ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahy_5.4.0.1/rzahyadminaccess.htm

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights                   -->
<!-- Use, duplication or disclosure restricted by            -->
<!-- GSA ADP Schedule Contract with IBM Corp.                -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Directory Server (LDAP) - Administrative access</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link --> 
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>

<img src="delta.gif" alt="Start of change" />
<a name="rzahyadminaccess"></a>
<h3 id="rzahyadminaccess">Administrative access</h3>
<p>The IBM directory server allows the following types of administrative access:</p>
<ul>
<li><span class="bold">Projected i5/OS administrator:</span>  A client authenticated
as a projected user (an LDAP entry representing an operating system user profile)
with *ALLOBJ and *IOSYSCFG special authorities has authority to change the
directory configuration using LDAP interfaces (the cn=configuration subtree,
or the Web administration tool "Server administration" tasks), as well as
act as an LDAP administrator for other directory entries (entries stored in
one of the DB2 suffixes or the schema). Only projected i5/OS administrators
can change the server configuration.</li>
<li><span class="bold">LDAP administrator:</span> The IBM Directory Server allows
a single user ID (DN) to be the primary LDAP server administrator. iSeries&trade; also allows
projected operating system user profiles to be LDAP administrators. The LDAP
server administrators can perform a long list of administrative tasks such
as managing replication, schema, and directory entries. For more information,
see <a href="rzahyadminaccproj.htm#rzahyadminaccproj">Grant administrator access to projected users</a>.</li>
<li><span class="bold">Group of administrative users:</span> A projected i5/OS
administrator can appoint several users to be in the administrative group.
Members of this group can perform many tasks because they have the same administrative
access as an LDAP server administrator. 
<a name="wq52"></a>
<div class="notetitle" id="wq52">Note:</div>
<div class="notebody">When using Web administration,
tasks that have not been granted to administrative group members are disabled.</div></li></ul>
<p>An LDAP administrator or administrative group member can perform the following
server administration tasks:</p>
<ul>
<li>Change their own password</li>
<li>Terminate connections</li>
<li>Enable and change password policy, except for password encryption, which
can only be changed by a projected i5/OS administrator.</li>
<li>Manage unique attributes</li>
<li>Manage the server schema</li>
<li>Manage replication, except for the replication properties task (includes
master server bind DN and password and the default referral), which can only
be performed by a projected i5/OS administrator.</li></ul>
<p>For information on how to create an administrative group, see <a href="rzahyadmingroup.htm#rzahyadmingroup">Work with the administrative group</a>.</p><img src="deltaend.gif" alt="End of change" />
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="utf-8"?>`
			`<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"`
			`"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="dc.language" scheme="rfc1766" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<meta name="dc.date" scheme="iso8601" content="2005-09-06" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow"/>`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<title>Directory Server (LDAP) - Administrative access</title>`
			`<link rel="stylesheet" type="text/css" href="ibmidwb.css" />`
			`<link rel="stylesheet" type="text/css" href="ic.css" />`
			`</head>`
			`<body>`
			`<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->`
			`<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>`

			`<img src="delta.gif" alt="Start of change" />`
			`<a name="rzahyadminaccess"></a>`
			`<h3 id="rzahyadminaccess">Administrative access</h3>`
			`<p>The IBM directory server allows the following types of administrative access:</p>`
			`<ul>`
			`<li><span class="bold">Projected i5/OS administrator:</span> A client authenticated`
			`as a projected user (an LDAP entry representing an operating system user profile)`
			`with ALLOBJ and IOSYSCFG special authorities has authority to change the`
			`directory configuration using LDAP interfaces (the cn=configuration subtree,`
			`or the Web administration tool "Server administration" tasks), as well as`
			`act as an LDAP administrator for other directory entries (entries stored in`
			`one of the DB2 suffixes or the schema). Only projected i5/OS administrators`
			`can change the server configuration.</li>`
			`<li><span class="bold">LDAP administrator:</span> The IBM Directory Server allows`
			`a single user ID (DN) to be the primary LDAP server administrator. iSeries™ also allows`
			`projected operating system user profiles to be LDAP administrators. The LDAP`
			`server administrators can perform a long list of administrative tasks such`
			`as managing replication, schema, and directory entries. For more information,`
			`see <a href="rzahyadminaccproj.htm#rzahyadminaccproj">Grant administrator access to projected users</a>.</li>`
			`<li><span class="bold">Group of administrative users:</span> A projected i5/OS`
			`administrator can appoint several users to be in the administrative group.`
			`Members of this group can perform many tasks because they have the same administrative`
			`access as an LDAP server administrator.`
			`<a name="wq52"></a>`
			`<div class="notetitle" id="wq52">Note:</div>`
			`<div class="notebody">When using Web administration,`
			`tasks that have not been granted to administrative group members are disabled.</div></li></ul>`
			`<p>An LDAP administrator or administrative group member can perform the following`
			`server administration tasks:</p>`
			`<ul>`
			`<li>Change their own password</li>`
			`<li>Terminate connections</li>`
			`<li>Enable and change password policy, except for password encryption, which`
			`can only be changed by a projected i5/OS administrator.</li>`
			`<li>Manage unique attributes</li>`
			`<li>Manage the server schema</li>`
			`<li>Manage replication, except for the replication properties task (includes`
			`master server bind DN and password and the default referral), which can only`
			`be performed by a projected i5/OS administrator.</li></ul>`
			`<p>For information on how to create an administrative group, see <a href="rzahyadmingroup.htm#rzahyadmingroup">Work with the administrative group</a>.</p><img src="deltaend.gif" alt="End of change" />`
			`<a id="Bot_Of_Page" name="Bot_Of_Page"></a>`
			`</body>`
			`</html>`