Exporting ldap users – H3C Technologies H3C Intelligent Management Center User Manual

Page 106

Advertising
background image

97

2.

On the navigation tree, select Device User > LDAP Users.
The All Bound User list displays all LDAP users. Account names with the icon are LDAP users.

3.

Click the account name of a blacklisted LDAP user.
The LDAP User Details page appears.

4.

In the Action menu, click Remove from Blacklist.
A confirmation dialog box appears.

5.

Click OK.

Exporting LDAP users

In some cases, an LDAP synchronization policy might fail to synchronize users precisely, which causes the
synchronization of redundant user information and a waste of user licenses. To address this issue, you

can use the following procedure:

1.

Use the user export function to export user data on the LDAP server to a text file.

2.

Edit the text file to remove the unnecessary user information.

3.

Use the batch user import function to import the user data in the text file to TAM. For more
information, see "

Importing device users

."

4.

Create a synchronization policy, and clear the Synchronize New Device Users option in the policy.
For more information about adding an LDAP synchronization policy, see "

Adding an LDAP

synchronization policy

."

5.

Bind the imported users with the synchronization policy created in the previous step. For more

information about binding a user with an LDAP synchronization policy, see "

Binding device users

with an LDAP synchronization policy

."

The preceding steps allow you to synchronize only the filtered users when you execute a
synchronization policy.

To export LDAP users:

1.

Click the User tab.

2.

On the navigation tree, select Device User Policy > LDAP Service > User Export .
The page for querying users appears.

3.

Enter or select one or more of the following query criteria:

{

LDAP Server—Select an existing LDAP server from the list.

{

Base DN—This field is automatically populated with the absolute path of the directory that
stores user data in the selected LDAP server.

{

Sub-Base DN—Enter the absolute path of the subdirectory that stores user data on the LDAP
server. Make sure it is in the Base DN directory or is the same as the Base DN directory. TAM

synchronizes the user data under Sub-Base DN rather than Base DN.
The DNs of attributes vary with LDAP servers. To get the correct Sub-Base DN path, use tools
such as Softerra LDAP Administrator.

{

Filter Condition—Enter a filter to match user data you want to synchronize to the TAM. The most
basic filter takes the format (attribute=value), where you can use the wildcard asterisk (*) in the
value pattern to match any character or character string. For example, the filter (cn=He*)

matches any entry that has a cn attribute value that starts with He.
You can also use a complex filter (operator(attribute1=value)(attribute2=value)) or
(operator(attribute1=value)(operator(attribute2=value))) for advanced filtering.

Advertising
Popular Brands
Popular manuals