I think it is somehow linked to the ACIs on the "o=NetscapeRoot" tree. If you allow to all the authentified users read some of the subtrees of o=NetscapeRoot" you should have a better directory visibility in the console for a "normal" user.

But it would be an interesting request for the future roadmap in order to leverage the FDS console:

* adjust the ACIs in the o=NetscapeRoot branch to allow non-administrative users take advantage of the FDS console. Also when entering the DN during the console authentification  allow just the RDN part - i.e. the possibility to put "john.doe" instead of "uid=john.doe,ou=Engineering,dc=example,dc=com" in the console authentification dialogue.



2009/4/11 Chavez, James R. <james.chavez@sanmina-sci.com>
Hello,
I am looking to use the Directory Server Admin Console similar to how
the Active Directory user's and Computers tool is used.
More specifically I would like to create an administrative group with
permission to perform certain functions such as reset user passwords and
change certain other attributes. I would like to login to the console
with these users instead of Directory Manager or admin to limit the
access and damage that can be done.

I have created a group of users with full access to my suffix with
ability to add and remove objects. I can do pretty much any operation
with ldapmodify, ldapadd, ldapdelete from the command line.

However I cannot login to the Directory server console with these users
to admin the directory.
If I login as Directory Manager to the admin console and then select
"login as new user" I am able to login with the users, however the
Directory is not visible. I do not have the correct access somewhere
obviously.

How can I configure FDS to allow these users to admin the directory in a
limited role? I am assuming I need to set aci's in certain places to
allow logging into the FDS admin server console .
I am assuming this is possible. I am able to access with a third party
tool but would like to use the FDS admin console.

Thank you
James