H3C Technologies H3C Intelligent Management Center User Manual
Page 93
84
{
Filter Condition—Criteria used for filtering users. Only users that match these criteria can be
synchronized to TAM.
{
Auto Synchronization—Options are:
−
Yes—TAM automatically executes the synchronization policy every day at a specified time
(3:00 am by default according to the IMC server time).
−
No—TAM performs synchronization on an as-needed basis.
The automatic execution time depends on the system parameter LDAP Synchronization Time.
For more information about configuring system parameters, see "12 Configuring global
{
On-Demand Sync—Options are:
−
Yes—TAM synchronizes a new user from the LDAP server only after the user passes
authentication.
−
No—TAM synchronizes all matching users from the LDAP server.
You can enable this option to save user account licenses and improve efficiency.
If both Auto Synchronization and On-Demand Sync are enabled, only LDAP users that are
synchronized to TAM can be synchronized from the LDAP server during automatic
synchronization.
{
Synchronize New Device Users—Options are:
−
Yes—TAM synchronizes users that are not in the TAM user database from the LDAP server.
−
No—TAM does not synchronize users that are not in the TAM user database.
{
Synchronize Users in Current Node—Options are:
−
Yes—TAM synchronizes users under the specified sub-base DN, but does not synchronize
users in any OU under the Sub-Base DN.
−
No—TAM synchronizes all users in the Sub-Base DN, including users in the OUs in the
Sub-Base DN.
Device User Information
{
Account Name—Attribute description used on the LDAP server for user account names. TAM
gets the values of this attribute as the account names of the device users.
{
User Name—Username attribute description used on the LDAP server. TAM gets the values of
this attribute as the usernames of the device users.
An empty field indicates that user names are not synchronized from the LDAP server.
{
Expiration Date—Attribute description used on the LDAP server for user account expiration
dates. TAM gets the values of this attribute as the expiration date of the device users.
An empty field indicates that expiration dates are not synchronized from the LDAP server.
{
Max. Online Users—Attribute description used on the LDAP server for the maximum number of
online users with the same user account. TAM gets the values of this attribute as the maximum
number of online users with the same user account settings of device users.
An empty field indicates that the settings are not synchronized from the LDAP server.
{
Device User Group—Device user group to which users bound with the synchronization policy
are assigned.
{
User Authorization Policy—Options are:
−
Name of the authorization policy used by the device users.