The root user is the LDAP-equivalent of a UNIX superuser account and inherits its read-write privileges from the default root privilege set.

  • To create or update root users, use the dscconfig tool.
    bin/dsconfig create-root-dn-user --user-name "Joanne Smith" \
      --set last-name:Smith \
      --set first-name:Joanne \
      --set user-id:jsmith \
      --set 'email-address:jsmith@example.com' \
      --set mobile-telephone-number:8889997777 \
      --set home-telephone-number:5556667777 \
      --set work-telephone-number:4445556666
        
    Note:

    Root user entries are stored in the server's configuration.

  • To limit full access to all of Directory Server, create separate administrator accounts with limited privileges so that you can identify the administrator responsible for a particular change.
    Note:

    Separate user accounts for each administrator make it possible to enable password policy functionality, such as password expiration, password history, and requiring secure authentication, for each administrator.