friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahy_5.4.0.1/rzahyadminaccess.htm

68 lines
4.1 KiB
HTML
Raw Permalink Blame History

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Directory Server (LDAP) - Administrative access</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<img src="delta.gif" alt="Start of change" />
<a name="rzahyadminaccess"></a>
<h3 id="rzahyadminaccess">Administrative access</h3>
<p>The IBM directory server allows the following types of administrative access:</p>
<ul>
<li><span class="bold">Projected i5/OS administrator:</span> A client authenticated
as a projected user (an LDAP entry representing an operating system user profile)
with *ALLOBJ and *IOSYSCFG special authorities has authority to change the
directory configuration using LDAP interfaces (the cn=configuration subtree,
or the Web administration tool "Server administration" tasks), as well as
act as an LDAP administrator for other directory entries (entries stored in
one of the DB2 suffixes or the schema). Only projected i5/OS administrators
can change the server configuration.</li>
<li><span class="bold">LDAP administrator:</span> The IBM Directory Server allows
a single user ID (DN) to be the primary LDAP server administrator. iSeries&trade; also allows
projected operating system user profiles to be LDAP administrators. The LDAP
server administrators can perform a long list of administrative tasks such
as managing replication, schema, and directory entries. For more information,
see <a href="rzahyadminaccproj.htm#rzahyadminaccproj">Grant administrator access to projected users</a>.</li>
<li><span class="bold">Group of administrative users:</span> A projected i5/OS
administrator can appoint several users to be in the administrative group.
Members of this group can perform many tasks because they have the same administrative
access as an LDAP server administrator.
<a name="wq52"></a>
<div class="notetitle" id="wq52">Note:</div>
<div class="notebody">When using Web administration,
tasks that have not been granted to administrative group members are disabled.</div></li></ul>
<p>An LDAP administrator or administrative group member can perform the following
server administration tasks:</p>
<ul>
<li>Change their own password</li>
<li>Terminate connections</li>
<li>Enable and change password policy, except for password encryption, which
can only be changed by a projected i5/OS administrator.</li>
<li>Manage unique attributes</li>
<li>Manage the server schema</li>
<li>Manage replication, except for the replication properties task (includes
master server bind DN and password and the default referral), which can only
be performed by a projected i5/OS administrator.</li></ul>
<p>For information on how to create an administrative group, see <a href="rzahyadmingroup.htm#rzahyadmingroup">Work with the administrative group</a>.</p><img src="deltaend.gif" alt="End of change" />
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink