Cancelling ldap users – H3C Technologies H3C Intelligent Management Center User Manual
Page 104
95
−
CLI Access Not Supported—The user can log in to the device but cannot execute any
command.
An empty field indicates that the user uses the authorization policy for the device user group to
which the user belongs.
{
Max. Online Users—Modify the maximum number of online users that an LDAP user is allowed
to have.
An empty field indicates that the maximum number of online users with the same user account
is not limited.
{
Expiration Date—Click the Calendar icon to select an expiration date, or enter a date in the
format YYYY-MM-DD. The LDAP user becomes invalid after the expiration date.
An empty field indicates that the LDAP user never expires.
{
Enable Privilege-Increase Password—Select this option to enable the privilege-increase
password function, and then specify the password. With this feature enabled, a user can
execute related command to increase the user privilege to the highest level after logging in to
the device. Make sure the command used for increasing user privilege is authorized to the
device user through command set authorization. For more information configuring command set
authorization, see "Command set."
The command used for increasing user privilege varies by device model. For more information,
see the configuration guide for the device.
{
Enable Password Strategy—This field indicates whether the password strategy is enabled for
the LDAP user. If it is enabled, the requirements of password strategy must be met when LDAP
users change a password. The password strategy does not take effect when TAM operators set
passwords for device users. For information about configuring the password strategy, see "12
Configuring global system settings."
5.
Click OK.
Cancelling LDAP users
TAM allows you to cancel LDAP users in bulk. An LDAP user cannot log in to any device after being
cancelled. You cannot cancel an online LDAP user.
TAM retains the information for a cancelled user for a specified time for audit. The lifetime of a cancelled
user is determined by the system parameter Cancelled User Lifetime. For information about system
parameters, see "12 Configuring global system settings."
Operators can view the list of cancelled users through advanced query: set the query criterion Status to
Cancelled, retain the default settings for other criteria, and then click Query. All cancelled users whose
lifetime has not exceeded the Cancelled User Lifetime are displayed. For more information about using
the advanced query function, see "
."
To delete an LDAP user:
1.
Click the User tab.
2.
On the navigation tree, select Device User > All Device Users.
The Device User list displays all device users. Account names with the icon are LDAP users.
3.
Select one or more LDAP users you want to cancel.
4.
In the Device User list area, click Batch Cancel.
5.
Click OK.