The number of additional EIM users that you define depends on your security policy's emphasis on the separation of security duties and responsibilities.
Now that you finished this scenario, the only EIM user you have defined that EIM can use is the DN for the LDAP administrator. The LDAP administrator DN that you specified for the system user on Systems A and B has a high level of authority to all data on the directory server. Therefore, you might consider creating one or more DNs as additional users that have more appropriate and limited access control for EIM data. Typically, you might create at least the two following types of DNs:
This EIM administrator DN provides the appropriate level of authority for an administrator who is responsible for managing the EIM domain. This EIM administrator DN can be used to connect to the domain controller when managing all aspects of the EIM domain by means of iSeries™ Navigator.
To use this new DN for the system user instead of the LDAP administrator DN, change the EIM configuration properties for each system. For this scenario, you need to change the EIM configuration properties for both Systems A and B. See the information about managing EIM configuration properties to learn how to change the system user DN.
Related concepts
EIM access control IBM Directory Server for iSeries (LDAP)