Chy, see, Figure 101, User – H3C Technologies H3C Intelligent Management Center User Manual

370

See the AD group tree hierarchy in

Figure 101

. For users in group C1, the AD group chain

available for service assignment is C1 > B1 > A. For users in C5 group, the AD group chain
available for service assignment is C5 > B2 > A. UAM moves up the chains to search a service for

the users.
Suppose the Service Query Level is 3, group C1 (AD group priority 2) has service L1S1, group C2
has no service, group C4 (AD group priority 3) has service L1S4 , group C5 has no service, group

B1 has service L2S1, group B2 has no service, and group A has service L3S.
For users only in group C1, UAM assigns service L1S1. For users in groups C1 and C4, UAM

assigns service L1S4, because group C4 is at the same layer as C1 but has higher LDAP priority.
For users in group C2, UAM assigns service L2S1, the service of group B1, because even though

group C2 has no service, its parent group (group B1) has the service and is below the top layer set

by Service Query Level. For users in group C5, UAM assigns service L3S (the service of group A),

because the two lower-layer AD groups in the AD group chain (C5 -> B2 -> A) have no services,
and group A is the top layer set by Service Query Level.

Figure 101 AD group tree hierarchy

6.

Configure access user parameter associations with the attributes on the LDAP server.
Configure basic information

{

User Name—Select the username attribute description used on the LDAP server from the list.
UAM uses the value of the attribute as the username of the LDAP user account when executing

the synchronization policy.

{

Identity Number—Select the identity attribute description used on the LDAP server from the list.
UAM uses the value of the attribute as the LDAP user identity when executing the synchronization

policy.

{

Contact Address—Select the contact address attribute description used on the LDAP server from
the list, or select Do Not Sync. If you select an attribute, UAM uses the value of the attribute as the

user contact address when executing the synchronization policy. If you select Do Not Sync, user

contact addresses are not synchronized from the LDAP server.

{

Telephone—Select the telephone attribute description used on the LDAP server from the list, or
select Do Not Sync. If you select an attribute, UAM uses the value of the attribute as the user

telephone number when executing the synchronization policy. If you select Do Not Sync, user
telephone numbers are not synchronized from the LDAP server.

{

Email—Select the email attribute description used on the LDAP server from the list, or select Do
Not Sync. If you select an attribute, UAM uses the value of the attribute as the user email account