HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide
84
Synchronize—Click the Synchronize link to execute the synchronization policy.
Modify—Click the Modify icon to modify the synchronization policy.
Delete—Click the Delete icon to delete the synchronization policy.
3. Click Refresh in the Sync Policy List area to update the Sync Policy List.
Viewing LDAP synchronization policy details
To view detailed information about an LDAP synchronization policy:
1. Click the Service tab.
2. Select TACACS+ AuthN Manager > LDAP Service > Sync Policies from the navigation tree.
The Sync Policy List displays all LDAP synchronization policies.
3. Click the name link of a synchronization policy to enter the synchronization policy details page.
Sync Policy Basic Information
Policy Name—LDAP synchronization policy name.
Server Name—Name of the LDAP server that is associated with the synchronization policy. An
LDAP synchronization policy can be associated with only one LDAP server. One LDAP server
can be associated with multiple synchronization policies.
Base DN—Absolute path of the base directory that stores user data on the LDAP server.
Sub-Base DN—Absolute path of the subdirectory that stores user data on the LDAP server. TAM
synchronizes the user data under sub-base DN rather than base DN.
The Base DN specifies the base directory that stores user information for the whole
organization. The sub-base DNs specify the directories that store user information of specific
departments within the organization. Users in different departments (identified by their
respective sub-base DNs) may need to be controlled by different authorization policies, and to
be assigned to different user groups. You can create department-specific synchronization
policies by referencing their respective sub-base DNs in each policy.
Filter Condition—Criteria used for filtering users. Only users that match these criteria can be
synchronized to TAM.
Auto Synchronization—If this option is enabled (Yes), TAM automatically executes the
synchronization policy every day at a specified time (3:00 am by default). If this option is
disabled (No), TAM performs synchronization on an as needed basis. The automatic execution
time depends on the system parameter LDAP Synchronization Time. For more information
about configuring system parameters, see "Configuring system parameters."
On-Demand Sync—If this option is enabled (Yes), TAM synchronizes a new user from the LDAP
server only after the user passes authentication. If this option is disabled (No), TA M
synchronizes all matching users from the LDAP server. You can enable this option to save user
account licenses and improve efficiency. If both Auto Synchronization and On-Demand Sync
are enabled, only LDAP users that have been synchronized to TAM can be synchronized from
the LDAP server during automatic synchronization.
Synchronize New Device Users—If this option is enabled (Yes), TAM synchronizes users that
are not in the TAM user database from the LDAP server. If this option is disabled (No), TAM
does not synchronize users that are not in the TAM user database.
Synchronize Users in Current Node—If this option is enabled (Yes), TAM synchronizes users
under the specified sub-base DN, but does not synchronize users in any OU under the sub-base
DN. If this option is disabled (No), TAM synchronizes all users in the sub-base DN, including
users in the OUs in the sub-base DN.