Granting administrator access to projected users

 

Use this information to grant administrator access to user profiles.

You can grant administrator access to user profiles that have been given access to the Directory Server Administrator (QIBM_DIRSRV_ADMIN) function identifier (ID).

For example, if the user profile JOHNSMITH is granted access to the Directory Server Administrator function ID and the Grant administrator access to authorized users option is selected from the Directory property dialog, the JOHNSMITH profile then has LDAP administrator authority. When this profile is used to bind to the directory server using the following DN, os400-profile=JOHNSMTH,cn=accounts,os400-sys=systemA.acme.com, the user has administrator authority. The system objects' suffix in this example is os400-sys=systemA.acme.com.

To select the Grant administrator access to authorized users option and the Directory Server Administrator function ID, take these steps:

1. In iSeries™ Navigator, expand Network.

2. Expand Servers.

3. Right-click Directory and select Properties.

4. On the General tab under Administrator information, select the Grant administrator access to authorized users option.

5. In iSeries Navigator, right-click the system name and select Application Administration.

6. Click the Host Applications tab.

7. Expand Operating System/400.

8. Click Directory Server Administrator to highlight the option.

9. Click the Customize button.

10. Expand Users, Groups, or Users not in a group, whichever is appropriate for the user you want.

11. Select a user or group to be added to the Access allowed list.

12. Click the Add button.

13. Click OK to save the changes.

14. Click OK on the Application Administration dialog.

 

Parent topic:

General administration tasks

 

Related concepts

Administrative access
Operating system projected backend