| This paper discusses a Lightweight Directory Access Protocol (LDAP)-based enterprise in the IT departments centralized management server appliance solution for the user, the program has been successfully deployed in a large state-owned banks, but only for a particular program does not pin a particular industry, but applies to all corporate IT services.With the deepening of enterprise information construction, enterprise applications are increasing the number of rooms in a substantial increase in server appliance, enterprise systems management and IT department operators tend to need to manage dozens of servers or hundreds of devices, as server administrator user, functional users, there is no uniform bulk user management, system management and operational personnel for the landing of different server or system Xuyao remember a lot of users and passwords; owing to user large quantity, such as password expiration increases the implementation management strategies such as the difficulty of the user, but also not conducive to post-corporate IT departments and security departments in the implementation of the internal audit department audits and prosecution. This requires use of techniques related to the original decentralized systems and applications into the centralized management of users, and system maintenance and operations personnel to establish the real name system account, and establish the appropriate role, to achieve separation of duty and assigned to individuals.This article were involved in the deployment target machine room in the enterprise, the enterprise IT department managed by a server device, does not involve the user's PC office of office machines; this article were discussed in both centralized management of users on the system server device users as well as responsible for the maintenance, management, operations, corporate IT departments monitor the server system management, operations, auditors users, office users are not involved. Under the program, businesses in the IT department for system management operations personnel to develop the real name system account, and centrally stored in the LDAP server; system management operators to use real names account login system, and convert to a different user to complete different operations, the whole operation process, the system will achieve a comprehensive logging, and system logs centrally stored in the log server; corporate IT departments security managers through the logged in user management system and log management server operators to operate the system audit process.Centralized management system through the implementation of the user, to improve the management of enterprise IT security management related to providing an effective management tool, simplifies system management operations staff to maintain the system's complexity. |
PDF Full Text Request