PingDirectory

Configuring a global administrator

A global administrator is created when replication is enabled and is responsible for managing configuration server groups.

A configuration server group is an administration domain that allows you to synchronize configuration changes to one or all of the servers in the group. For example, you can set up a group when configuring a replication topology where configuration changes to one server can be applied to all of the servers at a time.

Global administrators are stored in the topology registry. These entries are always mirrored between servers in a topology. Global administrators can be assigned privileges like other administrator users but are typically used to manage the data under cn=topology,cn=config and cn=config. You can create new or remove global administrators using the dsconfig tool. The global administrator entries are located in the cn=Topology Admin User, cn=topology,cn=config branch.

Creating a global administrator

Steps

  1. To create a new global administrator, use the create-topology-admin-user option with dsconfig.

    Example:

    $ bin/dsconfig create-topology-admin-user \
      --user-name admin2 \
      --set alternate-bind-dn:cn=admin2 \
      --set password:rootPassword
  2. To verify the creation of the new administrator, use the list-topology-admin-users option with dsconfig.

    Example:

    $ bin/dsconfig list-topology-admin-users
    Topology Admin User : Type
    :_
    admin               : generic
    admin2              : generic

Removing a global administrator

Steps

  1. To delete a global administrator, use the delete-topology-admin-user option with dsconfig.

    Example:

    $ bin/dsconfig delete-topology-admin-user --user-name admin2
  2. To verify the deletion of the global administrator, use the list-topology-admin-users option with dsconfig.

    Example:

    $ bin/dsconfig list-topology-admin-users
    Topology Admin User : Type
    :
    admin               : generic