H3C Technologies H3C Intelligent Management Center User Manual
Page 394
376
User Group field. For more information about the LDAP server configuration, see "
." With the Inherit Parent Group's Service option enabled, UAM applies for the
services of the parent user group for the LDAP users who belong to a group of no service. If the
parent user group has no service, UAM uses the services of the parent user group of that parent
group, and so forth until the upper-most user group. If none of these parent user groups have
services, UAM does not apply for any service for the users. When the Inherit Parent Group's
Service option is disabled, UAM applies for the same services for each LDAP user as those
assigned to the user group to which the LDAP user belongs. If a user belongs to a user group of
no service, UAM does not apply for any service for the user.
Other parameters cannot be modified.
4.
Click Next to enter the Access User Configuration page.
5.
Modify the access user parameter associations with the attributes on the LDAP server.
Modify basic information
{
User Name—Select the username attribute description used on the LDAP server from the list.
UAM uses the value of the attribute as the username of the LDAP user account when executing
the synchronization policy.
{
Identity Number—Select the identity attribute description used on the LDAP server from the list.
UAM uses the value of the attribute as the LDAP user identity when executing the synchronization
policy.
{
Contact Address—Select the contact address attribute description used on the LDAP server from
the list, or select Do Not Sync. If you select an attribute, UAM uses the value of the attribute as the
user contact address when executing the synchronization policy. If you select Do Not Sync, user
contact addresses are not synchronized from the LDAP server.
{
Telephone—Select the telephone attribute description used on the LDAP server from the list, or
select Do Not Sync. If you select an attribute, UAM uses the value of the attribute as the user
telephone number when executing the synchronization policy. If you select Do Not Sync, user
telephone numbers are not synchronized from the LDAP server.
{
Email—Select the email attribute description used on the LDAP server from the list, or select Do
Not Sync. If you select an attribute, UAM uses the value of the attribute as the user email account
when executing the synchronization policy. If you select Do Not Sync, user email accounts are
not synchronized from the LDAP server.
{
User Group—This option appears only when Manual Specify is selected for the User Group field
for the LDAP server specified in the synchronization policy. Click the Select User Group icon .
The Select User Group window appears. Select an existing user group and click OK. All users
synchronized from the LDAP server to UAM under this policy are assigned to the selected user
group.
Modify additional information
This area appears only when the additional user information is configured on the IMC platform.
Select an attribute from the list to represent the user additional information entry, or select Do Not
Sync. If you select an attribute, UAM uses the value of the attribute to populate the user additional
information field when executing the synchronization policy. If you select Do Not Sync, enter or
select a setting for the user additional information field based on pre-defined rules.
Modify access information
{
Account Name—The system automatically populates this field with the account name attribute
description configured when adding the LDAP server, which cannot be modified.
{
Expiration Time—Select an attribute to represent the expiration time of the LDAP user account or
select Do Not Sync. If you select an attribute, UAM uses the value of the attribute as the account