beautypg.com

Synchronizing user groups, Managing ldap synchronization policies, Managing ldap – H3C Technologies H3C Intelligent Management Center User Manual

Page 375: Synchronization policies

background image

357

Synchronizing user groups

UAM supports synchronizing user groups in the following ways:

UAM can execute an LDAP synchronization policy to automatically build user groups based on the
OU structure in the LDAP server and synchronize LDAP users to their respective user groups. If an

LDAP user has moved from one OU to another, IMC also moves the LDAP user to the corresponding

user group accordingly. For information about manually executing an LDAP synchronization policy,
see "

Manually executing a synchronization policy

."

Operators can manually trigger an OU structure synchronization. In this case, UAM builds only user
groups based on the OU structure without synchronizing any users from the LDAP server.

The following rules apply during user group synchronization:

If a new OU is found on the LDAP server, UAM creates a user group for the OU.

If an OU has been removed from the LDAP server, UAM checks whether the corresponding user
group contains users. If it does, UAM keeps the user group. Otherwise, UAM deletes the user group.

To synchronize only the user groups from LDAP servers:

1.

Access the LDAP server list page.

2.

Click Synchronize.
If no server in the LDAP server list is configured to build user groups based on OUs, the
Synchronize button is grayed out.

After the synchronization is complete, UAM displays numbers of successfully added user groups, deleted

user groups, and operation failures. If failures exist, click Download to download or view the reasons for

failure in the operation log.

Managing LDAP synchronization policies

An LDAP synchronization policy determines:

How you synchronize user data from an LDAP server to UAM.

The scope of user data.

How the user data is handled on UAM.

Users synchronized from the LDAP server become access users or device management users in UAM.
An LDAP synchronization policy can be bound to only one LDAP server, but an LDAP server can have

multiple LDAP synchronization policies.

Accessing the LDAP synchronization policy list page

1.

Click the User tab.

2.

Select User Access Policy > LDAP Service > Sync Policy from the navigation tree.
The list includes all the LDAP synchronization policies.
Synchronization policy list contents

{

Policy Name—LDAP synchronization policy name. This parameter displays detailed policy
information.

See also other documents in the category H3C Technologies Safety: