Contents
1 Introduction
This document describes how to lock the LDAP authentication method.
In maintenance situations, if needed the administrator can lock the LDAP authentication to prevent remote LDAP users to access the ME when it is not fully operational. When the LDAP authentication method is locked, the Management Information Base (MIB) is accessed by users authorized by other access control methods for example, LocalAuthentication or local Linux® users belonging to com-emergency group.
The procedure in this document must only be used during troubleshooting.
1.1 Prerequisites
This section describes the prerequisites, which must be fulfilled before using the procedure.
1.1.1 Conditions
The following conditions must apply:
- The user has the System Security Administrator role.
- The LDAP administrative state is UNLOCKED.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
2 Procedure
To lock the LDAP authentication method:
- Navigate to the LdapAuthenticationMethod Managed Object (MO), for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1
- Enter Config mode:
(LdapAuthenticationMethod=1)>configure
- Lock the LDAP authentication method:
(config-LdapAuthenticationMethod=1)>administrativeState=LOCKED
- Commit the setting:
(config-LdapAuthenticationMethod=1)>commit
- Verify the result:
(LdapAuthenticationMethod=1)>show
LdapAuthenticationMethod=1 administrativeState=LOCKED Ldap=1
- Note:
- As long as the LDAP authentication method is locked, only
users authorized by other access control methods for example, LocalAuthentication or local Linux users belonging
to the com-emergency group can start ECLI
or NETCONF sessions. Ongoing ECLI and NETCONF sessions are not affected
by the change.
An ongoing session can be disconnected because of inactivity. At the next logon, the user is possibly not able to access the session again. It is therefore important to stay active in the ongoing session.