You must manually create a User Application Administrator account in the eDirectory Identity Vault for the Roles Based Provisioning Module to install correctly. The User Application Administrator account must be a trustee of the top container and must have Supervisor rights to the container.
When you create the User Application Administrator account, you must assign a password policy to this new user account. For more information, see Creating Password Policies
in the Password Management Administration Guide.
The integrated installer for Identity Manager creates a default User Application Administrative account as cn=uaadmin.ou=sa.=data. Designer pre-populates fields with this account name. When using the standalone installation program, you can create the same account name or use a different account name.
To create the permissions for the User Application Administrator account, run the following commands in an LDAP Data Interchange Format (LDIF) file:
dn: %%RBPM_USER_APP_CONTAINER_DN%% changetype: modify add: ACL ACL: 1#subtree#[Root]#[Entry Rights] dn: %%RBPM_USER_APP_CONTAINER_DN%% changetype: modify add: ACL ACL: 3#subtree#%%RBPM_USER_APP_CONTAINER_DN%%#description dn: %%RBPM_USER_APP_CONTAINER_DN%% changetype: modify add: ACL ACL: 3#subtree#%%RBPM_USER_APP_CONTAINER_DN%%#directReports dn: %%RBPM_USER_APP_CONTAINER_DN%% changetype: modify add: ACL ACL: 3#subtree#%%RBPM_USER_APP_CONTAINER_DN%%#mail dn: %%RBPM_USER_APP_CONTAINER_DN%% changetype: modify add: ACL ACL: 3#subtree#%%RBPM_USER_APP_CONTAINER_DN%%#manager dn: %%RBPM_USER_APP_CONTAINER_DN%% changetype: modify add: ACL ACL: 3#subtree#%%RBPM_USER_APP_CONTAINER_DN%%#photo dn: %%RBPM_USER_APP_CONTAINER_DN%% changetype: modify add: ACL ACL: 3#subtree#%%RBPM_USER_APP_CONTAINER_DN%%#srvprvQueryList dn: %%RBPM_USER_APP_CONTAINER_DN%% changetype: modify add: ACL ACL: 3#subtree#%%RBPM_USER_APP_CONTAINER_DN%%#srvprvUserPrefs dn: %%RBPM_USER_APP_CONTAINER_DN%% changetype: modify add: ACL ACL: 3#subtree#%%RBPM_USER_APP_CONTAINER_DN%%#telephoneNumber dn: %%RBPM_USER_APP_CONTAINER_DN%% changetype: modify add: ACL ACL: 3#subtree#%%RBPM_USER_APP_CONTAINER_DN%%#title dn: %%RBPM_USER_APP_CONTAINER_DN%% changetype: modify add: ACL ACL: 17#subtree#%%RBPM_USER_APP_ADMIN_DN%%#[Entry Rights] ACL: 35#subtree#%%RBPM_USER_APP_ADMIN_DN%%#[All Attributes Rights]