Adding users from external LDAP to system operation

You need to add user IDs from your external directory to the system groups of Cloud Pak for Data System, so that they can connect to system console and perform system operations just like apadmin.

About this task

There are two groups defined in the local LDAP server where user IDs can be added:
  • ibmapsysadmins : Members of this group can operate with privileges of apadmin and can execute many commands with sudo privileges.
  • ibmapsysusers: Members of this group are considered common users.
Use the following command to add user IDs to one of these groups:
ap_external_ldap useradd -h
usage: ap_external_ldap useradd [-h] -u USERNAME -d DISPLAYNAME -g {2001,2002}
                                -e EMAIL

optional arguments:
  -h, --help            show this help message and exit
                        username from LDAP or Active Directory server
                        displayName of user from LDAP or Active Directory
  -g {2001,2002}, --groupid {2001,2002}
                        platform groupid: 2001 for ibmapsysadmins, 2002 for
  -e EMAIL, --email EMAIL
                        email of user from LDAP or Active Directory server

Following are the steps to add a user user1 from your LDAP directory to system OS group ibmapsysadmins.


  1. Log in as apadmin or equivalent user into the system node.
  2. Run the following command:
    ap_external_ldap useradd  -u user1 -g 2001 -d user1displayname -e
    Successfully added LDAP user:user1 to system operation


The user user1 has added to system operations with administrative privileges.