LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
directory server is configured to grant this user administrative access, thus enabling this user
to perform configuration changes.
Some important differences between the Configuration Administrator and the Directory
Manager:
◦ The Configuration Administrator cannot create top-level entries for a new suffix through
an add operation, neither by adding an entry with the Directory Server Console nor by
using the ldapadd tool.
◦ Password policies do not apply to the Directory Manager but do apply to the Configuration
Administrator. However, you can define a separate password policy for the Configuration
Administrator with similar rights as the Directory Manager.
◦ Size, time, and lookthrough limits do not apply to the Directory Manager but do apply
to the Configuration Administrator. However, you can define resource limits for the
Configuration Administrator similar to those of the Directory Manager.
• LDAP-UX Domain Administrator — a user responsible for managing all data in the LDAP-UX
domain. This administrator can add a new HP-UX host to the LDAP-UX domain, create a new
administration domain, and manage all HP-UX OS instances in that domain. This user also
has privileges to log in to any HP-UX host that is a member of the LDAP-UX domain. The default
account name is domadmin. An LDAP-UX Domain Administrator is any user who is a member
of the DomainAdmins group. A subset of the Domain Administrator’s privileges are available
to users defined as members of the UserAdmins and HostAdmins groups.
• Windows Server Administrator — Similar in privilege to both the Directory Manager and the
LDAP-UX Domain Administrator. Typically grants administrative privileges to other users by
setting up security groups and policies. The default account name is administrator.
24 Introduction