H3C Technologies H3C Intelligent Management Center User Manual
Page 412
394
{
Expiration Time—Click the Calendar icon to select an expiration time, or type a time in the
field in the format of YYYY-MM-DD hh:mm. The LDAP user becomes invalid since the expiration
time. An empty field indicates that the LDAP user never expires.
{
Max. Idle Time—Enter the maximum idle time allowed for the LDAP user. The LDAP user is forced
to log off when the idle time expires. An empty field indicates that the LDAP user can always stay
online.
{
Max. Concurrent Logins—Enter the maximum number of concurrent logins allowed for the LDAP
user. An empty field indicates that the maximum number of concurrent logins with the same user
account is not restricted.
{
Smart Device Bindings for Portal—Select from the list the maximum number of device MAC
addresses that can be bound to the account. Or select Not Supported to disable transparent
portal authentication for the LDAP user account.
{
Login Message—Enter the message delivered to the LDAP user when the user passes
authentication.
Other parameters cannot be modified.
Modify access service
If Apply for Service by User Group is disabled, UAM displays this field to allow manual service
assignment for LDAP users. If Apply for Service by User Group is enabled, UAM hides this field and
automatically applies for services for LDAP users according to their user groups. For more
information about configuring the Apply for Service by User Group option, see "
."
The access service list displays all services available for the users. You may select multiple services
with different suffixes. To select a service, click the box next to it.
{
Service Name—Unique name of the service in UAM.
{
Service Suffix—Distinguishes services when endpoint users perform authentication. The
username and service suffix entered by the endpoint user is closely related to the authentication
domain. For more information, see
{
Status—Identifies whether the service is available. The access service list displays all services
available for the users, including those with their status changed to Unavailable by network
administrators.
{
Allocate IP—Enter the IP address that the access service allocates to the user. An empty field
indicates that the access service does not allocate any IP address.
Modify access device binding information
Set the values for access device binding parameters. The binding parameters in this area take
effect only when they are selected in the Authentication Binding Information area of the selected
services. For example, the Device IP parameter is effective to the services only with the Bind Access
Device IP option selected.
If you select a binding option for a service but do not specify any value for the parameter in the
access device binding information, UAM automatically learns the binding information for the
service when the user first passes authentication.
To pass authentication, the LDAP user must meet all requirements of the access device bindings
and terminal bindings.
{
Device SN—Enter the sequence number of the access device bound to the LDAP user. An LDAP
user can pass authentication only when the sequence number of the access device matches this
parameter value.