Hi, Well, there are many options I think. First of all I am not sure if there is any hard coded part of the server depending on the uid=admin,ou=system user. One thing that can be done is just adding one more Interceptor or modifying an existing Interceptor (possibly the Login one) to deny that users access. Then you can create 'controlled' administrators by leveraging the ACI based Authorization subsystem.
There may be many other alternatives as I said. This one may be one of the easiest. (Just update the bind() method in the authn interceptor.) On 7/13/07, Wayne Johnson <[EMAIL PROTECTED]> wrote:
We embedding Apache-DS into our product for use as a A&A server. We probably don't want to ship it with the default Administrator. We install several default users into the database using an ldif file and move all the administrative functions to these. I have some question as to our options about what to do with the default administrative userid. The docs indicate that the proper way to install is to start the server, let the system set up the default partition with the password from server.xml, change the password with a GUI or command line utility, then change the value in server.xml and restart the server. We feel this would be a bit too complicated for our users. Are there any alternatives? I tried changing the userid and/or password before the initial startup and it crashes. Can we totaly delete this userid? Wayne Johnson Senior Software Engineer MQSoftware, Inc. 1660 S Highway 100 Minneapolis, MN 55416 (952) 345-8628
-- Ersin Er R.A. and Ph.D Student at the Dept. of Computer Eng. in Hacettepe University http://www.cs.hacettepe.edu.tr Committer and PMC Member of The Apache Directory Project http://directory.apache.org
