ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzahy_5.4.0.1/rzahyadminaccproj.htm

66 lines
4.1 KiB
HTML

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Directory Server (LDAP) - Grant administrator access to projected users</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link -->
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>
<a name="rzahyadminaccproj"></a>
<h2 id="rzahyadminaccproj">Grant administrator access to projected users</h2>
<p>You can grant administrator access to user profiles that have been given
access to the Directory Server Administrator (QIBM_DIRSRV_ADMIN) function
identifier (ID).</p>
<p>For example, if the user profile JOHNSMITH is granted access to the Directory
Server Administrator function ID and the Grant administrator access to authorized
users option is selected from the Directory property dialog, the JOHNSMITH
profile then has LDAP administrator authority. When this profile is used
to bind to the directory server using the following DN, os400-profile=JOHNSMTH,cn=accounts,os400-sys=systemA.acme.com,
the user has administrator authority. The system objects' suffix in this example
is os400-sys=systemA.acme.com. For more information about projected users,
see <a href="rzahyprojbkend.htm#rzahyprojbkend">Operating system projected backend</a>.</p>
<p>To select this option, take these steps:</p>
<ol type="1">
<li>In iSeries Navigator, expand <span class="bold">Network</span>.</li>
<li>Expand <span class="bold">Servers</span>.</li>
<li>Right-click <span class="bold">Directory</span> and select <span class="bold">Properties</span>.</li>
<li>On the <span class="bold">General</span> tab under <span class="bold">Administrator
information</span>, select the <span class="bold">Grant administrator access to
authorized users</span> option.</li></ol>
<p>To set the Directory Server Administrator authority function ID in a user
profile, take these steps:</p>
<ol type="1">
<li>In iSeries Navigator, right-click the system name and select <span class="bold">Application
Administration</span>.</li>
<li>Click the <span class="bold">Host Applications</span> tab.</li>
<li>Expand <span class="bold">Operating System/400</span>.</li>
<li>Click <span class="bold">Directory Server Administrator</span> to highlight
the option.</li>
<li>Click the <span class="bold">Customize</span> button.</li>
<li>Expand <span class="bold">Users</span>, <span class="bold">Groups</span>, or <span class="bold">Users not in a group</span>, whichever is appropriate for the user
you want.</li>
<li>Select a user or group to be added to the <span class="bold">Access allowed</span> list.</li>
<li>Click the <span class="bold">Add</span> button.</li>
<li>Click <span class="bold">OK</span> to save the changes.</li>
<li> Click <span class="bold">OK</span> on the <span class="bold">Application Administration</span> dialog.</li></ol>
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>