Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide

ProcedureTo Configure the Directory Manager

The Directory Manager is the privileged server administrator, comparable to the root user on UNIX systems. Access control does not apply to the Directory Manager.

For most administration tasks, you are not required to use the Directory Manager. Instead, you can use the user cn=admin,cn=Administrators,cn=config, or any other user that you create beneath cn=Administrators,cn=config. The only tasks that require the Directory Manager are changing the root ACI, and replication troubleshooting tasks, such as repairing replication and searching tombstones.

You can change the Directory Manager DN and password, as well as create a file from which the password can be automatically read.

You cannot use DSCC to perform this task. Use the command line, as described in this procedure.

  1. Find the existing Directory Manager DN.

    $ dsconf get-server-prop -h host -p port root-dn
    root-dn:cn=Directory Manager
  2. Modify the Directory Manager settings as required.

    • To modify the Directory Manager DN, type:

      $ dsconf set-server-prop -h host -p port root-dn:new-root-dn

      Use quotes if there are spaces in the Directory Manager DN. For example:

      $ dsconf set-server-prop -h host1 -p 1389 root-dn:"cn=New Directory Manager"
    • To change the Directory Manager password, type:

      $ dsconf set-server-prop -h host -p port root-pwd:new-root-dn-password

      If for security reasons you do not want to pass the clear text password as a command-line argument, create a temporary file for setting the password.

      $ echo password > /tmp/pwd.txt

      This file is read once, and the password is stored for future use. Set the server root password file property.

      $ dsconf set-server-prop -h host -p port root-pwd-file:/tmp/pwd.txt

      This command prompts the server to read the password file. Remove the temporary password file after you have set the password file property.

      $ rm /tmp/pwd.txt