H3C Technologies H3C Intelligent Management Center User Manual
Page 89
80
informed the user has been rejected because the LDAP server cannot be reached. With this
parameter configured, each time TAM fails to connect the LDAP server, the specified Reconnect
Interval takes effect. During this interval, TAM directly rejects all authentication requests that
must be forwarded to the LDAP server. Options are:
−
Specific time intervals
−
Disable Auto Connect—Select Disable Auto Connect to disable TAM from automatically
retrying to connect to the LDAP server after a connection failure. In this case, an operator
must connect the LDAP server to TAM manually. This operation is available on the LDAP
Server list page.
For more information, see "
{
Connection Wait Timeout—Enter the maximum duration of each connection attempt. If TAM
fails to connect to the LDAP server within this period, the connection attempt is considered
failed.
{
Sync Wait Timeout—Enter the maximum duration of each synchronization process. The sync
wait timer starts when TAM starts synchronizing user data from the LDAP server. When this timer
expires, TAM stops the synchronization, regardless of whether the synchronization is complete.
If you do not want to set a time limit, set the timer to zero (0).
{
Enable SSL—Select this option to enable TAM to connect to the LDAP server through SSL. To
enable SSL, the TAM server and LDAP server must be configured with the root certificate and
server certificate, respectively. For information about configuring the root certificate on TAM,
see "Configuring the root certificate on TAM."
5.
Configure server information:
{
Base DN—Enter the absolute path of the directory that stores user data on the LDAP server.
{
Admin DN—Enter the absolute path that locates the administrator on the LDAP server.
{
Admin Password—Enter the administrator password.
{
User Attribute Name—Enter the attribute description used on the LDAP server for usernames.
{
Password Attribute—Enter the attribute description used on the LDAP server for user passwords.
This parameter cannot be configured when the server type is Microsoft AD, whose user
passwords cannot be synchronized to TAM.
The Base DN, Administrator DN, User Attribute Name, and Password Attribute descriptions vary
with LDAP servers. You can use tools such as Softerra LDAP Administrator to get the attribute
descriptions on an LDAP server.
6.
Configure backup server information:
To provide non-stop services, configure a backup server to provide authentication for the LDAP
users when the primary server is unavailable. The primary-to-backup switchover takes about one
minute. During this period, all requesting LDAP users are rejected, informed that another
connection is being authenticated, and they must retry later. The switchover does not affect any
online user.
{
Address—Enter the IP address or domain name of the backup LDAP server. If you do not want
to configure a backup server, leave this field empty.
{
Server in Use—Select the LDAP authentication server: Primary or Backup.
To select the backup server, the IP address of the backup server must have been configured.
{
Auto Back to Primary—Select the option to enable Auto Back to Primary. When the primary
LDAP server becomes unavailable, TAM switches to the backup server and starts regularly
checking the availability of the primary server. Options are: