JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0)
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

Part I Directory Server Administration

1.  Directory Server Tools

2.  Directory Server Instances and Suffixes

3.  Directory Server Configuration

Displaying the Configuration of Directory Server Instance

Modifying the Configuration Using DSCC

Modifying the Configuration From the Command Line

Modifying the dse.ldif File

Configuring Administration Users

To Create an Administration User with Root Access

To Configure the Directory Manager

Protecting Configuration Information

Changing Directory Server Port Numbers

To Modify a Port Number, Enable a Port, and Disable a Port

Configuring DSML

To Enable the DSML-over-HTTP Service

To Disable the DSML-over-HTTP Service

To Configure DSML Security

DSML Identity Mapping

To Define a New Identity Mapping for HTTP Headers

Setting the Server as Read-Only

To Enable or Disable the Server Read-Only Mode

Configuring Memory

Priming Caches

To Modify Database Cache

To Monitor Database Cache

To Monitor Entry Cache

To Modify Entry Cache

To Configure Heap Memory Threshold

Setting Resource Limits For Each Client Account

To Configure Search Limit

4.  Directory Server Entries

5.  Directory Server Security

6.  Directory Server Access Control

7.  Directory Server Password Policy

8.  Directory Server Backup and Restore

9.  Directory Server Groups, Roles, and CoS

10.  Directory Server Replication

11.  Directory Server Schema

12.  Directory Server Indexing

13.  Directory Server Attribute Value Uniqueness

14.  Directory Server Logging

15.  Directory Server Monitoring

Part II Directory Proxy Server Administration

16.  Directory Proxy Server Tools

17.  Directory Proxy Server Instances

18.  LDAP Data Views

19.  Directory Proxy Server Certificates

20.  Directory Proxy Server Load Balancing and Client Affinity

21.  Directory Proxy Server Distribution

22.  Directory Proxy Server Virtualization

23.  Virtual Data Transformations

24.  Connections Between Directory Proxy Server and Back-End LDAP Servers

25.  Connections Between Clients and Directory Proxy Server

26.  Directory Proxy Server Client Authentication

27.  Directory Proxy Server Logging

28.  Directory Proxy Server Monitoring and Alerts

Part III Directory Service Control Center Administration

29.  Directory Service Control Center Configuration

Index

Configuring Administration Users

Directory Server contains default administration users, the Directory Manager and the cn=admin,cn=Administrators,cn=config user. Both of these users have the same access rights, but cn=admin,cn=Administrators,cn=config is subject to ACIs.

This section explains how to create an administration user with root access, and how to configure the Directory Manager.

To Create an Administration User with Root Access

If you want to create a new administration user with the same rights as cn=admin,cn=Administrators,cn=config, create the new user in the group cn=Administrators,cn=config. All users in this group are subject to a global ACI that allows the same access as the Directory Manager.

You cannot use DSCC to perform this task. Use the command line, as described in this procedure.

To Configure the Directory Manager

The Directory Manager is the privileged server administrator, comparable to the root user on UNIX systems. Access control does not apply to the Directory Manager.

For most administration tasks, you are not required to use the Directory Manager. Instead, you can use the user cn=admin,cn=Administrators,cn=config, or any other user that you create beneath cn=Administrators,cn=config. The only tasks that require the Directory Manager are changing the root ACI, and replication troubleshooting tasks, such as repairing replication and searching tombstones.

You can change the Directory Manager DN and password, as well as create a file from which the password can be automatically read.

You cannot use DSCC to perform this task. Use the command line, as described in this procedure.

  1. Find the existing Directory Manager DN.
    $ dsconf get-server-prop -h host -p port root-dn
root-dn:cn=Directory Manager
  2. Modify the Directory Manager settings as required.

    • To modify the Directory Manager DN, type:

      $ dsconf set-server-prop -h host -p port root-dn:new-root-dn

      Use quotes if there are spaces in the Directory Manager DN. For example:

      $ dsconf set-server-prop -h host1 -p 1389 root-dn:"cn=New Directory Manager"

    • To change the Directory Manager password, type:

      Create a temporary file for setting the password. This file is read once, and the password is stored for future use.

      $ echo password > /tmp/pwd.txt

      Set the server root password file property.

      $ dsconf set-server-prop -h host -p port root-pwd-file:/tmp/pwd.txt

      This command prompts the server to read the password file. Remove the temporary password file after you have set the password file property.

      $ rm /tmp/pwd.txt
Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next