Sometimes it is useful to grant certain users the same rights as the Directory Manager for a suffix. At Example.com, Kirsten Vaughan is an administrator for Directory Server. She has a role of superAdmin. This role has the following advantages:
Better security because administrators binding as themselves can be forced to use strong authentication such as SSL
Better security because the Directory Manager password is known by fewer people
More traceability through logging
Adding Kirsten Vaughan to the cn=Administrators,cn=config group would also grant her the same rights as Directory Manager.
To give a user the same rights as the Directory Manager for the whole server, follow the procedure in To Create an Administration User with Root Access.
In LDIF, to grant the administrator Kirsten Vaughan the same rights as a Directory Manager, use the following statement:
aci: (targetattr="*") (version 3.0; acl "Full Access"; allow (all) groupdn= "ldap:///cn=SuperAdmin,dc=example,dc=com" and authmethod="ssl" ;)
This example assumes that the ACI is added to the root entry "" (no text).