Exporting ldap users – H3C Technologies H3C Intelligent Management Center User Manual
Page 416
398
The list includes all access users. Account names with the Bind User icon are LDAP users.
3.
Select the service to be cancelled from the Service Name list in the query area.
4.
Select one or more LDAP users.
5.
Click Cancel Service.
A confirmation dialog box appears.
6.
Click OK.
Exporting LDAP users
In some cases, an LDAP synchronization policy may fail to synchronize users as precisely as required.
This causes synchronization of redundant user information, and wastes user licenses.
To address this problem, you can use the following method, which allows you to filter the users to be
synchronized:
1.
Use the user export function to export user data on the LDAP server to a text file.
2.
Edit the text file to remove the unnecessary user information.
3.
Use the batch user import function to import the text file to UAM. For more information, see
"
."
4.
Create a synchronization policy, and clear the Synchronize New Users and Accounts and
Synchronize New Accounts of Existing Users options in the policy.
For more information, see "
Adding an LDAP synchronization policy
."
5.
Bind the imported users with the synchronization policy created in the previous step.
For more information, see "
Binding common users with LDAP synchronization policies
The above operations allow you to synchronize only the filtered users when executing a synchronization
policy.
To export LDAP users:
6.
Click the User tab.
7.
Select User Access Policy > LDAP Service > User Export from the navigation tree.
The page for querying user attribute appears.
8.
Configure the user attribute query criteria, including:
{
LDAP Server—Select an LDAP server from the list. Available options include any LDAP servers
configured in UAM.
{
Base DN—Displays the absolute path of the directory that stores user data in the LDAP server.
{
Sub-Base DN—Enter the absolute path of the subdirectory that stores user data in the LDAP
server and make sure that it is in the base DN directory or be the same as the base DN directory.
UAM synchronizes the user data under sub-base DN rather than base DN.
The DNs of attributes vary with LDAP servers. To get the correct sub-base DN path, use tools
such as Softerra LDAP Administrator.
{
Filter Condition—Enter a filter to match user data you want to synchronize to UAM. The default
filter is (&(objectclass=*)(cn=*)), which matches entries that have any objectclass attribute value
and any cn attribute value. For information about defining a filter, see "
the Service Sync Type is Manual Assignment
9.
Click Query to pop up the window for selecting user attributes, including: