Modifiy admin user "dsadm"

[thebabyboom]

Hello,
I installed InformationServer 11.3 on Solaris.

I'd like to know how to replace the dsadm user with another user.
Why?
Simple because during the installation, you have to create this user locally, but my system administrator does not want to use a local user, you must absolutely use a user created in the LDAP.

In the console, I defined my LDAP user as admin but when I start the different service and engine I always have the dsadm user who appears in the processes.

How do I get rid of the dsadm user and the dstage group?

Thank you in advance.

[ray.wurlod]

Welcome aboard.

Is security on UNIX managed though LDAP to the same user registry as that used for client software? This will determine how to map engine credentials using web console for Information Server.

[qt_ky]

I thought that the engine tier required local operating system users as per the system requirements and product documentation. I would expect my system admin to come to terms with the product's requirements. Maybe I am missing something?

[PaulVL]

Don't get rid of the id, create it in your LDAP land and ensure that it has the same UID.

We install with local, then switch it to LDAP/QAS afterwards.

Works just fine.

Just make sure the UID is the same.

[JRodriguez]

The IBM install/Updater scripts are not able to authenticate dsadm account against LDAP -I submitted a PMR inquiring about this - but as PaulVL stated you could create the dsadm and dstage group in your LDAP registry and then used the UID/GID values to create the local counter parts for installation purpose and after installation then set up PAM/LDAP and remove the local ones ...this worked like a charm for us

*** We are not allow to have local account/groups

[thebabyboom]

thanks a lot for your answer !

I'll try to create the dsadm on the ldap with the same uid and remove the local user.

I Hope

If it works, I must review my security then.