Page created: 6 Nov 2019
|
Page updated: 25 Mar 2020
The PingDirectory Server provides a default root user, cn=Directory
Manager, that is stored in the server's configuration file (for example, under
cn=Root DNs,cn=config). The root user is the LDAP-equivalent of a UNIX
super-user account and inherits its read-write privileges from the default root privilege set.
Root users can be created and updated with the
dsconfig
tool. Root user
entries are stored in the server’s configuration.The following is a
sample command to create a new root user:
bin/dsconfig create-root-dn-user --user-name "Joanne Smith" \ --set last-name:Smith \ --set first-name:Joanne \ --set user-id:jsmith \ --set 'email-address:jsmith@example.com' \ --set mobile-telephone-number:8889997777 \ --set home-telephone-number:5556667777 \ --set work-telephone-number:4445556666
To limit full access to all of the Directory Server, create separate administrator accounts with limited privileges so that you can identify the administrator responsible for a particular change. Having separate user accounts for each administrator also makes it possible to enable password policy functionality (such as password expiration, password history, and requiring secure authentication) for each administrator.