A root DN (or root user) is a type of account that exists in the Directory Server which is generally given full access to all data in the server, much like the root user in UNIX systems.

In OpenDS, root users by default will be allowed to bypass access control evaluation, will have full access to the server configuration, and perform most other types of operations.

OpenDS is different from most other servers with regard to root users in two key ways:

  • OpenDS allows the server to be configured with multiple root users. This is a good thing because it allows each root user to have a different set of credentials so that each administrator can have a separate root account that is independent from the others rather than a single account that is shared by all administrators.
  • All of the rights given to root users are assigned through privileges. Using the privilege subsystem, it is possible to create non-root users with some or all of the capabilities normally available only to root users. It is also possible to take away privileges from root users if so desired.