H3C Technologies H3C Intelligent Management Center User Manual
Page 401
383
{
User SSID—Select an attribute from the list to represent the wireless SSID, or select Do Not Sync.
If you select an attribute, UAM uses the value of the attribute as the SSID when executing the
synchronization policy. If you select Do Not Sync, enter a SSID in the text box next to the list.
{
Device SN—Select an attribute from the list to represent the device sequence number, or select
Do Not Sync. If you select an attribute, UAM uses the value of the attribute as the device
sequence number when executing the synchronization policy. If you select Do Not Sync, enter a
device sequence number in the text box next to the list.
7.
Click Finish.
Modifying a policy with the Sync Object set to Device Users
To modify a policy with the synchronization object set to Device Users:
1.
Access the LDAP synchronization policy list page.
2.
Click the Modify icon for the synchronization policy you want to modify.
The page for modifying synchronization policy appears.
3.
Modify basic policy information.
{
Service Group—Displays the service group that the LDAP synchronization policy belongs to. The
system automatically populates this field with the same service group as the LDAP server.
{
Synchronization Priority—Modify the priority of the LDAP synchronization policy.
Synchronization policies with higher priority values are executed first in a scheduled
synchronization task.
{
Base DN—Displays the absolute path of the directory that stores user data in the LDAP server.
The system automatically populates this field with the base DN specified for the LDAP server.
{
Sub-Base DN—Enter the absolute path of the subdirectory that stores user data in the LDAP
server Make sure that it is in the base DN directory or will be the same as the base DN directory.
UAM synchronizes the user data under sub-base DN rather than base DN. The DNs of attributes
vary with LDAP servers. To get the correct sub-base DN path, use tools such as Softerra LDAP
Administrator.
{
Filter Condition—Enter a filter to match user data you want to synchronize to UAM. The default
filter is (&(objectclass=*)(cn=*)), which matches entries that have any objectclass attribute value
and any cn attribute value. For more information, see "
Viewing policy information whose Sync
."
{
State—Select Valid or Invalid from the list to enable or disable the policy. Disabling the policy
does not affect users that have been synchronized to UAM. They can continue to use the
authentication service and self-service.
{
Sync Options-Auto synchronization—Select this option to execute the policy every day to
synchronize all matching users to UAM. The execution time depends on the system settings for
scheduled daily tasks. For more information, see "
32 Configuring global system settings
{
Sync Options-Create Device User—Select this option to have UAM synchronize from the LDAP
server users that do not exist in UAM, and add these users to UAM database as device
management users. If you do not select this option, users in LDAP server that do not exist in UAM
are not synchronized. To avoid synchronization errors, see "
Configure basic policy information
{
Sync Options-Synchronize Users in Current Node Only—Select this option to have UAM
synchronize users under the specified sub-base DN, but not synchronize users in any OU under
the sub-base DN. If this option is not selected, UAM synchronizes all users in the sub-base DN,
including users in the OUs in the sub-base DN.
Other parameters cannot be modified.