do we have an option to create another “admin” user in openldap. please guide.
On 19/01/17 13:04, sharfuddin wrote:
[color=blue]
do we have an option to create another “admin” user in openldap. please
guide.[/color]
In the absence of any reply, a quick search found
http://www.openldap.org/lists/openldap-software/200411/msg00511.html
HTH.
Simon
SUSE Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
Hi sharfuddin,
please define “admin” and “another”:
-
“admin” for what? User that has permissions to create/update/delete entries in/from the LDAP tree - or Linux system admin (AKA “root”) - or some other software’s admin?
-
“another” from which first?
If you’re talking about managing LDAP entries, your “first admin” is probably the database root user and Simon’s response is pointing in the right direction: Skip using the “root” user for anything but major OpenLDAP administration tasks, and rather create an user account per person to have administrative rights on LDAP entries and create proper ACLs to grant the required rights to these admin user accounts.
The root user is able to do anything, including updating entries in replicated databases. This leaves too many options for user errors, and using the db root for regular content administration is something to avoid.
Regards,
J