On Mon, 2011-12-12 at 16:13 +0100, Sigbjorn Lie wrote: > On Mon, December 12, 2011 15:31, Simo Sorce wrote: > > On Mon, 2011-12-12 at 11:55 +0100, Sigbjorn Lie wrote: > > > >> options ldap.name uid=s-netapp,cn=users,cn=accounts,dc=test,dc=local > >> options ldap.passwd > >> passwordforbinduser > > > > If you need a special user you can avoid polluting the normal user space > > by creating a user under cn=sysaccounts,cn=etc,suffix.. > > > > It is a simple object, you can look at one user already there called > > uid=kdc, it is basically just an objectclass and a userPassword. > > > > We have no UI to create these users though, you'll have to create them > > manually, and they are not seen as regular users by any client, they are > > useuful exclusively to > > bind to ldap with a plaintext password. > > Excellent! > > I suppose these are excempt from password policies? So their password will > never expire...?
Yes the password policy applies only to kerberized entities. One of the reasons to use this. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
