Name

dsconfig set-root-dn-prop — Modifies Root DN properties

Synopsis

dsconfig set-root-dn-prop {options}

Description

Modifies Root DN properties.

Options

The dsconfig set-root-dn-prop command takes the following options:

--set {PROP:VALUE}

Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it.

Root DN properties depend on the Root DN type, which depends on the null option.

--reset {property}

Resets a property back to its default values where PROP is the name of the property to be reset.

Root DN properties depend on the Root DN type, which depends on the null option.

--add {PROP:VALUE}

Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added.

Root DN properties depend on the Root DN type, which depends on the null option.

--remove {PROP:VALUE}

Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed.

Root DN properties depend on the Root DN type, which depends on the null option.

Root DN

Root Dns of type root-dn have the following properties:

default-root-privilege-name
Description

Specifies the names of the privileges that root users will be granted by default.

Default Value

bypass-lockdown

bypass-acl

modify-acl

config-read

config-write

ldif-import

ldif-export

backend-backup

backend-restore

server-lockdown

server-shutdown

server-restart

disconnect-client

cancel-request

password-reset

update-schema

privilege-change

unindexed-search

subentry-write

changelog-read

Allowed Values
backend-backup

Allows the user to request that the server process backup tasks.

backend-restore

Allows the user to request that the server process restore tasks.

bypass-acl

Allows the associated user to bypass access control checks performed by the server.

bypass-lockdown

Allows the associated user to bypass server lockdown mode.

cancel-request

Allows the user to cancel operations in progress on other client connections.

changelog-read

Allows the user to perform read operations on the changelog

config-read

Allows the associated user to read the server configuration.

config-write

Allows the associated user to update the server configuration. The config-read privilege is also required.

data-sync

Allows the user to participate in data synchronization.

disconnect-client

Allows the user to terminate other client connections.

jmx-notify

Allows the associated user to subscribe to receive JMX notifications.

jmx-read

Allows the associated user to perform JMX read operations.

jmx-write

Allows the associated user to perform JMX write operations.

ldif-export

Allows the user to request that the server process LDIF export tasks.

ldif-import

Allows the user to request that the server process LDIF import tasks.

modify-acl

Allows the associated user to modify the server's access control configuration.

password-reset

Allows the user to reset user passwords.

privilege-change

Allows the user to make changes to the set of defined root privileges, as well as to grant and revoke privileges for users.

proxied-auth

Allows the user to use the proxied authorization control, or to perform a bind that specifies an alternate authorization identity.

server-lockdown

Allows the user to place and bring the server of lockdown mode.

server-restart

Allows the user to request that the server perform an in-core restart.

server-shutdown

Allows the user to request that the server shut down.

subentry-write

Allows the associated user to perform LDAP subentry write operations.

unindexed-search

Allows the user to request that the server process a search that cannot be optimized using server indexes.

update-schema

Allows the user to make changes to the server schema.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No