You are here: Webhelp > Object > User

User

User refers to the user who uses the functions and services provided by the Hillstone device, or who is authenticated or managed by the device. The authenticated users consist of local user and external user. The local users are created by administrators. They belong to different local authentication servers, and are stored in system's configuration files. The external users are stored in external servers, such as AD server or LDAP server. System supports User Group to facilitate user management. Users belonging to one local authentication server can be allocated to different user groups, while one single user can belong to different user groups simultaneously; similarly, user groups belonging to one local authentication server can be allocated to different user groups, while one single user group can belong to different user groups simultaneously. The following diagram uses the default AAA server, Local, as an example and shows the relationship between users and user groups:

As shown above, User1, User2 and User3 belong to UserGroup1, while User3 also belongs to UserGroup2, and UserGroup2 also contains User4, User5 and UserGroup1.

Configuring a Local User

This section describes how to configure a local user and user group.

Click Object > User > Local User, some information and operations are provided as below:

  • Click the "Local server" drop-down box in the upper left corner of the page to switch the local user's server.
  • Red, orange and yellow colors are used to mark the expired users , expired within a week, expired within a month in the list.
  • Check the information of the local user in the list, including user, user group, expiration, mobile and description.

Creating a Local User

To create a local user, take the following steps:

  1. Select Object > User > Local User.
  2. Click New > User.
  3. Click OK.

Creating a User Group

To create a user group, take the following steps:

  1. Select Object > User > Local User.
  2. Click New > User Group.
  3. Type the name of the user group into the Name box.
  4. Specify members for the user group. Expand User or User Group in the Available list, select a user or user group and click Add to add it to the Selected list on the right. To delete a selected user or user group, select it in the Selected list and then click Remove. One user group can contain multiple users or user groups, but system only supports up to 5 layers of nested user groups and does not support the loopback nest. Therefore, a user group should not nest the upper-layer user group it belongs to.
  5. Click OK.

Export User List

The system exports the user-list file in .csv format, of which the content is the real-time information of the user list in the system.

Export user binding list from system to local, take the following steps:

  1. Select Object > User > Local User.
  2. Click Export User List to open the Export User List page, and select the saved position in local.
  3. Click OK to finish export.

Import User List

The system supports the import of user-list files in UTF-8 or GBK ecoding with .txt and .csv format.csv format. When the user-list file is imported, the system will carry out validity test and complexity check of the user password. If the results turn out to be successful, the importing is successful; if the results turn out to be unsuccessful, the importing is unsuccessful.

The user-list in .csv file is illustrated in the figure below.

The user-list in text file is illustrated in the figure below.

Before importing the user-list file, please read carefully the annotations in the above figures and fill in the user information according to the format.

Import user binding list to system, take the following steps:

  1. Select Object>User> Local User.
  2. Click Import User List to open the Import User List page.
  3. Click Browse to select the file name needed to be imported.
  4. Click OK to finish import.
  • The user password in the import/export file is not encrypted, unless the password strings match the AES encryption format.
  • Please try to keep the import file format consistent with the export file.
  • When imported, if the same user name exists under the same server, the original user information will be overwritten.
  • When imported, if a user is new to the system, it and its user information will be added to the system automatically.
  • In the imported user-list file, the "username" field should not contain slash/comma/double quotation marks/question mark/@; the "group" field should not contain comma/double quotation marks/question mark.
  • In the imported user-list file, the date in the "expire" field should be typed in the format of DD/MM/YYYY HH:SS.
  • If the user-list is imported in the format of text file, special notice should be given to the following points:
    • Every parameter in the file should be separated by half-width commas
    • If a parameter does not exist, use a half-width comma to replace it, etc. "123123,,local".
    • The sequence of the parameters in the first row is fixed and case-insensitive, etc. "Servername,userName,pAssWord".
    • The file should not contain blank lines or gibberish lines, or it is not able be imported successfully.
    • If the length of a parameter is less or more than its length range, it is not able be imported successfully.
      The length range of "username": 1-63 characters
      The length range of "password": 1-31 characters
      The length range of "phone": 6-15characters
      The length range of "email": 1-127 characters
      The length range of "description": 0-127 characters

Configuring a LDAP User

This section describes how to configure a LDAP user.

Synchronizing Users

To synchronize users in a LDAP server, firstly, you need to configure a LDAP server, refer to Configuring LDAP Server. To synchronize users:

  1. Select Object > User > LDAP User.
  2. Select a server from the LDAP Server drop-down list, and click Sync Users.
By default, after creating a LDAP server, system will synchronize the users of the LDAP server automatically, and then continue to synchronize every 30 minutes.

Configuring an Active Directory User

This section describes how to configure an active directory (AD) user.

Synchronizing Users

To synchronize users in an AD server to the device, first you need to configure an AD server ,refer to Configuring Active Directory Server. To synchronize users, take the following steps:

  1. Select Object > User >AD User.
  2. Select an AD server from the Active Directory Server drop-down list, and click Sync Users.
By default, after creating an AD server, system will synchronize the users of the AD server automatically, and then continue to synchronize every 30 minutes.

Configuring a IP-User Binding

Adding User Binding

To bind an IP or MAC address to a user, take the following steps:

  1. Select Object > User > IP-User Binding .
  2. Click Add User Binding.

  3. Click OK.

Import Binding

Import user binding list to system, take the following steps:

  1. Select Object>User> IP-User Binding.
  2. Click Import , and the Import User Binding List dialog box pops up.
  3. Click Browse to select the file name needed to be imported.
  4. Click OK to finish import.

Export Binding

Export user binding list from system to local, take the following steps:

  1. Select Object>User> IP-User Binding.
  2. Select the exported user category(include local, LDAP, AD and all users) in the Export drop-down list to pop up the export dialog box, and select the saved position in local.
  3. Click OK to finish export.