Modifying an ldap synchronization policy – H3C Technologies H3C Intelligent Management Center User Manual

374

{

EXEC Priority—Specify the level of command execution privilege assigned to the device

management users. The value range from 0 to 15. A greater value represents a higher privilege
for executing more commands. If the parameter is not configured, the user uses the default level

specified on the device.

Configure the Bound User IP List area
Specify one or more IPv4 address ranges permitted for logins in the list. A device management
user can log in to a device only when the IP address of the user is in the list.
To configure the bound user IP list:

a.

Click Add in the Bound User IP List area. The page for adding IP address appears.

b.

Specify the start and end IP addresses.
Select an attribute from the list to synchronize the IP addresses from the LDAP server. Or select
Do Not Sync, and then manually enter the IP addresses. Either way, the end IP address must be

greater than the start one.

c.

Click OK.

d.

Repeat steps a through c to add more IP address ranges.

e.

To delete an IP address range, click the Delete icon next to it. And then click OK in the
confirmation dialog box that appears.

f.

To delete one or more IP address ranges, select the box to the left of the start IP addresses, and
click Delete in the Bound User IP List area.

Configure the IP Address List of Managed Devices area
Specify one or more IPv4 address ranges of devices that can be managed in the list. Device
management users can only log in to the devices specified in the list.
To configure the IP address list of managed devices:

g.

Click Add in the IP Address List of Managed Devices area. The page for adding devices
appears.

h.

Specify the start and end IP addresses.
Select an attribute from the list to synchronize the IP addresses from the LDAP server. Or select
Do Not Sync, and then manually enter the IP addresses. Either way, the end IP address must be

greater than the start one.

i.

Click OK.

j.

Repeat steps a through c to add more device IP address ranges.

k.

To delete a device range, click the Delete icon of the IP address range, and click OK in the

dialog box that appears.

l.

To delete one or more device ranges, select the box to the left of the start IP address, and click

Delete in the IP Address List of Managed Devices area.

6.

Click OK.

Modifying an LDAP synchronization policy

There are three ways of modifying an LDAP synchronization policy for an LDAP server, depending on

policy sync object, service sync type, and the way you assign services to the LDAP users.

Modifying a policy when the Service Sync Type is Manual Assignment

To modify a policy for an LDAP server when its service sync type is manual assignment: