LDAP-UX Client Services B.05.00 Administrator's Guide
• Administration domain (Admin domain) — for HP-UX Directory Server, a container entry
for server groups, with each server group containing directory server instances that are
managed by the same Configuration Directory Server. This domain is administered by the
Configuration Administrator. Using the hpds-idm-console, the Configuration Administrator
can view and manage all the HP-UX directory server instances in this domain. The
Configuration Directory Server (configuration directory) is used by the hpds-idm-console
to discover and manage information about this domain.
2.3.4 Administrators and managers in the LDAP-UX directory server environment
A variety of administrators and managers may be created and involved in the LDAP-UX
environment:
• Directory Manager — a unique, powerful user established when a directory server is created.
The Directory Manager is the “super user” who typically has the responsibility of repairing
and recovering from errors in configuration. The Directory Manager is a special entry that
does not have to conform to directory server access control policies. The Directory Manager
can correct problems that affect users who do not have access control privileges to do so.
There is no directory entry for the Directory Manager user; it is used only for authentication.
You cannot create an actual Directory Server entry that uses the same distinguished name
(DN) as the Directory Manager DN.
The LDAP-UX guided installation establishes the Directory Manager for a newly-created
directory server as cn=Directory Manager, and requests that you set up a password for
this user.
• Configuration Administrator (also known as the Directory Administrator) — a user
responsible for managing the directory servers in the directory server administration domain.
This user is the “super user” that manages all Directory Server and Administration Server
instances through the Directory Server Console. The default Directory Administrator user
name is admin. Every Directory Server is configured to grant this user administrative access,
thus allowing this user to perform configuration changes.
Some important differences between the Configuration Administrator and the Directory
Manager:
— The Configuration Administrator cannot create top-level entries for a new suffix through
an add operation, neither by adding an entry with the Directory Server Console nor by
using the ldapadd tool.
— Password policies do not apply to the Directory Manager but do apply to the
Configuration Administrator. However, you can define a separate password policy for
the Configuration Administrator with similar rights as the Directory Manager.
— Size, time, and lookthrough limits do not apply to the Directory Manager but do apply
to the Configuration Administrator. However, you can define resource limits for the
Configuration Administrator similar to those of the Directory Manager.
• LDAP-UX Domain Administrator — a user responsible for managing all data in the
LDAP-UX domain. This administrator can add a new HP-UX host to the LDAP-UX domain,
create a new administration domain, and manage all HP-UX OS instances in that domain.
This user also has privileges to log in to any HP-UX host that is a member of the LDAP-UX
domain. The default account name is domadmin. An LDAP-UX Domain Administrator is
any user who is a member of the DomainAdmins group. A subset of the Domain
Administrator’s privileges are available to users defined as members of the UserAdmins
and HostAdmins groups.
2.3.5 Using the guided installation autosetup command—syntax and options
You can run the autosetup script interactively, responding to prompts to provide information.
You can pass parameters in the command line to reduce the need for providing input during the
38 Installing and configuring LDAP-UX Client Services