Updated on 2024-09-23 GMT+08:00

Configuring LDAP Output Audit Logs

Users can set the audit log output level of the LDAP service and output audit logs in a specified directory, for example, /var/log/messages. The logs output can be used to check user activities and operation commands.

  • Enabling LDAP audit log output can generate a large number of logs, impacting cluster performance. Use this feature with caution.
  • This topic is available for MRS 3.x or later.

Configuring the LDAP Firewall Policy

In the cluster adopting the dual-plane networking, the LDAP is deployed on the service plane. To ensure the LDAP data security, you are advised to configure the firewall policy in the cluster to disable relevant LDAP ports.

  1. Log in to FusionInsight Manager.
  2. Choose Cluster > Services > LdapServer and click Configurations.
  3. Check the value of LDAP_SERVER_PORT, which is the service port of LdapServer.
  4. To ensure data security, configure the firewall policy for the whole cluster to disable the LdapServer port based on the customer's firewall environment.

Enabling the LDAP Audit Log Output

  1. Log in to any LdapServer node.
  2. Run the following command to edit the slapd.conf.consumer file, and set the value of loglevel to 256 (you can run the man slapd.conf command on the OS to view the log level definition).

    cd ${BIGDATA_HOME}/FusionInsight_BASE_8.1.0.1/install/FusionInsight-ldapserver-2.7.0/ldapserver/local/template

    vi slapd.conf.consumer

    ... 
    pidfile         [PID_FILE_SLAPD_PID] 
    argsfile        [PID_FILE_SLAPD_ARGS] 
    loglevel   256 
    ...

  3. Log in to FusionInsight Manager and choose Cluster > Services > LdapServer. Click More and select Restart Service. In the displayed dialog box, verify the current user identity, and restart the service.