Contents
1 Introduction
This document describes how to lock the local authorization method.
The administrator can lock the local authorization to give full access to all resources to all users authenticated by the Lightweight Directory Access Protocol (LDAP). In this case, all Managed Object (MO) operations, MO actions, and Ericsson Command-Line Interface (ECLI) commands are allowed.
Locking is done in maintenance situations.
1.1 Prerequisites
This section describes the prerequisites, which must be fulfilled before using the procedure.
1.1.1 Conditions
The following conditions must apply:
- The user has the System Security Administrator role.
- The administrative state is UNLOCKED.
- An ECLI session in Exec mode is in progress.
2 Procedure
To lock the local authorization method:
- Navigate to the LocalAuthorizationMethod MO, for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthorizationMethod=1
- Enter Config mode:
(LocalAuthorizationMethod=1)>configure
- Lock the local authorization method:
(config-LocalAuthorizationMethod=1)>administrativeState=LOCKED
- Commit the setting:
(config-LocalAuthorizationMethod=1)>commit
- Verify the result:
(LocalAuthorizationMethod=1)>show
The following is an example output:
LocalAuthorizationMethod=1 administrativeState=LOCKED [...]
- Note:
- All users authenticated by LDAP now have full access to the
complete MOM including all security MOs.