Contents
1 Description
This instruction describes how to lock the LDAP authentication method.
In maintenance situations, if needed, the administrator can lock the LDAP authentication to prevent remote LDAP users to access the ME when it is not fully operational. When the LDAP authentication method is locked, the Management Information Base (MIB) is accessed by users authorized by other access control methods for example, LocalAuthentication or local Linux® users belonging to com-emergency group.
The procedure in this document must only be used during troubleshooting.
2 Procedure
2.1 Lock LDAP Authentication Method
Prerequisites
- No documents are required.
- No tools are required.
- The following conditions must apply:
Steps
- Navigate to the LdapAuthenticationMethod managed object, for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1
- Enter Config mode:
(LdapAuthenticationMethod=1)>configure
- Lock the LDAP authentication method:
(config-LdapAuthenticationMethod=1)>administrativeState=LOCKED
- Commit the setting:
(config-LdapAuthenticationMethod=1)>commit
- Verify the result:
(LdapAuthenticationMethod=1)>show
LdapAuthenticationMethod=1 administrativeState=LOCKED Ldap=1
- Note:
- As long as the LDAP authentication method is locked, only
users authorized by other access control methods for example, LocalAuthentication or local Linux users belonging
to the com-emergency group can start ECLI
or NETCONF sessions. Ongoing ECLI and NETCONF sessions are not affected
by the change.
An ongoing session can be disconnected because of inactivity. At the next logon, the user is possibly not able to access the session again. It is therefore important to stay active in the ongoing session.