Jo De Troy wrote:

Hi Rich,

what exactly do you mean? Searching for the uid=admin? So adding a user to the Directory Administrators is not good enough. What extra rights does an extra admin user need? And how should I enable these rights for this user? Can I do this from the console? Or do I better do it via an ldif import?

First, look at an LDIF dump of o=netscaperoot and your userdatabase (I suggest using db2ldif:)

./db2ldif -U -s o=netscaperoot -a /tmp/nsroot.ldif

Also do the same for your user suffix e.g. -s "dc=example,dc=com" Use -U to disable line wrapping, which makes using grep easier.

Then, just grep for uid=admin to see which entries have an aci which explicitly calls out uid=admin, and which groups have uid=admin added to them.

Then, do the same for your dse.ldif, in the entries and children of "", cn=schema, cn=config, and cn=monitor. dse.ldif is already in ldif format, so you can just grep it.

Thanks in advance, Jo

    Hello,

    I was wondering what the correct way is to add a extra admin
user (not
    directory manager or admin) who could login via the console to do
    maintenance tasks. Add users/groups, reset passwords, unlock
users,
    restore backups, do imports, etc
    I tried adding a user as uniquemember to the group Directory
    Administrators and I can login to the console but I can only
see the
    domain in the default view I cannot select the server or the admin
    server or directory server console.
    I guess using an aci for every specific user that needs
privileged
    access is not the best way.

No. I suggest searching for the uid=admin user that gets created during setup.

    Thanks in advance,
    Jo


--
Fedora-directory-users mailing list
Fedora-directory-users redhat com
 https://www.redhat.com/mailman/listinfo/fedora-directory-users

---

-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users