< Home

destination-group (server import policy view)

Function

The destination-group command specifies the destination position to which the user or user group information on the authentication server is imported.

The undo destination-group command deletes the specified destination position.

Format

destination-group group-name

undo destination-group

Parameters

Parameter Description Value
group-name Specifies the destination position to which the user or user group information is imported. The value must be the name (with the group path) of an existing user group.

Views

Server import policy view

Default Level

2: Configuration level

Usage Guidelines

For an AD or LDAP server, the user can be imported only to the group of the authentication domain with the same user domain name on the server or to the default authentication domain. The Agile Controller supports only the import of users into the default authentication domain.

The destination-group command is optional. You can run the destination-group, import-type, and server basedn commands to implement the following functions:

  • After you run the import-type user command, the users in group server basedn and its subgroups are imported to the specified target group destination-group.
  • After you run the import-type group command, the system checks whether the local user group destination-group and group server basedn specified on an authentication server share the same name.
    • If yes, the subgroups of group server basedn specified on the authentication server is imported into the local user group. The users are not imported.
    • If no, group server basedn and its subgroups on the authentication server are imported into the local user group as a subgroup. The users are not imported.
  • After you run the import-type security-group command, the security groups on the server are imported to the authentication domain of destination-group.
  • After you run the import-type user-group command, the system checks whether the local user group destination-group and group server basedn specified on an authentication server share the same name.
    • If yes, the subgroups and users of group server basedn specified on the authentication server is imported into the local user group.
    • If no, group server basedn and its subgroups and users on the authentication server are imported into the local user group.
  • After you run the import-type user-security-group command, the users in group server basedn and its subgroups are imported to the specified target group destination-group. The security groups on the server are imported to the authentication domain of destination-group.
  • After you run the import-type all command,
    • The system checks whether the local user group destination-group and group server basedn specified on an authentication server share the same name.
      • If yes, the subgroups and users of group server basedn specified on the authentication server is imported into the local user group.
      • If no, group server basedn and its subgroups and users on the authentication server are imported into the local user group.
    • The security groups on the server are imported to the authentication domain of destination-group.

Example

# Export the user or user group information on the LDAP server to user group /default/abc.

<sysname> system-view
[sysname] user-manage import-policy policy1 from ldap
[sysname-import-policy1] destination-group /default/abc
Parent Topic: User and Authentication Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >