Hardening the LDAP
Configure the LDAP firewall policy.
In the cluster adopting the dual-plane networking, the LDAP is deployed on the service plane. To ensure the LDAP data security, you are advised to configure the firewall policy for the whole cluster to disable relevant LDAP ports.
- Log in to FusionInsight Manager.
- Click Cluster > Name of the desired cluster > Services > LdapServer > Configurations.
- Check the value of LDAP_SERVER_PORT, which is the service port of LdapServer.
- To ensure data security, configure the firewall policy for the whole cluster to disable the LdapServer port based on the customer's firewall environment.
Enable the LDAP Audit Log Output.
Users can set the audit log output level of the LDAP service and output audit logs in a specified directory, for example, /var/log/messages. The logs output can be used to check user activities and operation commands.
If the function of LDAP audit log output is enabled, massive logs are generated, affecting the cluster performance. Exercise caution when enabling this function.
- Log in to any LdapServer node.
- Run the following command to edit the slapd.conf.consumer file, and set the value of loglevel to 256 (You can view the log level definition by running the man slapd.conf command on the OS).
cd ${BIGDATA_HOME}/FusionInsight_BASE_8.1.0.1/install/FusionInsight-ldapserver-2.7.0/ldapserver/local/template
vi slapd.conf.consumer
... pidfile [PID_FILE_SLAPD_PID] argsfile [PID_FILE_SLAPD_ARGS] loglevel 256 ...
- Log in to FusionInsight Manager, choose Cluster > Name of the desired cluster > Services > LdapServer > More > Restart Service, enter the administrator password, and restart the service.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
