Manualshelf

HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager Software Module Additional 50-node QTY E-LTU
919293949596979899100
85
Device User Information
Account NameAttribute description used on the LDAP server for user account names. TAM
gets the values of this attribute as the account names of the device users.
User NameUsername attribute description used on the LDAP server. TAM gets the values of
this attribute as the usernames of the device users. An empty field indicates that user names are
not synchronized from the LDAP server.
Expiration DateAttribute description used on the LDAP server for user account expiration
dates. TAM gets the values of this attribute as the expiration date of the device users. An empty
field indicates that expiration dates are not synchronized from the LDAP server.
Max. Online UsersAttribute description used on the LDAP server for the maximum number of
online users with the same user account. TAM gets the values of this attribute as the maximum
number of online users with the same user account settings of device users. An empty field
indicates that the settings are not synchronized from the LDAP server.
Device User GroupDevice user group to which users bound with the synchronization policy
are assigned to.
User Authorization PolicyName of the authorization policy used by the device users, or CLI
Access Not Supported. With the CLI Access Not Supported option, the device users can only
log in to a device but cannot execute any command on it. An empty field indicates that no
authorization policy is specified for the device users and that the users will use the authorization
policy assigned to the device user group to which the user belongs. If different authorization
policies are assigned to a device user and the device user group, the policy configured for the
device user takes effect.
4. Click Back to return to the Sync Policy List.
Adding an LDAP synchronization policy
To add an LDAP synchronization policy:
1. Click the Service tab.
2. Select TACACS+ AuthN Manager > LDAP Service > Sync Policies from the navigation tree.
The Sync Policy List displays all LDAP synchronization policies.
3. Click Add in the Sync Policy List area.
4. Configure basic information for the synchronization policy:
Policy NameEnter a unique name for the synchronization policy.
Server NameSelect the LDAP server to which you want to assign the policy. Available options
are all LDAP servers that have been configured in TAM.
Base DNThe system automatically populates this field with the absolute path of the directory
that stores user data on the LDAP server.
Sub-Base DNEnter the absolute path of the subdirectory that stores user data on the LDAP
server. Make sure it is in the base DN directory or is the same as the base DN directory. TAM
synchronizes the user data under sub-base DN rather than base DN. The DNs attributes vary
with LDAP servers. To get the correct sub-base DN path, use tools such as Softerra LDAP
Administrator.
Filter ConditionEnter a filter to match the user data you want to synchronize to TAM. The most
basic filter takes the form (attribute=value), where you can use the wildcard asterisk (*) in the
value pattern to match any character or character string. For example, the filter (cn=He*)
matches any entry that has a cn attribute value that starts with He.