HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager additional 1000-node E-LTU

101

102

103

104

105

106

107

108

109

110

Modifying LDAP user information

Modifying the device user information does not affect the shell profile that has applied to the device user,

but affects the command set to be applied. If, after the modification, the device user is controlled by a

different authorization policy, the user will be controlled by command set of the scenario that the user

matches in the new authorization policy.

If a user parameter is synchronized from an LDAP server, modifications to this parameter cannot survive

the next synchronization process, during which user information in TAM will be overwritten by that stored

on the LDAP server.

To modify LDAP user information:

1. Click the User tab.

2. Select Device User View > All Device Users from the navigation tree.

The Device User List displays all device users. Account names with the icon are LDAP users.

3. Click the Modify icon for an LDAP user to enter the page for modifying the user information.

 Account Name—Cannot be modified.

 User Name—Enter the real name of the LDAP user for identification.

 Device User Group—Click the Select User Group icon . The Select Device User Group

window appears. Select a group and click OK.

 Group Authorization Policy—The system automatically populates this field with the

authorization policy configured for the selected device user group.

 User Authorization Policy—Select an authorization policy for the user. Options include any

existing authorization policy configured in TAM, or CLI Access Not Supported. If you select CLI

Access Not Supported, the user can only log in to the device but cannot execute any command.

If you leave this field empty, the user uses the authorization policy of the device user group to

which the user belongs.

 Max. Online Users—Enter the upper limit of online users that an LDAP user is allowed to have.

An empty field indicates that the maximum number of online users with the same user account

is not limited.

 Expiration Date—Click the Calendar icon to select an expiration date, or manually enter a

date in the format of YYYY-MM-DD. The LDAP user becomes invalid since the expiration date.

An empty field indicates that the LDAP user never expires.

 Enable Privilege-Increase Password—To enable privilege-increase password for the user, click

the box next to this field, and enter the same password twice in the Privilege-Increase Password

field and Confirm the Password field. With this feature enabled, a user can execute related

command to raise the user privilege to the highest level after logging in to the device. The

commands used for increasing user privilege vary with devices. For more information, see

related configuration guide.

4. Click OK.

Cancelling LDAP users

TAM allows you to cancel LDAP users in bulk. An LDAP user cannot log in to any device after being

cancelled. You cannot cancel an online LDAP user.