vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/umn/admin_guide_000280.html
Yang, Tong 2195db241c MRS UMN 20231220 version update 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Reviewed-by: Rechenburg, Matthias <matthias.rechenburg@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2024-05-16 09:40:21 +00:00

26 lines
4.8 KiB
HTML
Raw Blame History

<a name="admin_guide_000280"></a><a name="admin_guide_000280"></a>
<h1 class="topictitle1">Hardening the LDAP</h1>
<div id="body1530067732200"><div class="section" id="admin_guide_000280__s7fbcd39f59004fd2badcda3c3314fd88"><h4 class="sectiontitle">Configuring the LDAP Firewall Policy</h4><p id="admin_guide_000280__en-us_topic_0046736710_p46832420">In the cluster adopting the dual-plane networking, the LDAP is deployed on the service plane. To ensure the LDAP data security, you are advised to configure the firewall policy in the cluster to disable relevant LDAP ports.</p>
<ol id="admin_guide_000280__en-us_topic_0046736710_ol18838598"><li id="admin_guide_000280__en-us_topic_0046736710_li35329658"><span>Log in to <span id="admin_guide_000280__text67509419010">MRS</span> Manager.</span></li><li id="admin_guide_000280__en-us_topic_0046736710_li49531474"><span>Click <strong id="admin_guide_000280__b16762624152711">Cluster</strong>, click the name of the desired cluster, choose <strong id="admin_guide_000280__b9763102411273">Services</strong> &gt; <strong id="admin_guide_000280__b3764132422713">LdapServer</strong>, and click <strong id="admin_guide_000280__b1576542432713">Configurations</strong>.</span></li><li id="admin_guide_000280__en-us_topic_0046736710_li43130086"><span>Check the value of <strong id="admin_guide_000280__b29451739162811">LDAP_SERVER_PORT</strong>, which is the service port of LdapServer.</span></li><li id="admin_guide_000280__en-us_topic_0046736710_li52626454"><span>To ensure data security, configure the firewall policy for the whole cluster to disable the LdapServer port based on the customer's firewall environment.</span></li></ol>
</div>
<div class="section" id="admin_guide_000280__se0dd555ca94e4ed5ba7cb5932de3bc09"><h4 class="sectiontitle">Enabling the LDAP Audit Log Output</h4><p id="admin_guide_000280__en-us_topic_0046736710_p34884411">Users can set the audit log output level of the LDAP service and output audit logs in a specified directory, for example, <strong id="admin_guide_000280__b16580023183419">/var/log/messages</strong>. The logs output can be used to check user activities and operation commands.</p>
<div class="note" id="admin_guide_000280__en-us_topic_0046736710_note45524249"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="text" id="admin_guide_000280__en-us_topic_0046736710_p7065065">If the function of LDAP audit log output is enabled, massive logs are generated, affecting the cluster performance. Exercise caution when enabling this function.</p>
</div></div>
<ol id="admin_guide_000280__en-us_topic_0046736710_ol63585586"><li id="admin_guide_000280__en-us_topic_0046736710_li35399367"><span>Log in to any LdapServer node.</span></li><li id="admin_guide_000280__en-us_topic_0046736710_li50158847"><span>Run the following command to edit the <strong id="admin_guide_000280__b5126326123514">slapd.conf.consumer</strong> file, and set the value of <strong id="admin_guide_000280__b1540318392357">loglevel</strong> to <strong id="admin_guide_000280__b412054283513">256</strong> (you can run the <strong id="admin_guide_000280__b16174057141119">man slapd.conf</strong> command on the OS to view the log level definition).</span><p><p id="admin_guide_000280__en-us_topic_0046736710_p48776445"><strong id="admin_guide_000280__b4661998914160">cd ${BIGDATA_HOME}/FusionInsight_BASE_</strong><strong id="admin_guide_000280__b136591056113910"><span id="admin_guide_000280__text7779123643918">8.1.0.1</span></strong><strong id="admin_guide_000280__b1692671914160">/install/FusionInsight-ldapserver-2.7.0/ldapserver/local/template</strong></p>
<p id="admin_guide_000280__en-us_topic_0046736710_p58577972"><strong id="admin_guide_000280__en-us_topic_0046736710_b57439703">vi slapd.conf.consumer</strong></p>
<pre class="screen" id="admin_guide_000280__se85bfdcaf62e4b1cb16f4f347f08f9c3">...
pidfile [PID_FILE_SLAPD_PID]
argsfile [PID_FILE_SLAPD_ARGS]
loglevel 256
...</pre>
</p></li><li id="admin_guide_000280__en-us_topic_0046736710_li22104370"><span>Log in to <span id="admin_guide_000280__text1581422914256">MRS</span> Manager, click <strong id="admin_guide_000280__b1553133843611">Cluster</strong>, click the name of the desired cluster, choose <strong id="admin_guide_000280__b26561643103814">Services</strong> &gt; <strong id="admin_guide_000280__b11270164643812">LdapServer</strong>. On the displayed page, choose <strong id="admin_guide_000280__b129171413395">More</strong> &gt; <strong id="admin_guide_000280__b63341427193913">Restart Service</strong>. Enter the administrator password and restart the service.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="admin_guide_000271.html">Security Hardening</a></div>
</div>
</div>
View Git Blame Copy Permalink