have any objectclass attribute value and any cn attribute value.
{
State—Select Valid or Invalid from the list to enable or disable the policy. Disabling the policy
does not affect users that have been synchronized to UAM. They can continue to use the
authentication service and self-service.
{
Sync Object—Select Access Users or Device Users from the list. Select Access Users to
synchronize users from the LDAP server to UAM as access users. Select Device Users to
synchronize users from the LDAP server to UAM as device management users. In this example,
the Access Users option is selected. To avoid synchronization errors, see "
{
Sync Options-Auto synchronization—Select this option to execute the policy every day to
synchronize all matching users to UAM. The execution time depends on the system settings for
scheduled daily tasks. For more information, see "
32 Configuring global system settings
{
Sync Options-Create Device User—Select this option to have UAM synchronize from the LDAP
server users that do not exist in UAM, and add these users to UAM database as device
management users. If you do not select this option, users in LDAP server that do not exist in UAM
are not synchronized.
{
Sync Options-Synchronize Users in Current Node Only—Select this option to have UAM
synchronize users under the specified sub-base DN, but not synchronize users in any OU under
the sub-base DN. If this option is not selected, UAM synchronizes all users in the sub-base DN,
including users in the OUs in the sub-base DN. This function is not available if you select an
AD-group based LDAP server in the Server Name field.
4.
Click Next to enter the page for configuring device management user information.
5.
Configure the device management user parameter associations with the attributes on the LDAP
server.
Configure basic information of the device management user
{
User Name Attribute—Displays the user name attribute that is configured when
adding/modifying an LDAP server, which cannot be modified.
{
Password Attribute—Displays the password attribute that is configured when
adding/modifying an LDAP server, which cannot be modified. Each user password in UAM
corresponds to a user password in the LDAP server. For more information, see "
information for LDAP user passwords stored in UAM
."
{
User Password—Select an attribute from the list to represent the local user password, or select
Do Not Sync. If you select an attribute, UAM uses the value of the attribute as the local user
password when executing the synchronization policy. If you select Do Not Sync, enter a local
user password in the text box next to the list. For more information about user passwords, see
Supplementary information for LDAP user passwords stored in UAM
{
User Password/Confirm Password—If you select Do Not Sync for the User Password field, enter
the same password twice in both fields to set it as the local user password.
{
Service Type—Select a login method for the device management users from the list. Options
include Telnet, FTP, SSH, and Terminal.