Sometimes customers want to add a second sysadmin user which would be used as a service account. Here are steps on creating the user account and setting its password using ldap commands.
1. add user in the UI: foobar@example.com
2. Make the new user a sysadmin account using the management API call:
curl -u original_sysadmin@example.com -X POST http://$MS:8080/v1/userroles/sysadmin/users -H "Content-type: application/x-www-form-urlencoded" -d 'id=foobar@example.com' -Q -v
output:
{ "emailId" : "foobar@example.com", "firstName" : " ", "lastName" : " ", "roles" : { "role" : [ { "name" : "sysadmin" }, { "name" : "orgadmin", "organization" : "example" } ] }
3. Check for the foobar@example.com user dn in ldap by running an ldapsearch to find the user and export the output to a file:
NOTE: you will be prompted for your ldap system password when doing the ldapsearch
# ldapsearch -W -D "cn=manager,dc=apigee,dc=com" -b "dc=apigee,dc=com" -LLL -h localhost -p 10389 > ldap.txt
search the output for your user and find its dn. The dn output would look something like this within the ldap.txt file:
dn: uid=6e8782e2-3dd7-4f7b-95fa-f63af9fbbb95,ou=users,ou=global,dc=apigee,dc=c om mail: foobar@example.com userPassword:: e1NTSEF9K01hZXZTTDlWU01kU3dYV0F1Vys0QnU1cXduTEJ2YWhIMkFZYmc9PQ= = uid: 6e8782e2-3dd7-4f7b-95fa-f63af9fbbb95 objectClass: inetOrgPerson sn:: IA== cn:: IA==
4. Give your user a password using the ldappasswd call:
ldappasswd -h localhost -p 10389 -D "cn=manager,dc=apigee,dc=com" -W -s newPassword "uid=6e8782e2-3dd7-4f7b-95fa-f63af9fbbb95,ou=users,ou=global,dc=apigee,dc=com"
5. Your new sysadmin user is now created and has a password. Try logging into the UI with the user or making a management API call with this users credential.