Modifying users from external LDAP
Use the ap_external_ldap usermod command to modify privileges for users added from external directories.
About this task
There are two groups defined in the local LDAP server where user IDs can be added:
ibmapsysadmins
: Members of this group can operate with privileges ofapadmin
and can execute many commands with sudo privileges.ibmapsysusers
: Members of this group are considered common users.
ap_external_ldap usermod -h
usage: ap_external_ldap usermod [-h] -u USERNAME -g {2001,2002}
optional arguments:
-h, --help show this help message and exit
-u USERNAME, --user USERNAME
username from LDAP or Active Directory server
-g {2001,2002}, --groupid {2001,2002}
platform groupid: 2001 for ibmapsysadmins, 2002 for
ibmapsysusers
Following are the steps to modify a user user1
from your LDAP directory to
system OS group ibmapsysadmins
.
Procedure
Results
user1
has elevated administrative privileges.