4. Configuration options#
This section describes configuration files and options for the delegative administration of the Directory Service through UDM.
4.1. Default roles#
The following file defines the default UDM roles and their rights.
/usr/share/univention-directory-manager-modules/udm-default-authorization-roles.policyContains the default roles, like
udm:default-roles:domain-administratororudm:default-roles:organizational-unit-admin.Important
Don’t change this file. UCS updates overwrite it.
4.2. Custom roles#
You can define your own roles in the configuration file /etc/custom-udm-roles.policy.
The file doesn’t exist by default.
However, you can create this file and add custom role definitions.
The structure of the file may change at any time.
If you have multiple servers in your test environment,
you have to manually keep this file in synchronization between servers.
For details about the format of this file, see Definition of roles.
After creating or modifying this file,
you have to run the command
Listing 4.1
to update the rules.
You can use the roles
that you defined in this file,
as value for the guardianRoles property of user objects.
$ /usr/share/univention-directory-manager-tools/univention-configure-udm-authorization \
--store-local create-roles \
--config /etc/udm-roles.policy
4.3. Options#
The following references show the available settings for delegative administration:
- directory/manager/web/delegative-administration/enabled#
Activate or deactivate delegative administration for UMC.
- Possible values:
trueorfalse.
- directory/manager/rest/delegative-administration/enabled#
Activate or deactivate delegative administration for UDM REST API.
- Possible values:
trueorfalse.