Administrative roles and extended operations

Table 1 lists the LDAP server's supported extended operations and the administrative roles. The intersection specifies whether a specific administrative role has authority for the extended operation. An LDAP root administrator and master server DN (advanced replication) have authority to all extended operations. See Supported server controls and Supported extended operations for more information about the supported server controls and extended operations.

Table 1. Administrative roles authorized to issue various extended operations and controls
Extended operation or control	Directory admin	Replication admin	Schema admin	Server configuration group member	Password admin	No admin	Operational admin	Root admin
Account status extended operation	Yes	No	No	No	No	No	No	Yes
Cascading control replication extended operation	Yes	Yes	No	No	No	No	No	Yes
changeLogAddEntry extended operation	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes
Control replication extended operation	Yes	Yes	No	No	No	No	No	Yes
Control replication error log extended operation	Yes	Yes	No	No	No	No	No	Yes
Control replication queue extended operation	Yes	Yes	No	No	No	No	No	Yes
Effective password policy extended operation	Yes	No	No	No	Yes	No	No	Yes
GetDnforUserid extended operation	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes
GetEffectiveAcl extended operation	Yes	No	Yes	Yes	No	No	No	Yes
GetPrivileges extended operation	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes
PersistentSearch control	No	No	No	No	No	No	Yes	Yes
Quiesce or unquiesce context extended operation	Yes	Yes	No	No	No	No	No	Yes
Remote auditing extended operation	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*
Remote authorization extended operation	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*
RemoteCryptoCCA extended operation	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*
RemoteCryptoPKCS#11 extended operation	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*	Yes^*
Replication topology extended operation	Yes	Yes	No	No	No	No	No	Yes
Start TLS extended operation	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes
unloadRequest extended operation	Yes	No	Yes, only if unloading schema	No	No	No	No	Yes
User type extended operation	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes

Note: ^*The administrative roles have no effect on the authority to run the Remote auditing, Remote authorization, RemoteCryptoCCA, or RemoteCryptoPKCS#11 extended operations. The bound user must map to a RACF® user that has the appropriate authority. See ICTX plug-in and Remote crypto plug-in for more information.