Enabling the administrative group and roles
cn=admingroup,cn=configuration
cn=safadmingroup,cn=configuration
By default, the administrative group is not enabled in the LDAP server because the
ibm-slapdAdminGroupEnabled attribute is set to false automatically in the
cn=configuration
entry, if the attribute does not exist. If the
ibm-slapdAdminGroupEnabled attribute is set to true, group members can be added to
member entries under the cn=admingroup,cn=configuration
entry or added as
member attribute values to the cn=safadmingroup,cn=configuration
entry. If
the ibm-slapdAdminGroupEnabled
attribute is deleted, the LDAP server treats the
attribute as if it is set to false. The member attribute can be used to specify a RACF® group as an administrative group member. This allows RACF administrators to assign administrative roles to all members
of a RACF group.
cn=configuration
entry:ldapsearch -D binddn -w passwd -s base -b cn=configuration "objectclass=*" ibm-slapdAdminGroupEnabled
cn=configuration
entry. When successful, this activates the administrative group
and roles
feature:ldapmodify -D binddn -w passwd -f file.ldif
dn: cn=configuration
changetype: modify
replace: ibm-slapdAdminGroupEnabled
ibm-slapdAdminGroupEnabled: true
See CDBM backend configuration and policy entries for more information about the entries and attribute values that affect the administrative group and roles configuration.