Ldap authentication + tam local authorization – H3C Technologies H3C Intelligent Management Center User Manual
Page 14
5
Figure 2 TAM local authentication and authorization
In TAM local authentication-authorization mode, when a device user logs in to manage a device, the
TAM server performs authentication for the device user. If the device user passes authentication, the TAM
server uses a locally saved authorization policy to perform login authorization and command
authorization for the device user.
LDAP authentication + TAM local authorization
The device to which a user wants to log in sends the user account name and password to the TAM server,
which then sends the information to the LDAP server for authentication. The LDAP server sends the
authentication result back to the TAM server. TAM permits or denies user login to the device according
to the authentication result.
If the user is permitted login to the device, TAM performs login authorization and command authorization
for the user. The device and the TAM server use the TACACS+ protocol to exchange packets with each
other. The TAM server and the LDAP server use the LDAP protocol to exchange packets with each other.
The device user information is saved in the LDAP server. The authorization policies for device users are
saved in the TAM local database.
shows LDAP authentication and TAM authorization. The PCs in blue represent the PCs used by
device users, and the devices in blue represent the manageable devices.