The following eDirectory rights are discussed in this section:
If you are installing the server into a new tree, the Admin user that is created during the OES Linux installation has full rights to the root of the tree. Using the account for user Admin allows the installer to extend the eDirectory schema for OES Linux as necessary. To install the first OES Linux server in an eDirectory tree, you must have the Supervisor right at the [Root] of the eDirectory tree.
By default, the first three servers installed in an eDirectory partition automatically receive a replica of that partition. To install a server into a partition that does not already contain three replica servers, the user must have either the Supervisor right at the [Root] of the tree or to the container in which the server holding the partition resides.
Before letting a subcontainer administrator install subsequent OES Linux servers in a tree, a user with the Supervisor rights to the root of the tree must extend the schema in the tree. You can extend the schema by using the Schema Update Wizard in Deployment Manager or by having a user with Supervisor rights to the root of eDirectory tree install the first OES Linux server into the tree. For more information, see Schema Update
in the OES NetWare Installation Guide.
Some of the products that can be selected to install along with OES Linux require schema extensions of their own. Only an administrator with Supervisor rights at [Root] can extend the schema of an eDirectory tree; a subcontainer administrator would not have sufficient rights.
If you are installing the first OES Linux server into an existing NDS®/eDirectory tree, run Deployment Manager first to prepare the tree so it is compatible with the new version of eDirectory that comes with OES. This requires access to a server with a Read/Write replica of the Root partition.
For security reasons, you might want to create one or more subcontainer administrators (administrators that are in a container that is subordinate to the container that user Admin is in) with sufficient rights to install additional OES Linux servers, without granting them full rights to the entire tree. A subcontainer administrator needs the following rights to install an OES Linux server into the tree:
Supervisor right to the container where the server will be installed
Read right to the Security container object for the eDirectory tree
Read right to the NDSPKI:Private Key Attribute on the Organizational CA object (located in the Security container)
Supervisor right to the W0 object located inside the KAP object in the Security container
Supervisor right to the Security container when installing the NMAS™ login methods
These rights are typically granted by placing all administrative users in a Group or Role in eDirectory, and then assigning the rights to the Group or Role.