Adding users from external LDAP to system operation

You need to add user IDs from your external directory to the system groups of Cloud Pak for Data System, so that they can connect to system console and perform system operations just like apadmin.

About this task

There are two groups defined in the local LDAP server where user IDs can be added:
  • ibmapsysadmins : Members of this group can operate with privileges of apadmin and can execute many commands with sudo privileges.
  • ibmapsysusers: Members of this group are considered common users.
Use the following command to add user IDs to one of these groups:
ap_external_ldap useradd -h
usage: ap_external_ldap useradd [-h] -u USERNAME -d DISPLAYNAME -g {2001,2002}
                                -e EMAIL

optional arguments:
  -h, --help            show this help message and exit
  -u USERNAME, --user USERNAME
                        username from LDAP or Active Directory server
  -d DISPLAYNAME, --displayname DISPLAYNAME
                        displayName of user from LDAP or Active Directory
                        server
  -g {2001,2002}, --groupid {2001,2002}
                        platform groupid: 2001 for ibmapsysadmins, 2002 for
                        ibmapsysusers
  -e EMAIL, --email EMAIL
                        email of user from LDAP or Active Directory server

Following are the steps to add a user user1 from your LDAP directory to system OS group ibmapsysadmins.

Procedure

  1. Log in as apadmin or equivalent user into the system node.
  2. Run the following command:
    ap_external_ldap useradd  -u user1 -g 2001 -d user1displayname -e user1@mail.com
    Successfully added LDAP user:user1 to system operation

Results

The user user1 has added to system operations with administrative privileges.