< Home

import-type

Function

The import-type command configures the import type of an import policy.

The undo import-type command restores the default import type (user-group) of an import policy.

Format

import-type { all | group | security-group | user | user-group | user-security-group }

undo import-type

Parameters

Parameter Description Value
all Imports users, organizational structure, and security groups on the server to a FW if the server is an AD or LDAP server. If the server is a Agile Controller server, this parameter indicates that the users and organizational structure are imported to a FW. -
group Imports organizational structure on the server to a FW. -
security-group Imports security groups on the server to a FW. This parameter is available only in the import policy view of AD and LDAP servers. -
user Imports users on the server to a FW. -
user-group Imports users and the organizational structure on the server to a FW. -
user-security-group Imports users and security groups on the server to a FW. This parameter is available only in the import policy view of AD and LDAP servers. -

Views

Server import policy view

Default Level

2: Configuration level

Usage Guidelines

By default, the import type of an import policy is user-group.

You can run the destination-group, destination-security-group, import-type, and server basedn commands to implement the following functions:

  • When the import type is user (import-type user), the users in server basedn and in its subgroups are imported to the specified destination-group and destination-security-group.
  • When the import type is user group (import-type group), you must set parameter destination-group, but must not set parameter destination-security-group. The system then checks whether the local user group destination-group has the same name as server basedn.
    • If they share the same name, the subgroups of the specified server basedn on the server are imported to the local user group. The users are not imported.
    • If they have different names, the specified server basedn with its subgroups on the server are imported to the local user group as a subgroup. The users are not imported.
  • When the import type is security-group (import-type security-group), you must set parameter destination-group but not set parameter destination-security-group. The system then imports the security groups on the server to the authentication domain of destination-group.
  • When the import type is user and user-group (import-type user-group),
    • You must set parameter destination-group, and the system then checks whether local user group destination-group has the same name as the server basedn specified on the server.
      • If they share the same name, the subgroups and users of the specified server basedn on the server are imported to the local user group.
      • If they have different names, the specified server basedn with its subgroups and users on the server are imported to the local user group.
    • The destination-security-group parameter is optional. If you set this parameter, the system will import the users in server basedn and in its subgroups to the specified destination-security-group.
  • When the import type is user and security-group (import-type user-security-group), you must set parameter destination-group, but must not set parameter destination-security-group. The system then imports the users in server basedn and in its subgroups to the specified destination-group and imports security groups in server basedn to the authentication domain of destination-group.
  • When the import type is user, user-group, and security-group (import-type all), you must set parameter destination-group but must not set parameter destination-security-group.
    • The system checks whether local user group destination-group has the same name as the server basedn specified on the server.
      • If they share the same name, the subgroups and users of the specified server basedn on the server are imported to the local user group.
      • If they have different names, the specified server basedn with its subgroups and users on the server are imported to the local user group.
    • The security groups of server basedn are imported to the authentication domain of destination-group.

Example

# Set the import type to user.

<sysname> system-view
[sysname] user-manage import-policy policy1 from ldap
[sysname-import-policy1] import-type user
Parent Topic: User and Authentication Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >