Configuring a global administrator
A global administrator is created when replication is enabled and is responsible for managing configuration server groups.
A configuration server group is an administration domain that allows you to synchronize configuration changes to one or all of the servers in the group. For example, you can set up a group when configuring a replication topology where configuration changes to one server can be applied to all of the servers at a time.
Global administrators are stored in the topology registry. These entries are always mirrored between servers in a topology. Global administrators can be assigned privileges like other administrator users but are typically used to manage the data under cn=topology,cn=config
and cn=config
. You can create new or remove global administrators using the dsconfig
tool. The global administrator entries are located in the cn=Topology Admin User,
cn=topology,cn=config
branch.
Creating a global administrator
Steps
-
To create a new global administrator, use the
create-topology-admin-user
option withdsconfig
.Example:
$ bin/dsconfig create-topology-admin-user \ --user-name admin2 \ --set alternate-bind-dn:cn=admin2 \ --set password:rootPassword
-
To verify the creation of the new administrator, use the
list-topology-admin-users
option withdsconfig
.Example:
$ bin/dsconfig list-topology-admin-users Topology Admin User : Type :_ admin : generic admin2 : generic
Removing a global administrator
Steps
-
To delete a global administrator, use the
delete-topology-admin-user
option withdsconfig
.Example:
$ bin/dsconfig delete-topology-admin-user --user-name admin2
-
To verify the deletion of the global administrator, use the
list-topology-admin-users
option withdsconfig
.Example:
$ bin/dsconfig list-topology-admin-users Topology Admin User : Type : admin : generic