Exit Print View

Sun OpenDS Standard Edition 2.0 Architectural Reference

Get PDF Book Print View

Document Information

The Directory Server Access Control Model

Understanding the Directory Server Schema

Index Databases

Understanding Directory Server Plug-Ins

Directory Server Replication

Root Users and the Privilege Subsystem

Root User Accounts

Privilege Subsystem

Assigning Privileges to Normal Users

Assigning Privileges to Root Users

Supported Controls and Operations

Root Users and the Privilege Subsystem

Most LDAP directory servers typically have a single superuser (for example, cn=Directory Manager in the Sun Java System directory server), which is much like the root account in traditional UNIX® systems. This account can bypass access controls and other restrictions that can be enforced for other users. In the directory server , however, two key changes are made to this model: it is possible to define multiple root users, and a privilege subsystem that makes it possible to control capabilities on a more fine-grained level.

This section discusses the following topics: