Help Center > > User Guide> FusionInsight Manager Operation Guide (Applicable to 3.x)> Security Management> Account Management> Account Security Settings> Unlocking LDAP Users and Management Accounts

Unlocking LDAP Users and Management Accounts

Updated at: Sep 02, 2021 GMT+08:00


If the LDAP user cn=pg_search_dn,ou=Users,dc=hadoop,dc=com and LDAP management accounts cn=krbkdc,ou=Users,dc=hadoop,dc=com and cn=krbadmin,ou=Users,dc=hadoop,dc=com are locked, the administrator must unlock these accounts.

If you input an incorrect password for the LDAP user or management account for five consecutive times, the LDAP user or management account is locked. The account is automatically unlocked after 5 minutes.


  1. Log in to the active management node as user omm using the management IP address.
  2. Run the following command to switch the specified directory:

    cd ${BIGDATA_HOME}/om-server/om/ldapserver/ldapserver/local/script

  3. Run the following command to unlock the LDAP user or management account:

    ./ USER_NAME

    In the command, USER_NAME indicates the name of the user to be unlocked.

    For example, to unlock the LDAP management account cn=krbkdc,ou=Users,dc=hadoop,dc=com, run the following command:

    ./ krbkdc

    After the script is executed, enter the password of user krbkdc behind ROOT_DN_PASSWORD. If the following information is displayed, the account is successfully unlocked.

    Unlock user krbkdc successfully.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?

Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel