The root user is the LDAP-equivalent of a UNIX superuser account and inherits its read-write privileges from the default root privilege set.

  • To create or update root users, use the dscconfig tool.
    bin/dsconfig create-root-dn-user --user-name "Joanne Smith" \
      --set last-name:Smith \
      --set first-name:Joanne \
      --set user-id:jsmith \
      --set '' \
      --set mobile-telephone-number:8889997777 \
      --set home-telephone-number:5556667777 \
      --set work-telephone-number:4445556666

    Root user entries are stored in the server's configuration.

  • To limit full access to all of the servers, create separate administrator accounts with limited privileges so that you can identify the administrator responsible for a particular change.

    Separate user accounts for each administrator make it possible to enable password policy functionality, such as password expiration, password history, and requiring secure authentication, for each administrator.