H3C Technologies H3C Intelligent Management Center User Manual
Page 393
375
1.
Access the LDAP synchronization policy list page.
2.
Click the Modify icon for the synchronization policy you want to modify.
The page for modifying the synchronization policy appears.
3.
Modify basic policy information.
{
Service Group—Displays the service group that the LDAP synchronization policy belongs to. The
system automatically populates this field with the same service group as the LDAP server.
{
Synchronization Priority—Modify the priority of the LDAP synchronization policy.
Synchronization policies with higher priority values are executed first in a scheduled
synchronization task.
{
Base DN—Displays the absolute path of the directory that stores user data in the LDAP server.
The system automatically populates this field with the base DN specified for the LDAP server.
{
Sub-Base DN—Enter the absolute path of the subdirectory that stores user data in the LDAP
server and make sure that it is in the base DN directory or be the same as the base DN directory.
UAM synchronizes the user data under sub-base DN rather than base DN. The DNs of attributes
vary with LDAP servers. To get the correct sub-base DN path, use tools such as Softerra LDAP
Administrator.
{
Filter Condition—Enter a filter to match user data you want to synchronize to UAM. The default
filter is (&(objectclass=*)(cn=*)), which matches entries that have any objectclass attribute value
and any cn attribute value. For information about defining a filter, see "
the Service Sync Type is Manual Assignment
{
States—Select Valid or Invalid from the list to enable or disable the policy. Disabling the policy
does not affect users that have been synchronized to UAM. They can continue to use the
authentication service and self-service.
{
Sync Options-Auto synchronization—Select this option to execute the policy every day to
synchronize all matching users to UAM. The execution time depends on the system settings for
scheduled daily tasks. For more information, see "
32 Configuring global system settings
{
Sync Options-Synchronize Users as Needed—Select this option to have UAM synchronize a new
policy-matching user from the server only after the user passes authentication. This option and
the automatic synchronization option are mutually exclusive. If you have a limited number of
licenses, use this option to save user licenses. To avoid synchronization errors, see "
{
Sync Options-Synchronize New Users and Accounts—Select this option to have UAM
synchronize users that are not in the IMC platform's user database from the LDAP server, add
these users to the IMC platform, and create associated access user accounts in UAM. If this
option is not selected, UAM does not synchronize users that are not in the IMC platform. This
option is mutually exclusive with the Synchronize Users as Needed option.
{
Sync Options-Synchronize New Accounts of Existing Users—Select this option to have UAM
add associated access user accounts in UAM for users that exist both in the IMC platform's user
database and LDAP server but do not have access accounts in UAM. If this option is not selected,
UAM does not add access accounts for such users.
{
Sync options-Synchronize Users in Current Node Only—Select this option to have UAM
synchronize users under the specified sub-base DN, but not synchronize users in any OU under
the sub-base DN. If this option is not selected, UAM synchronizes all users in the sub-base DN,
including users in the OUs in the sub-base DN.
{
Sync options-Inherit Parent Group's Service—This option appears only when the selected LDAP
server uses the following settings: Manual Assignment selected for the Service Sync Type field,
the Apply for Service by User Group option enabled, and Synchronize by OU selected for the