Contents

1   Introduction

This document describes how to lock the local authorization method.

The administrator can lock the local authorization to give full access to all resources to all users authenticated by the Lightweight Directory Access Protocol (LDAP). In this case, all Managed Object (MO) operations, MO actions, and Ericsson Command-Line Interface (ECLI) commands are allowed.

Locking is done in maintenance situations.

1.1   Prerequisites

This section describes the prerequisites, which must be fulfilled before using the procedure.

1.1.1   Conditions

The following conditions must apply:

• The user has the System Security Administrator role.
• The administrative state is UNLOCKED.
• An ECLI session in Exec mode is in progress.

2   Procedure

To lock the local authorization method:

1. Navigate to the LocalAuthorizationMethod MO, for example:

   >dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthorizationMethod=1

2. Enter Config mode:

   (LocalAuthorizationMethod=1)>configure

3. Lock the local authorization method:

   (config-LocalAuthorizationMethod=1)>administrativeState=LOCKED

4. Commit the setting:

   (config-LocalAuthorizationMethod=1)>commit

5. Verify the result:

   (LocalAuthorizationMethod=1)>show

   The following is an example output:

   LocalAuthorizationMethod=1 administrativeState=LOCKED [...]

   Note:  

   All users authenticated by LDAP now have full access to the complete MOM including all security MOs.