Grant administrator access to projected users

You can grant administrator access to user profiles that have been given access to the Directory Server Administrator (QIBM_DIRSRV_ADMIN) function identifier (ID).

For example, if the user profile JOHNSMITH is granted access to the Directory Server Administrator function ID and the Grant administrator access to authorized users option is selected from the Directory property dialog, the JOHNSMITH profile then has LDAP administrator authority. When this profile is used to bind to the directory server using the following DN, os400-profile=JOHNSMTH,cn=accounts,os400-sys=systemA.acme.com, the user has administrator authority. The system objects' suffix in this example is os400-sys=systemA.acme.com. For more information about projected users, see Operating system projected backend.

To select this option, take these steps:

1. In iSeries Navigator, expand Network.
2. Expand Servers.
3. Right-click Directory and select Properties.
4. On the General tab under Administrator information, select the Grant administrator access to authorized users option.

To set the Directory Server Administrator authority function ID in a user profile, take these steps:

1. In iSeries Navigator, right-click the system name and select Application Administration.
2. Click the Host Applications tab.
3. Expand Operating System/400.
4. Click Directory Server Administrator to highlight the option.
5. Click the Customize button.
6. Expand Users, Groups, or Users not in a group, whichever is appropriate for the user you want.
7. Select a user or group to be added to the Access allowed list.
8. Click the Add button.
9. Click OK to save the changes.
10. Click OK on the Application Administration dialog.