Contents
1 Introduction
This document describes how to lock the Lightweight Directory Access Protocol (LDAP) authentication method.
In maintenance situations, the administrator can lock the LDAP authentication to prevent users from accessing the managed element over the Ericsson Command-Line Interface (ECLI) or NETCONF when it is not fully operational. When the LDAP authentication method is locked, only emergency access to the Management Information Base (MIB) is possible.
The procedure in this document must only be used during troubleshooting.
1.1 Prerequisites
This section describes the prerequisites, which must be fulfilled before using the procedure.
1.1.1 Conditions
The following conditions must apply:
- The user has the System Security Administrator role.
- The LDAP administrative state is UNLOCKED.
- An ECLI session in Exec mode is in progress.
2 Procedure
To lock the LDAP authentication method:
- Navigate to the LdapAuthenticationMethod managed object, for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1
- Enter Config mode:
(LdapAuthenticationMethod=1)>configure
- Lock the LDAP authentication method:
(config-LdapAuthenticationMethod=1)>administrativeState=LOCKED
- Commit the setting:
(config-LdapAuthenticationMethod=1)>commit
- Verify the result:
(LdapAuthenticationMethod=1)>show
LdapAuthenticationMethod=1 administrativeState=LOCKED Ldap=1
- Note:
- As long as the LDAP authentication method is locked, only
local Linux® users belonging to the com-emergency group can start ECLI or NETCONF sessions. Ongoing ECLI and NETCONF
sessions are not affected by the change.
An ongoing session can be disconnected because of inactivity. At the next logon, the user is possibly not able to access the session again. It is therefore important to stay active in the ongoing session.