Super user authority required?

Document ID : KB000094814
Last Modified Date : 14/05/2018
Show Technical Document Details
Question:
Does our started task for LDAP Server require super user authority? It currently has that authority, but we need to justify it or remove it. I don't see this requirement specified in the installation guide, but just want to confirm it's not needed before we remove it. 
Answer:
The UID for the LDAP server acid can be any unique value as long as the BPX permissions defined in the CDT9ACID jobstream are granted. The CDT9ACID job from the CDT9JCL library is the job to define the started task acid for CA LDAP Server for z/OS. The BPX permissions are as follows:

TSS PERMIT(ldapacid) IBMFAC(BPX.FILE) ACCESS(READ) 
TSS PERMIT(ldapacid) IBMFAC(BPX.SERVER) ACCESS(UPDATE) 
TSS PERMIT(ldapacid) IBMFAC(BPX.DAEMON) ACCESS(READ) 
TSS PERMIT(ldapacid) IBMFAC(BPX.CONSOLE) ACCESS(READ) 
TSS PERMIT(ldapacid) IBMFAC(BPX.STOR.SWAP) ACCESS(READ)