H3C Technologies H3C Intelligent Management Center User Manual

379

database. If this option is not selected, UAM does not synchronize users that are not in the IMC

platform. This option is mutually exclusive with the Synchronize Users as Needed option.

{

Sync Options-Synchronize New Accounts of Existing Users—Select this option to have UAM
add associated access user accounts in UAM for users that exist both in the IMC platform's user

database and LDAP server, but do not have access accounts in UAM. If this option is not selected,

UAM does not add access accounts for such users.

Other parameters cannot be modified.

4.

Click Next to enter the Access User Configuration page.

5.

Reassign services to AD groups:
AD groups are organized in a tree hierarchy, see

Figure 101

. Users may use the services assigned

to a specific AD group in the chain of AD groups on top of them, depending on your configuration.
Service assignment page includes two areas: Basic Information and Group & Service
Configuration List.
Basic Info

{

Default Service—Select a default service for the LDAP users. This service is assigned to an LDAP
user if no service has been assigned to any AD group available for the user.

{

Service Query Level—Select the number of AD group layers to be searched for services for the
LDAP users. Options include 1 to 5. The AD group that has the users is Layer 1.

UAM starts the search from Layer 1 AD group and moves up until services are found in an AD
group or the specified top layer is reached.
If no service is assigned to any of these AD groups, the default service is assigned to the users.

The rules that UAM uses to assign services to LDAP users are described later in this topic.

AD Group & Service Configurations
The configuration list displays the service assignment for the AD groups and the AD group priority.
To assign a service to an AD group:

a.

Click Add in the AD Group&Service Configurations area.

b.

Enter the group name in the LDAP group query field. UAM supports fuzzy matching for this
field. For example, if you enter a, all the AD group names that contain a are queried. If the field

is empty, all available groups are queried.

c.

Click Query.
All the AD groups matching the query criterion are displayed in the AD Group & Service
Configurations area.

d.

Select one or more group names, and click OK.
All the selected AD groups are displayed in the AD Group & Service Configurations area. The

AD Group Distinguished Name column displays the AD group and its absolute path in the
active directory. The Service Configuration column provides a Service Configuration icon .

Click the icon to view the available services list.
To delete AD groups, select the boxes next to their group names, and click Delete. In the
confirmation dialog box that appears, click OK.

e.

Select services for each AD group.
Click the Service Configuration icon for an AD group. The Services List window appears.
Select one or more services and click OK. The selected services are associated with the AD

group.

f.

Adjust the priorities for the AD groups.