Modifying users from external LDAP

Use the ap_external_ldap usermod command to modify privileges for users added from external directories.

About this task

There are two groups defined in the local LDAP server where user IDs can be added:
  • ibmapsysadmins : Members of this group can operate with privileges of apadmin and can execute many commands with sudo privileges.
  • ibmapsysusers: Members of this group are considered common users.
You can change group membership with the following command:
ap_external_ldap usermod -h
usage: ap_external_ldap usermod [-h] -u USERNAME -g {2001,2002}

optional arguments:
  -h, --help            show this help message and exit
  -u USERNAME, --user USERNAME
                        username from LDAP or Active Directory server
  -g {2001,2002}, --groupid {2001,2002}
                        platform groupid: 2001 for ibmapsysadmins, 2002 for
                        ibmapsysusers
                       

Following are the steps to modify a user user1 from your LDAP directory to system OS group ibmapsysadmins.

Procedure

  1. Log in as apadmin or equivalent user into the system node.
  2. Run the following command:
    ap_external_ldap usermod -u user1 -g 2001

Results

The user user1 has elevated administrative privileges.