< Home

LDAP Server Authentication Security

Overview

If administrator information is stored on an LDAP server, the device needs to interact with the LDAP server to identify administrators. To improve packet transmission security between the device and LDAP server, configure TCP-based SSL encryption.

To increase security, ensure that the administrator password meets the minimum complexity requirement. That is, the password must at least six characters in at least three of the following types, including upper-case letters, lower-case letters, digits, and special characters.

Impact on the System

None

Procedure

  1. Configure the administrator DN and password for accessing the LDAP server. The system will convert the character string into a cipher text and save it in the configuration file.

    <HUAWEI> system-view 
[HUAWEI] ldap-server template temp1 
[HUAWEI-ldap-temp1] ldap-server authentication manager dn Admin@1234 Admin@1234

  2. When configuring the IP address of the LDAP server, you need to know SSL parameter settings, so that the device can interact with the LDAP server through LDAP over SSL. The device uses the CA certificate to verify the validity of the LDAP server.

    <HUAWEI> system-view 
[HUAWEI] ldap-server template temp1 
[HUAWEI-ldap-temp1] ldap-server authentication 10.1.1.1 636 ssl

Checking the Security Hardening Result

Run the display ldap-server template command to check whether the configuration of the LDAP server template is correct.

Parent Topic: Management Plane Security (Level-2)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >