HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

and the Synchronize New Device Users option are mutually exclusive. If you have a limited

number of licenses, use this option to save user licenses.

 Sync Options-Synchronize New Device Users—Select this option to have TAM synchronize all

the new policy-matching users from the LDAP server. If this option is not selected, TAM does not

synchronize any new user from the LDAP server. This option and the On-Demand Sync option

are mutually exclusive.

 Sync Options-Synchronize Users in Current Node—Select this option to have TAM synchronize

users under the specified sub-base DN, but not synchronize users in any OU under the sub-base

DN. If this option is not selected, TAM synchronizes all users in the sub-base DN, including users

in the OUs in the sub-base DN.

5. Click Next to enter the page for configuring device user parameters.

6. Modify the device user parameters associations with attribution descriptions on the LDAP server.

 Account Name—The system automatically populates this field with the attribute description

used on the LDAP server for user account names, which cannot be modified.

 User Name—Select the username attribute description used on the LDAP server from the list.

TAM gets the values for this attribute as the usernames of LDAP user. Or select Do Not Sync to

enter a unified username for all LDAP users.

 User Password—Select the corresponding attribute description used on the LDAP server for user

passwords from the list. TAM gets the values of this attribute as user passwords of LDAP users.

Or select Do Not Sync to enter a unified user password for all LDAP users.

 Expiration Date—Select the corresponding attribute description used on the LDAP server for

user account expiration dates from the list. TAM gets the values of this attribute as the expiration

date of LDAP users. Or select Do Not Sync to set a unified expiration date for all LDAP users. You

can select a date by clicking the Calendar icon , or enter a date in the format of

YYYY-MM-DD.

 Max. Online Users—Select the corresponding attribute description used on the LDAP server for

the maximum number of concurrent logins with the same user account. TAM gets the values for

this attribute as the maximum concurrent logins settings of LDAP users. Or select Do Not Sync to

manually set a unified maximum concurrent logins for all LDAP users.

 Device User Group—Select a device user group for users bound with the synchronization policy.

Click the Select User Group icon . The Select Device User Group window appears. Select a

group and click OK. This parameter cannot be synchronized from the LDAP server.

 User Authorization Policy—Select an existing authorization policy, or CLI Access Not Supported

from the list. If you select a specific authorization policy, the device users are controlled by the

policy. If you select CLI Access Not Supported, the device users can log in to the device but

cannot execute any command. If you leave this field empty, the device users use the

authorization policy assigned to the device user group to which the user belongs. If you assign

different authorization policies to a device user and the device user group the user belongs to,

the policy configured for the device users takes effect. This parameter cannot be synchronized

from the LDAP server.

7. Click OK.

Deleting an LDAP synchronization policy

If the LDAP synchronization policy to be deleted has been bound to any user, remove the binding first. For

unbinding an LDAP user with a synchronization policy, see "Unbinding users with an LDAP

synchronization policy."