Sometimes customers want to add a second sysadmin user which would be used as a service account. Here are steps on creating the user account and setting its password using ldap commands.

1. add user in the UI: foobar@example.com

2. Make the new user a sysadmin account using the management API call:

curl -u original_sysadmin@example.com -X POST http://$MS:8080/v1/userroles/sysadmin/users -H "Content-type: application/x-www-form-urlencoded" -d 'id=foobar@example.com' -Q -v

output:

{
  "emailId" : "foobar@example.com",
  "firstName" : " ",
  "lastName" : " ",
  "roles" : {
    "role" : [ {
      "name" : "sysadmin"
    }, {
      "name" : "orgadmin",
      "organization" : "example"
    } ]
  }

3. Check for the foobar@example.com user dn in ldap by running an ldapsearch to find the user and export the output to a file:

NOTE: you will be prompted for your ldap system password when doing the ldapsearch

# ldapsearch -W -D "cn=manager,dc=apigee,dc=com" -b "dc=apigee,dc=com" -LLL -h localhost -p 10389 > ldap.txt

search the output for your user and find its dn. The dn output would look something like this within the ldap.txt file:

dn: uid=6e8782e2-3dd7-4f7b-95fa-f63af9fbbb95,ou=users,ou=global,dc=apigee,dc=c
om 
mail: foobar@example.com
userPassword:: e1NTSEF9K01hZXZTTDlWU01kU3dYV0F1Vys0QnU1cXduTEJ2YWhIMkFZYmc9PQ=
= 
uid: 6e8782e2-3dd7-4f7b-95fa-f63af9fbbb95 
objectClass: inetOrgPerson 
sn:: IA== 
cn:: IA==

4. Give your user a password using the ldappasswd call:

ldappasswd -h localhost -p 10389 -D "cn=manager,dc=apigee,dc=com" -W -s newPassword "uid=6e8782e2-3dd7-4f7b-95fa-f63af9fbbb95,ou=users,ou=global,dc=apigee,dc=com"

5. Your new sysadmin user is now created and has a password. Try logging into the UI with the user or making a management API call with this users credential.