(Optional) Postconfiguration considerations
Now that you finished this scenario, the only EIM user you have defined that EIM can use is the DN for the LDAP administrator.
The LDAP administrator DN that you specified for the system
user on System A has a high level of authority to all data on the
directory server. Therefore, you might consider creating one or more
DNs as additional users that have more appropriate and limited access
control for EIM data. The number of additional EIM users that you
define depends on your security policy's emphasis on the separation
of security duties and responsibilities. Typically, you might create
at least the two following types of DNs:
- A user that has EIM administrator access control
This EIM administrator DN provides the appropriate level of authority for an administrator who is responsible for managing the EIM domain. This EIM administrator DN can be used to connect to the domain controller when managing all aspects of the EIM domain by means of IBM® Navigator for i.
- At least one user that has all of the following access controls:
- Identifier administrator
- Registry administrator
- EIM mapping operations
Note: To use this new DN for the system user instead
of the LDAP administrator DN, you must change the EIM configuration
properties for each system. For this scenario, you need to change
the EIM configuration properties for any IBM i model that you set
up.