Help Center > > User Guide> FusionInsight Manager Operation Guide (Applicable to 3.x)> Security Management> Security Hardening> Hardening the LDAP

Hardening the LDAP

Updated at: Aug 17, 2021 GMT+08:00

Configure the LDAP firewall policy.

In the cluster adopting the dual-plane networking, the LDAP is deployed on the service plane. To ensure the LDAP data security, you are advised to configure the firewall policy for the whole cluster to disable relevant LDAP ports.

  1. Log in to FusionInsight Manager.
  2. Click Cluster > Name of the desired cluster > Services > LdapServer > Configurations.
  3. Check the value of LDAP_SERVER_PORT, which is the service port of LdapServer.
  4. To ensure data security, configure the firewall policy for the whole cluster to disable the LdapServer port based on the customer's firewall environment.

Enable the LDAP Audit Log Output.

Users can set the audit log output level of the LDAP service and output audit logs in a specified directory, for example, /var/log/messages. The logs output can be used to check user activities and operation commands.

If the function of LDAP audit log output is enabled, massive logs are generated, affecting the cluster performance. Exercise caution when enabling this function.

  1. Log in to any LdapServer node.
  2. Run the following command to edit the slapd.conf.consumer file, and set the value of loglevel to 256 (You can view the log level definition by running the man slapd.conf command on the OS).

    cd ${BIGDATA_HOME}/FusionInsight_BASE_8.1.0.1/install/FusionInsight-ldapserver-2.7.0/ldapserver/local/template

    vi slapd.conf.consumer

    pidfile         [PID_FILE_SLAPD_PID] 
    argsfile        [PID_FILE_SLAPD_ARGS] 
    loglevel 256  

  3. Log in to FusionInsight Manager, choose Cluster > Name of the desired cluster > Services > LdapServer > More > Restart Service, enter the administrator password, and restart the service.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?

Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel