9 ldap authentication, Ldap overview – H3C Technologies H3C Intelligent Management Center User Manual
Page 84
75
9 LDAP authentication
LDAP overview
IMC TAM can work with an LDAP server to provide authentication service for device users.
In TAM authentication, user data is stored in the TAM database, as shown in
Figure 17 TAM authentication
In LDAP authentication, user data is stored in the LDAP server. In a network that uses an LDAP server for
user management, you can synchronize user accounts from the LDAP server to TAM instead of manually
adding them.
Users that use these accounts are called LDAP users. When the authentication request from a device user
arrives, TAM looks up the user in the local user database.
•
If the user is an LDAP user, TAM forwards the request to the LDAP server.
•
If the user is not an LDAP user, TAM directly authenticates the user.
shows the authentication process.
Figure 18 LDAP authentication
To save user licenses, TAM supports On-Demand Sync, which allows it to synchronize a new user from
the LDAP server only after the user passes authentication.
The on-demand synchronization process works as follows: when a device user initiates an authentication
request, TAM looks up the user in the local user database.
•
If no entry is found for the user, TAM forwards the authentication request to the LDAP server.
•
If the user is found in the LDAP server and passes the authentication, TAM synchronizes the user to
its local user database.
TAM can work with these LDAP servers in the market: Microsoft Windows Active Directory, Open LDAP,
Sun ONE LDAP Server, and Novell eDirectory Server.