TACACS+ Authentication Manager Help >> Operation Guide >> Device User >> LDAP User Management

LDAP User Management

An LDAP user is a device user that is bound with an LDAP synchronization policy. During every synchronization process, attribute values on the LDAP server are synchronized to the device users.

LDAP user management functions include adding, deleting, and query of LDAP users. TAM provides two methods for opening the LDAP user management functions.

• Mehod 1: Click the User tab, and then select a policy name under Device User > LDAP Users to display the device users bound with the synchronization policy.
• Method 2: Click the User tab. From the navigation tree, select Device User Policy > LDAP Service > Sync Policies. Click the icon of a synchronization policy to display its bound device users.

Open the LDAP User Management page either way. The following uses the first method as an example to describe the LDAP user management functions.

Features

• Query Bound Users
  
  Perform this task to query LDAP bound device users by predefined query criteria.

  Procedure

  1. Set the query criteria, including account name, device user group, and status in LDAP server. Account name supports fuzzy query.
  2. Click Query to display the bound users matching the query criteria. Click Reset to query bound users with the default query criteria.
• Bind Users with LDAP
  
  Perform this task to bind device users in TAM to an LDAP synchronization policy. The LDAP synchronization policy periodically synchronizes parameters of the bound device users from the LDAP server.

  Procedure

  1. Click Add. The unbound device user list appears.
  2. Use the query function to display desired device users.
  3. Select device users to be bound, and then click OK.
• Unbind Users
  
  Perform this task to remove the binding between device users and an LDAP synchronization policy. Unbinding device users does not remove them from TAM, but the LDAP synchronization policy will not synchronize parameters for them from the LDAP server any more.

  Procedure

  1. Select one or more bound users, and then click Unbind.
     A confirmation dialog box appears.
  2. Click OK.
• Synchronize LDAP Users
  
  Perform this task to manually synchronize parameters of all device users bound with the LDAP synchronization policy from the LDAP user. With Synchronize New Device Users selected for the LDAP synchronization policy, if a device user is on the LDAP user but not on TAM, the device user will be added to TAM during synchronization.

  Procedure

  Click Sync All to immediately synchronize parameters of all device users bound with the synchronization policy.

Parameters

Status in LDAP Server: User status in the LDAP server can be Unknown, Existent, and Inexistent. After a device user is bound with an LDAP synchronization policy, the initial status of the device user is Unknown. During LDAP synchronization, the policy checks whether the device user exists on the LDAP server. If yes, the user status is changed to Existent; if not, the user status is changed to Inexistent.

Remarks

• A device user can be bound with only one LDAP synchronization policy.
• An operator can view or manage the bound users in the device user groups authorized to the operator.