Directory Server can be managed by directory administrators, who belong to the group cn=Administrators,cn=config. These users are subject to a special global ACI that gives them complete access to the directory. The default administrator created with each instance is cn=admin,cn=Administrators,cn=config.
Because these users have real entries, you can add certificates to their entries. This means that the administrator entry you create can bind using an SSL certificate. Furthermore, the server locks the administrative user out after too many failed bind attempts.