'dsaadmin' user (cn=dsaadmin,ou=im,ou=ca,o=com) is defined as a super-user using CA Directory access controls.
Please see this document for details:
CA Directory Access ControlsIt is possible to have more than one super-user in one DSA (for instance by adding access control group), but this is not recommended because super-user is granted full level of access to the whole DIT served by the DSA.
Much better way is to configure an admin-user instead of a new super-user.
Using 'dsa' OS user you need to edit access control config file /opt/CA/Directory/dxserver/config/access/vapp-default.dxc
The above file contains settings for imadmin user to be an admin-user, just need to uncomment 'set admin-user' command in the file.
admin-user can be granted access to required sub-tree instead of a full tree, and also restricted set of permissions can be granted.
All above information is applicable to Virtual Appliance (vApp)
'etaadmin' user is a provisioning administrator.
The easiest way to create a new provisioning administrator is to duplicate etaadmin user using Provisioning Manager application.
To do that:
- Login into IM Provisioning Manager as 'etaadmin' user
- Navigate Users->Search
- Select 'etaadmin' user and choose 'duplicate' from context menu (i.e. right-click menu)
- Provide username and password for the new administrator