Viewing ldap server details – H3C Technologies H3C Intelligent Management Center User Manual
Page 86
77
For an LDAP server in the Disconnected state, TAM rejects all authentication requests from LDAP
users, and prompts the users that the server is disconnected. Operators can click the
Disconnected icon for the server to manually connect TAM to the server.
Manually connect TAM to an LDAP server when the server connection is restored between two
automatic checking intervals. When the LDAP server is down and disconnects from TAM, TAM
starts regularly checking the availability of the server, and automatically connects to the server
after the server becomes available. However, the checking interval is long, which might
indicate that LDAP users cannot be authenticated for a long time. In this case, after fixing the
problems on the server, the operator can connect TAM manually to the server so that it can
provide authentication service for LDAP users.
{
Modify—Click the Modify icon
to display the page for modifying the LDAP server settings.
{
Delete—Click the Delete icon to delete the LDAP server.
{
Configure Certificate—Click the Configure Certificate icon to configure the root certificate
on TAM.
3.
Click Refresh in the LDAP Server list area to update the LDAP Server list.
Viewing LDAP server details
To view LDAP server details:
1.
Click the User tab.
2.
On the navigation tree, select Device User Policy > LDAP Service > LDAP Servers.
The LDAP Server list displays all LDAP servers.
3.
Click the name of an LDAP server to view its details.
The page includes the following parameters:
{
Server Name—LDAP server name.
{
Version—Version of the LDAP protocol running on the LDAP server. TAM supports LDAPv2 and
LDAPv3.
{
Address—IP address or domain name of the LDAP server.
{
Port—TCP port on which the LDAP server listens for packets sent by TAM.
{
Server Type—Type of the LDAP server: Microsoft AD or General.
{
Real-Time AuthN—Displays whether authentication is performed by the LDAP server. Options
are:
−
Yes—LDAP users are authenticated on the LDAP server.
−
No—LDAP users are authenticated on TAM.
If TAM cannot synchronize passwords from some LDAP server (for example, the Microsoft
Active Directory), bound users are authenticated on the LDAP server even if you do not specify
real time authentication for the LDAP server.
{
Reconnect Interval—Time that TAM must wait before trying to reconnect to the LDAP server after
a connection failure. As shown in
, without Reconnect Interval, a requesting LDAP user
must wait for a time specified by Connection Wait Timeout before being informed the user has
been rejected because the LDAP server cannot be reached.
With this parameter configured, each time TAM fails to connect to the LDAP server, the
Reconnect Interval takes effect. During this interval, TAM does not try to reconnect to the LDAP
server and directly rejects all authentication requests from LDAP users. After the Reconnect