Help Center/ MapReduce Service/ User Guide/ Managing Clusters/ Managing an MRS Cluster/ Modifying the OMS Service Configuration
Updated on 2025-12-10 GMT+08:00
View PDF

Modifying the OMS Service Configuration

Based on the security requirements of the user environment, you can modify the Kerberos and LDAP configurations in the OMS on FusionInsight Manager.

Notes and Constraints

This section applies only to MRS 3.x or later.

Impact on the System

After the OMS service configuration parameters are modified, the corresponding OMS module needs to be restarted. In this case, FusionInsight Manager cannot be used.

Modifying the OMS Service Configuration

Modifying the okerberos configuration

  1. Log in to FusionInsight Manager of the MRS cluster.

    For details about how to log in to FusionInsight Manager, see Accessing MRS Manager.

  2. Choose System > OMS.
  1. Locate the row that contains okerberos and click Modify Configuration.
  1. Modify the parameters according to Table 1.

    Table 1 okerberos parameters

    Parameter

    Example Value

    Description

    KDC Timeout (ms)

    2500

    Timeout duration for an application to connect to Kerberos, in milliseconds. The value must be an integer.

    Max Retries

    3

    Maximum number of retries for an application to connect to Kerberos, in seconds. The value must be an integer.

    LDAP Timeout (ms)

    3000

    Timeout duration for Kerberos to connect to LDAP, in milliseconds.

    LDAP Search Timeout (ms)

    3000

    Timeout duration for Kerberos to query user information in LDAP, in milliseconds.

    Kadmin Listening Port

    21700

    Port number of the Kadmin service.

    KDC Listening Port

    21701

    Port number of the kinit service.

    Kpasswd Listening Port

    21702

    Port number of the Kpasswd service.

    Reset LDAP Account Password

    -

    Machine-machine users (cn=krbadmin,ou=Users,dc=hadoop,dc=com and cn=krbkdc,ou=Users,dc=hadoop,dc=com) used by Kerberos to access LDAP.

    If this parameter is selected, the passwords will be replaced by random passwords.

    This option is available only in MRS 3.1.2 or later.

  2. Click OK.

    In the displayed dialog box, enter the password of the current login user and click OK. In the displayed confirmation dialog box, click OK.

Modifying the oldap configuration

  1. Locate the row that contains the oldap and click Modify Configuration.
  1. Modify the parameters according to Table 2.

    Table 2 OLDAP parameters

    Parameter

    Example Value

    Description

    LDAP Listening Port

    21750

    Port number of the LDAP service.

    Reset LDAP Account Password

    -

    Machine-machine users (cn=root,dc=hadoop,dc=com and cn=pg_search_dn,ou=Users,dc=hadoop,dc=com) used by LDAP for data management, synchronization, and status check.

    If this parameter is selected, the passwords will be replaced by random passwords.

    This option is available only in MRS 3.1.2 or later.

  2. Click OK.

    In the displayed dialog box, enter the password of the current login user and click OK. In the displayed confirmation dialog box, click OK.

  3. If the LDAP account password is reset, restart ACS.

    1. Log in to the active management node as user omm and run the following command to update the domain configuration: 
      sh ${BIGDATA_HOME}/om-server/om/sbin/restart-RealmConfig.sh

      The command is successfully executed if the following information is displayed:

      Modify realm successfully. Use the new password to log into FusionInsight again.
    2. Run the following command to stop ACS: 
      sh $CONTROLLER_HOME/sbin/acs_cmd.sh stop
    3. Run the following command to start ACS: 
      sh $CONTROLLER_HOME/sbin/acs_cmd.sh start

Restarting the cluster

  1. Log in to FusionInsight Manager of the MRS cluster.

    For details about how to log in to FusionInsight Manager, see Accessing MRS Manager.

  2. Restart the cluster. For details, see Restarting an MRS Cluster.
Parent Topic: Managing an MRS Cluster