Administrative roles and extended operations
Table 1 lists the LDAP server's supported extended operations and the
administrative roles. The intersection specifies whether a specific administrative role has
authority for the extended operation. An LDAP root administrator and master server DN (advanced
replication) have authority to all extended operations. See Supported server controls and Supported extended operations for more information about the supported server controls and extended
operations.
Extended operation or control | Directory admin | Replication admin | Schema admin | Server configuration group member | Password admin | No admin | Operational admin | Root admin |
---|---|---|---|---|---|---|---|---|
Account status extended operation | Yes | No | No | No | No | No | No | Yes |
Cascading control replication extended operation | Yes | Yes | No | No | No | No | No | Yes |
changeLogAddEntry extended operation | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes |
Control replication extended operation | Yes | Yes | No | No | No | No | No | Yes |
Control replication error log extended operation | Yes | Yes | No | No | No | No | No | Yes |
Control replication queue extended operation | Yes | Yes | No | No | No | No | No | Yes |
Effective password policy extended operation | Yes | No | No | No | Yes | No | No | Yes |
GetDnforUserid extended operation | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes |
GetEffectiveAcl extended operation | Yes | No | Yes | Yes | No | No | No | Yes |
GetPrivileges extended operation | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes |
PersistentSearch control | No | No | No | No | No | No | Yes | Yes |
Quiesce or unquiesce context extended operation | Yes | Yes | No | No | No | No | No | Yes |
Remote auditing extended operation | Yes* | Yes* | Yes* | Yes* | Yes* | Yes* | Yes* | Yes* |
Remote authorization extended operation | Yes* | Yes* | Yes* | Yes* | Yes* | Yes* | Yes* | Yes* |
RemoteCryptoCCA extended operation | Yes* | Yes* | Yes* | Yes* | Yes* | Yes* | Yes* | Yes* |
RemoteCryptoPKCS#11 extended operation | Yes* | Yes* | Yes* | Yes* | Yes* | Yes* | Yes* | Yes* |
Replication topology extended operation | Yes | Yes | No | No | No | No | No | Yes |
Start TLS extended operation | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
unloadRequest extended operation | Yes | No | Yes, only if unloading schema | No | No | No | No | Yes |
User type extended operation | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Note: *The administrative roles have no effect on the authority to run the
Remote auditing, Remote authorization, RemoteCryptoCCA, or
RemoteCryptoPKCS#11 extended operations. The bound user must map to a RACF® user that has the appropriate authority. See ICTX plug-in and
Remote crypto plug-in for more information.