PingDirectory

Managing root user accounts

The directory server provides a default root user, cn=Directory Manager, that is stored in the server’s configuration file, such as under cn=Root DNs,cn=config.

About this task

The root user is the LDAP-equivalent of a UNIX superuser account and inherits its read-write privileges from the default root privilege set.

Steps

  • To create or update root users, use the dscconfig tool.

    Example:

    bin/dsconfig create-root-dn-user --user-name "Joanne Smith" \
  --set last-name:Smith \
  --set first-name:Joanne \
  --set user-id:jsmith \
  --set 'email-address:jsmith@example.com' \
  --set mobile-telephone-number:8889997777 \
  --set home-telephone-number:5556667777 \
  --set work-telephone-number:4445556666

    Root user entries are stored in the server’s configuration.

  • To limit full access to all of the servers, create separate administrator accounts with limited privileges so that you can identify the administrator responsible for a particular change.

    Separate user accounts for each administrator make it possible to enable password policy functionality, such as password expiration, password history, and requiring secure authentication, for each administrator.