Modifying the OMS Service Configuration
Based on the security requirements of the user environment, you can modify the Kerberos and LDAP configurations in the OMS on FusionInsight Manager.
This section applies only to MRS 3.x or later.
Impact on the System
After the OMS service configuration parameters are modified, the corresponding OMS module needs to be restarted. In this case, FusionInsight Manager cannot be used.
Modifying the OMS Service Configuration
Modifying the okerberos configuration
- Log in to FusionInsight Manager and choose System > OMS.
- Locate the row that contains okerberos and click Modify Configuration.
- Modify the parameters according to Table 1.
Table 1 okerberos parameters Parameter
Description
KDC Timeout (ms)
Timeout duration for an application to connect to Kerberos, in milliseconds. The value must be an integer.
Max Retries
Maximum number of retries for an application to connect to Kerberos, in seconds. The value must be an integer.
LDAP Timeout (ms)
Timeout duration for Kerberos to connect to LDAP, in milliseconds.
LDAP Search Timeout (ms)
Timeout duration for Kerberos to query user information in LDAP, in milliseconds.
Kadmin Listening Port
Port number of the Kadmin service.
KDC Listening Port
Port number of the kinit service.
Kpasswd Listening Port
Port number of the Kpasswd service.
Reset LDAP Account Password
Machine-machine users (cn=krbadmin,ou=Users,dc=hadoop,dc=com and cn=krbkdc,ou=Users,dc=hadoop,dc=com) used by Kerberos to access LDAP.
If this parameter is selected, the passwords will be replaced by random passwords.
NOTE:This parameter is available only in MRS 3.1.2 or later.
- Click OK.
In the displayed dialog box, enter the password of the current login user and click OK. In the displayed confirmation dialog box, click OK.
Modifying the oldap configuration
- Locate the row that contains the oldap and click Modify Configuration.
- Modify the parameters according to Table 2.
Table 2 OLDAP parameters Parameter
Description
LDAP Listening Port
Port number of the LDAP service.
Reset LDAP Account Password
Machine-machine users (cn=root,dc=hadoop,dc=com and cn=pg_search_dn,ou=Users,dc=hadoop,dc=com) used by LDAP for data management, synchronization, and status check.
If this parameter is selected, the passwords will be replaced by random passwords.
NOTE:This parameter is available only in MRS 3.1.2 or later.
- Click OK.
In the displayed dialog box, enter the password of the current login user and click OK. In the displayed confirmation dialog box, click OK.
To reset the password of the LDAP account, you need to restart ACS. The procedure is as follows:
- Log in to the active management node as user omm using PuTTY, and run the following command to update the domain configuration:
sh ${BIGDATA_HOME}/om-server/om/sbin/restart-RealmConfig.sh
The command is run successfully if the following information is displayed:
Modify realm successfully. Use the new password to log into FusionInsight again.
- Run the sh $CONTROLLER_HOME/sbin/acs_cmd.sh stop command to stop ACS.
- Run the sh $CONTROLLER_HOME/sbin/acs_cmd.sh start command to start ACS.
- Log in to the active management node as user omm using PuTTY, and run the following command to update the domain configuration:
Restarting the cluster
- Log in to FusionInsight Manager and restart the cluster by referring to Restarting an MRS Cluster.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot