Adding an ldap server – H3C Technologies H3C Intelligent Management Center User Manual
Page 88
79
{
Server in Use—LDAP authentication server: Primary or Backup.
{
Auto Back to Primary—When the primary LDAP server becomes unavailable, TAM switches to
the backup server and starts regularly checking the availability of the primary server. Options
are:
−
Yes—TAM automatically switches back to the primary server after the server becomes
available.
−
No—TAM continues to use the backup server.
{
Interval—Minimum interval (in hours) between a primary-to-backup switchover and an
automatic backup-to-primary switchover. This setting takes effect only when Auto Back to
Primary is enabled. TAM can automatically switch back to the primary server only if the backup
server has been working for a period equal to or longer than this interval after the
primary-to-backup switchover. This feature helps avoid frequent primary and backup
switchovers caused by the instability of the primary server.
4.
To return to the LDAP Server list, click Back.
Adding an LDAP server
Add an LDAP server to TAM is to establish the association between TAM and the LDAP server.
1.
Click the User tab.
2.
On the navigation tree, select Device User Policy > LDAP Service > LDAP Servers.
The LDAP Server list displays all LDAP servers.
3.
To view the Add LDAP Server page, click Add in the LDAP Server list area page.
4.
Configure basic LDAP server information:
{
Server Name—Enter an LDAP server name, which must be unique in TAM.
{
Version—Select an LDAP protocol version: 2 or 3. Make sure the LDAP server supports the
selected protocol version. Otherwise, TAM cannot communicate with the LDAP server.
{
Address—Enter the IP address or domain name of the LDAP server. If the LDAP server has more
than one NIC, enter the IP address of the NIC used for communicating with TAM.
{
Port—Enter the TCP port number on which the LDAP server listens for the packets from TAM. The
default port number is 389, which is used by most LDAP servers.
{
Server Type—Options for LDAP server type are:
−
Microsoft AD—To use Microsoft Windows AD-specific functions, set the server type to
Microsoft AD.
−
General—In any other cases, set the server type to General.
{
Real-Time AuthN—Select whether the authentication is performed by the LDAP server. Options
are:
−
Yes—LDAP users are authenticated on the LDAP server.
−
No—LDAP users are authenticated on TAM.
If TAM cannot synchronize passwords from some LDAP server (for example, the Microsoft
Active Directory), bound users are authenticated on the LDAP server even if you do not specify
real time authentication for the LDAP server.
{
Reconnect Interval—Select the time that TAM must wait before retrying to connect to the LDAP
server after a connection failure. As shown in
, without Reconnect Interval, a
requesting LDAP user must wait for a time specified by Connection Wait Timeout before being