An administrator account is any account in the user backend that is assigned one or more privileges or is given access to read and write operations beyond that of a normal user entry.
The privilege mechanism is the same as that used for root distinguished name (DN) accounts and allows individual privileges to be assigned to an administrator entry.
Typically, administrator user entries are controlled by access control evaluation to limit
access to the entire set of data in the directory information tree (DIT). You can grant
fine-grained read and write access using the access control definitions available through
aci attribute. Administrator entries reside in the backend
configuration, for example,
uid=admin,dc=example,dc=com, and are
replicated between servers in a replication topology.
The following examples show how to configure administrator accounts:
- The first procedure shows how to set up a single, generic
uid=admin,dc=example,dc=comaccount with limited privileges.Note:
If you generated sample data at install, you can view an example
uid=adminentry using ldapsearch.
- The second example shows a more realistic example where the user is part of the administrators group.
Both examples are based on a simple DIT. Actual deployment cases depend on your schema.