beautypg.com

Synchronizing ldap users, Modifying ldap user information – H3C Technologies H3C Intelligent Management Center User Manual

Page 103

background image

94

Synchronizing LDAP users

A synchronization operation synchronizes users bound with an LDAP synchronization policy as follows:

If an LDAP user in TAM exists on the LDAP server, user information stored in TAM is overwritten by
the user information stored on the LDAP server.

If an LDAP user in TAM does not exist on the LDAP server, TAM marks the user status as Inexistent.

If a new user is added to the LDAP server, TAM synchronizes the user from the LDAP server to its
database according to the synchronization policy.

To synchronize LDAP users bound to a synchronization policy:

1.

Click the User tab.

2.

On the navigation tree, select Device User > LDAP Users > Target Policy Name.
The Bound User list displays all device users bound with the policy.

3.

In the Bound User list area, click Sync All to start executing the policy.
This process might take a few minutes or hours, depending on the amount of user data.
When the synchronization ends, TAM displays the synchronization results, including the total
number of successfully synchronized users and the number of failures. If failures exist, click

Download to download or view the reasons for the failure in the operation log.

4.

To return to the Bound Users list, click Back.

Modifying LDAP user information

Modifying the device user information does not affect the shell profile that is applied to the device user,

but does affect the command set to apply. After the modification, if the device user is controlled by a

different authorization policy, the user is controlled by the command set of the condition that the user
matches in the new authorization policy.
If a user parameter is synchronized from an LDAP server, modifications to this parameter will be

overwritten in the next synchronization process with the server.
To modify LDAP user information:

1.

Click the User tab.

2.

On the navigation tree, select Device User View > All Device Users.
The Device User list displays all device users. Account names with the icon are LDAP users.

3.

Click the Modify icon

for an LDAP user.

The page for modifying the user information appears.

4.

Modify the following parameters for the user:

{

Account Name—Cannot be modified.

{

User Name—Modify the real name of the LDAP user for identification.

{

Device User Group—Click the Select User Group icon . The Select Device User Group

window appears. Select a group and click OK.

{

Group Authorization Policy—The system automatically populates this field with the
authorization policy configured for the selected device user group.

{

User Authorization Policy—Select an authorization policy for the user. Options are:

An existing authorization policy configured in TAM.

See also other documents in the category H3C Technologies Safety: