H3C Technologies H3C Intelligent Management Center User Manual
Page 369
351
For the compatibility matrix of Server Type, Service Sync Type, and Real Time AuthN settings,
see
Table 27 Matrix of server type, service sync type, and Real Time AuthN
Server Type Service
Sync Type
Real Time AuthN
General
Manual assignment
Yes or No
Microsoft AD
•
Manual assignment
•
AD group based
Yes
{
Service Sync Type—Select a service synchronization type from the list: Manual assignment or
Based On Active Directory Group.
The services assigned to the LDAP users synchronized from the LDAP server are determined by
the following parameters: Service Sync Type, Apply for Service by User Group, and User
Group. See the basic matrix of related service parameters below.
For more information about the Apply for Service by User Group feature, see "
Table 28 Basic matrix of related parameters for services
Service
sync type
Apply for
service
by user
group
User group
synchronizatio
n mode
Services applied for by the LDAP users
Manual
assignme
nt
Enabled
Synchronize by
OU
No other configuration is needed for the LDAP
synchronization policy to be assigned to the LDAP
server. UAM builds user groups based on the OU
structure in the base DN of the LDAP server, and
synchronizes LDAP users to their respective user
groups. UAM automatically applies for services for
each LDAP user, and the services to be applied for are
those assigned to their respective user groups.
Manual Specify
When assigning an LDAP synchronization policy to the
LDAP server, operators must specify a user group for the
LDAP users. UAM applies for the services assigned to
the specified user group for all LDAP users.
Disabled N/A
When assigning an LDAP synchronization policy to the
LDAP server, operators must select the services to be
assigned to LDAP users. UAM applies for the selected
services for all LDAP users.
Based on
active
directory
group
N/A N/A
When assigning an LDAP synchronization policy to the
LDAP server, operators assign services only to LDAP AD
groups. UAM automatically applies for services for
each LDAP user, and the services to be applied for are
those assigned to their respective LDAP AD groups. For
information about configuring such LDAP
synchronization policies, see "
the service sync type is AD group based
"
{
Real Time AuthN—Displays whether authentication is performed by the LDAP server.
−
Yes—LDAP users are authenticated on the LDAP server.
−
No—LDAP users are authenticated on UAM.