The administrative group provides the ability to provide administrative capabilities without having to share a single ID and password among the administrators. Members of the administrative group have their own unique IDs and passwords. The administrative group member DNs must not match each other, and they must also not match the IBM Directory Server administrator's DN. Conversely, the IBM Directory Server administrator DN must not match the DN of any administrative group member.
This rule also applies to the Kerberos or Digest-MD5 IDs of the IBM Directory Server administrator and the administrative group members. These DNs must not match any of the IBM Directory Server's replication supplier DNs. This also means that IBM Directory Server's replication supplier DNs must not match any of the administrative group member DNs or the IBM Directory Server administrator DN.
For more information, see:
Related information