H3C Technologies H3C Intelligent Management Center User Manual

581

{

Self-Service Port—Set the self-service port number. This parameter is mainly used in iNode client

upgrade. The value must be consistent with that of the imc.http.port parameter in the self-service
configuration file client\conf\http.properties in the IMC installation path, and changes along

with the self-service configuration file. If you change the self-configuration file, restart the jserver

process in Intelligent Deployment Monitoring Agent to make the new settings effective.

7.

Configure LDAP server parameters:

{

Delete Nonexistent LDAP Users in Synchronization—Select Enable to delete users that have
been deleted from the LDAP server during synchronization. Select Disable to keep the users that

have been deleted from the LDAP server.

{

LDAP User Move Between Servers—Select Enable from the list to allow synchronized LDAP users
to move between LDAP servers. Select Disable from the list to disable the function.

Enable the function for an enterprise network to move employee data to a new LDAP server due
to job reallocation or similar reasons. UAM moves an existing LDAP user to the LDAP server

during a synchronization only when one of the following conditions is met:

−

The LDAP server no longer includes the DN specified by the policy of the last
synchronization.

−

On the LDAP server, the user has been moved to the DN specified by the policy for the
current synchronization.

−

The policy for the current synchronization has the same priority as or a higher priority than
the policy for the last synchronization.

{

LDAP Paging—Select this option to break the LDAP user query results into pages and specify the
maximum number of LDAP users a page can display. If the LDAP server does not support paged

results, do not select this option.

{

LDAP On-Demand Authentication Mode—Select Local Backup or Real-Time Authentication from
the list, and UAM will synchronize LDAP users to the temporary table at the interval that is

specified in the LDAP Synchronization Time field.

−

Local Backup—UAM forwards authentication requests only for LDAP users that exist in a
temporary table. When a user passes authentication, UAM creates an LDAP user account
for the user. This mode applies to scenarios where multiple on-demand synchronization

policies are used.

−

Real-Time Authentication—UAM forwards authentication requests for all LDAP users,
regardless of whether or not they exist in the temporary table. When a user passes

authentication, UAM creates an LDAP user account for the user. Although this mode is

resource-consuming, it enables UAM to authenticate new users in real time when they are
added to the LDAP server. This mode applies to scenarios that have only a few on-demand

synchronization policies but with high real-time requirements. To use this mode, make sure

both the user group and service synchronization parameters are manually specified for the

LDAP server.

{

LDAP Synchronization Time—Specify the interval and time point to synchronize or back up LDAP

users to UAM. For example, if 3 days 9:00 is set in this field, UAM executes synchronization at
9:00 every 3 days.

−

Sync—UAM synchronizes complete information about LDAP users to UAM and implement
regular authentication on the synchronized users. The user data appears in the access user

list.

−

Backup—UAM backs up partial information about LDAP users (mainly usernames and DNs)
to a temporary table. UAM implements on-demand authentication on the backed up users.

The user data does not appear in the access user list.