< Home

ldap-server time-stamp-filter

Function

The ldap-server time-stamp-filter command configures the timestamp attribute filtering field of the LDAP server.

The undo ldap-server time-stamp-filter command restores the default timestamp attribute filtering field.

By default, the timestamp attribute filtering field of the LDAP server is createTimeStamp.

Format

ldap-server time-stamp-filter field

undo ldap-server time-stamp-filter

Parameters

Parameter Description Value

field

Specifies the timestamp attribute filtering field.

The value is a string of 1 to 63 characters. Currently, the value can only be set to createTimeStamp.

NOTE:

The value of the timestamp attribute filtering field must be the same as that on the LDAP server.

The user filtering field is createTimeStamp for the following four LDAP server types:

  • AD LDAP
  • IBM Tivoli
  • Open LDAP
  • Sun ONE LDAP

Views

LDAP server template view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When configuring security policies for users, user groups, or security groups on the device if AD authentication and authorization are used, you need to import users, user groups, or security groups on the AD server to the device.

Users, user groups, or security groups can be updated to the device in full update or incremental update mode. In full update mode, all users, user groups, or security groups are updated to the device. You can run the sync-mode full schedule command to enable the full update function of the LDAP server and set the full update time. In incremental update mode, only new users, user groups, or security groups added after the previous update are updated to the device. You can run the sync-mode incremental schedule interval command to enable the incremental update function of the LDAP server and configure the incremental update interval.

After the timestamp attribute filtering field is set using the ldap-server time-stamp-filter command, the LDAP server incrementally updates users, user groups, or security groups to the device based on the field at the configured incremental update interval. The timestamp attribute filtering field can filter new users, user groups, or security groups added to the LDAP server after the previous update.

Precautions

The timestamp attribute filtering field configured using the ldap-server time-stamp-filter command must be the same as that configured on the LDAP server; otherwise, users, user groups, or security groups cannot be updated to the device incrementally.

To enable the incremental update function, run the sync-mode incremental schedule interval command.

Example

# Set the timestamp attribute filtering field to createTimeStamp.

<sysname> system-view
[sysname] ldap-server template temp1
[sysname-ldap-temp1] ldap-server time-stamp-filter createTimeStamp
Parent Topic: LDAP Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >