H3C Technologies H3C Intelligent Management Center User Manual

86

This option and the Synchronize New Device Users option are mutually exclusive. If you have

a limited number of licenses, use this option to save user licenses
If you enable both the Auto Synchronization and On-Demand Sync options, only LDAP users
that have been synchronized to TAM can be synchronized from the LDAP server during

automatic synchronization

{

Synchronize New Device Users—TAM synchronizes all new users from the LDAP server. If this
option is not selected, TAM does not synchronize any new user from the LDAP server.
This option and the On-Demand Sync option are mutually exclusive.

{

Synchronize Users in Current Node—TAM synchronizes users under the specified Sub-Base DN,
but it does not synchronize users in any OU under the Sub-Base DN. If this option is not selected,

TAM synchronizes all users in the Sub-Base DN, including users in the OUs in the Sub-Base DN.

5.

Click Next to display the page for configuring device user parameters.

6.

Configure the device user parameters associations with attribute descriptions on the LDAP server.

{

Account Name—The system automatically populates this field with the attribute description
used on the LDAP server for user account names, which cannot be modified.

{

User Name—Select the username attribute description used on the LDAP server from the list.
TAM gets the values for this attribute as the usernames of LDAP users.
Select Do Not Sync to enter a unified username for all LDAP users.

{

User Password—Select the attribute description used on the LDAP server for user passwords
from the list. TAM gets the values of this attribute as user passwords of LDAP users.
Select Do Not Sync to enter a unified user password for all users.

{

Expiration Date—Select the attribute description used on the LDAP server for user account

expiration dates from the list. TAM gets the values of this attribute as the expiration date of LDAP
users.
Select Do Not Sync to set a unified expiration date for all LDAP users. You can either select a
date by clicking the Calendar icon , or enter a date in the format YYYY-MM-DD.

{

Max. Online Users—Select the attribute description used on the LDAP server for the maximum
number of online users with the same user account. TAM gets the values for this attribute as the

maximum number of online users with the same user account.
Select Do Not Sync to manually set a unified setting for all device users.

{

Device User Group—Select a device user group for users bound with the synchronization policy.
Click the Select User Group icon . The Select Device User Group window appears. Select a

group and click OK. This parameter cannot be synchronized from the LDAP server.

{

User Authorization Policy—Options are:

−

Specific authorization policy—The device users are controlled by the policy.

−

CLI Access Not Supported—The device users can log in to the device but cannot execute any

command.

If you leave this field empty, the device users use the authorization policy assigned to the
device user group to which the user belongs.
If you assign different authorization policies to a device user and the device user group the user
belongs to, the policy configured for the device users takes effect. This parameter cannot be

synchronized from the LDAP server.

7.

Click OK.