O'Reilly logo

LDAP Implementation Cookbook by Permana Widhiasta, Harri Stranden, Michel Melot, Heinz Johner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

4.2. Centralized versus Distributed Administration

The directory administrator (the user with the root DN) is, by default, the only one person who can administer information in the directory. At times, it will be necessary to allow other users to have administrative privileges on all or portions of the directory. The Directory Information Tree (DIT) can be divided into administrative areas; the directory administrator can give other distinguished names (DNs) full privileges to manage some subsection of the directory. In order to grant a user administrative permission to a subtree, that user DN must be specified in the entry owner attribute. The administrative domain will be delimited by the value of an owner inheritance attribute (OwnerPropagate); ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required