We are pleased to announce a significant enhancement to the security and reliability of our LDAP administration, primarily on the EUMETSAT side of the EWC.
In response to intermittent LDAP issues that were causing disruptions, we have successfully resolved the underlying challenges. These issues were primarily related to the admin account getting locked out due to too many failed login attempts, often stemming from brute force attempts.
Our solution involves several key steps:
Introducing ipaadmin_username in Cypher: To mitigate these issues, we have introduced a new parameter, 'ipaadmin_username,' in Cypher (Morpheus → Tools → Cypher). This parameter allows us to employ a unique and less guessable name for the LDAP admin user, making brute force attempts less likely to impact this user ID.
Workflow Updates: We've updated all workflows to use the ipaadmin_username variable instead of the "admin" username, ensuring a seamless transition.
Tenancy-Specific Implementation: For our existing tenancies, we have introduced a new admin user with the new, unique name and ensured it is reflected in their Cypher configurations. It's important to note that the 'admin' user will be disabled soon. We encourage all tenants to use this new custom LDAP admin user for all admin related LDAP activities.
Action Required: We kindly request that all users and tenants promptly adopt this change, as the 'admin' user will be disabled. The new custom LDAP admin user now serves as the primary LDAP user for all admin related operations.
Potential Outcome of Not Adopting the Change: Failing to embrace this change may result in LDAP failures that are challenging to troubleshoot, particularly for larger tenancies.
We appreciate your cooperation in making this transition. If you have any questions or need assistance with this change, please feel free to reach out to our support team.
Thank you for your understanding and continued commitment to maintaining the security and stability of our systems.