Viewing ldap synchronization policy details – H3C Technologies H3C Intelligent Management Center User Manual
Page 92
83
{
Device User Group—Device user group to which users bound with the synchronization policy
are assigned.
{
Auto Synchronization—Options are:
−
Yes—TAM automatically executes the synchronization policy every day as scheduled (3:00
am by default according to the IMC server time).
−
No—TAM performs synchronization on an as-needed basis.
The automatic execution time depends on the system parameter LDAP Synchronization Time.
For more information about configuring system parameters, see "
."
{
On-Demand Sync—Options are:
−
Yes—TAM synchronizes a new user from the LDAP server only after the user passes
authentication.
−
No—TAM synchronizes all matching users from the LDAP server.
You can enable this policy to save user account licenses and to improve synchronization
efficiency.
{
LDAP User—Click the Bound User icon for a synchronization policy to view users bound to
the policy. For more information about LDAP users, see "
{
Synchronize—Click Synchronize to execute the synchronization policy.
{
Modify—Click the Modify icon
to modify the synchronization policy.
{
Delete—Click the Delete icon to delete the synchronization policy.
3.
In the Sync Policy list area, click Refresh to update the Sync Policy list.
Viewing LDAP synchronization policy details
To view LDAP synchronization policy details:
1.
Click the User tab.
2.
On the navigation tree, select Device User Policy > LDAP Service > Sync Policies.
The Sync Policy list displays all LDAP synchronization policies.
3.
Click the name of a synchronization policy to view its details.
The page includes the following parameters:
{
Policy Name—LDAP synchronization policy name.
{
Server Name—Name of the LDAP server that is associated with the synchronization policy. An
LDAP synchronization policy can be associated with only one LDAP server.
One LDAP server can be associated with multiple synchronization policies.
{
Base DN—Absolute path of the base directory that stores user data on the LDAP server.
{
Sub-Base DN—Absolute path of the subdirectory that stores user data on the LDAP server. TAM
synchronizes the user data under -Sub-Base DN rather than Base DN.
The Base DN specifies the base directory that stores user information for the whole
organization. The Sub-Base DNs specify the directories that store user information for specific
departments within the organization. Users in different departments (identified by the
respective Sub-Base DNs) might be controlled by different authorization policies, and might be
assigned to different user groups. You can create department-specific synchronization policies
by referencing the respective Sub-Base DNs in each policy.