Batch ldap user operations, Supplementary information for ldap, User passwords stored in uam – H3C Technologies H3C Intelligent Management Center User Manual

399

{

Attribute Name—Displays all the attributes that can be exported. Select the attributes to be

exported.

{

Sample—Sample values for the corresponding attribute.

{

Separator—Exported user data is stored in columns in the text file. Each column corresponds to

an attribute. Select the separator between columns. Available options include space, tab,
comma (,), colon (:), pound (#) and dollar ($).

{

Export Column Header—Specifies whether to export the attribute names as the column titles in
the text file. If you do not select this option, the text file has no column titles.

10.

Click Export.
When the export process is complete, UAM displays the export result, containing name and
location of the file that saves the exported user data.

11.

Click Download the Export File to display the exported user data.

12.

Click Back to return to User Attribute Query page.

Batch LDAP User Operations

Batch operations for LDAP users are identical to those for common access users. For more information,

see "

Batch operations

."

Supplementary information for LDAP user passwords stored in
UAM

Operators can synchronize user data from LDAP server to UAM as access users or device management
users. Such users have two passwords in UAM: an LDAP user password and a local user password.

•

LDAP user password—During synchronization, UAM reads the values of the Password Attribute
from the LDAP server as the LDAP user passwords. If the value cannot be read, the LDAP user

password field stays empty. The Password Attribute is configured when adding/modifying LDAP

servers.

•

Local user password—When configuring a synchronization policy, if you select to have the values
of User Password synchronized from a certain attribute on the LDAP server, UAM reads the values
of this attribute as the local user passwords. If you select Do Not Sync for the User Password field

and have manually configured a password, UAM uses this password as the local password for the

user.

When an access user or device management user bound with a synchronization policy initiates an

authentication request, UAM checks the password provided by the endpoint user against the LDAP user
password. If the field for LDAP user password is empty, UAM forwards the password to LDAP server,

where the password is checked against the value of the associated Password Attribute.
When an access user or device management user that is unbound from its LDAP server initiates an

authentication request, UAM checks the password provided by the endpoint user against the local user
password.