Granting administrator access to projected users

Use this information to grant administrator access to user profiles.

You can grant administrator access to user profiles that have been given access to the Directory Server Administrator (QIBM_DIRSRV_ADMIN) function identifier (ID).

For example, if the user profile JOHNSMITH is granted access to the Directory Server Administrator function ID and the Grant administrator access to authorized users option is selected from the Directory property dialog, the JOHNSMITH profile then has LDAP administrator authority. When this profile is used to bind to the directory server using the following DN, os400-profile=JOHNSMTH,cn=accounts,os400-sys=systemA.acme.com, the user has administrator authority. The system objects' suffix in this example is os400-sys=systemA.acme.com.

To select the Grant administrator access to authorized users option and the Directory Server Administrator function ID, take these steps:

  1. In IBM® Navigator for i, expand Network > Servers > TCP/IP Servers.
  2. Right-click IBM Tivoli Directory Server for IBM i and select Properties.
  3. On the General tab under Administrator information, select the Grant administrator access to authorized users option.
  4. In IBM Navigator for i, expand System > Application Administration.
  5. Click the Host Applications tab.
  6. Expand IBM i.
  7. Click IBM Tivoli Directory Server Administrator, then click the popup menu.
  8. Click the Customize button.
  9. Expand All Users, Groups, or Users not in a group, whichever is appropriate for the user you want.
  10. Select a user or group to be added to the Access allowed list.
  11. Click the Add button.
  12. Click OK to save the changes.
  13. Click OK on the Application Administration dialog.