The
configuration contains all the Root DN Users defined in the
directory server. In addition, it also defines the default set of
privileges that Root DN Users automatically inherit.
ds-cfg-root-dn
top
cn
Specifies the names of the privileges that root users will be
granted by default.
bypass-lockdown
bypass-acl
modify-acl
config-read
config-write
ldif-import
ldif-export
backend-backup
backend-restore
server-lockdown
server-shutdown
server-restart
disconnect-client
cancel-request
password-reset
update-schema
privilege-change
unindexed-search
subentry-write
Allows the associated user to bypass server lockdown mode.
Allows the associated user to bypass access control checks
performed by the server.
Allows the associated user to modify the server's access
control configuration.
Allows the associated user to read the server configuration.
Allows the associated user to update the server
configuration. The config-read privilege is also required.
Allows the associated user to perform JMX read operations.
Allows the associated user to perform JMX write operations.
Allows the associated user to subscribe to receive JMX
notifications.
Allows the user to request that the server process LDIF
import tasks.
Allows the user to request that the server process LDIF
export tasks.
Allows the user to request that the server process backup
tasks.
Allows the user to request that the server process restore
tasks.
Allows the user to place and bring the server of lockdown mode.
Allows the user to request that the server shut down.
Allows the user to request that the server perform an
in-core restart.
Allows the user to use the proxied authorization control, or
to perform a bind that specifies an alternate authorization
identity.
Allows the user to terminate other client connections.
Allows the user to cancel operations in progress on other
client connections.
Allows the user to reset user passwords.
Allows the user to participate in data synchronization.
Allows the user to make changes to the server schema.
Allows the user to make changes to the set of defined root
privileges, as well as to grant and revoke privileges for
users.
Allows the user to request that the server process a search
that cannot be optimized using server indexes.
Allows the associated user to perform LDAP subentry write
operations.
ds-cfg-default-root-privilege-name