On Mon, 2011-12-12 at 16:13 +0100, Sigbjorn Lie wrote:
> On Mon, December 12, 2011 15:31, Simo Sorce wrote:
> > On Mon, 2011-12-12 at 11:55 +0100, Sigbjorn Lie wrote:
> >> options ldap.name uid=s-netapp,cn=users,cn=accounts,dc=test,dc=local
> >> options ldap.passwd
> >> passwordforbinduser
> > If you need a special user you can avoid polluting the normal user space
> > by creating a user under cn=sysaccounts,cn=etc,suffix..
> > It is a simple object, you can look at one user already there called
> > uid=kdc, it is basically just an objectclass and a userPassword.
> > We have no UI to create these users though, you'll have to create them
> > manually, and they are not seen as regular users by any client, they are
> > useuful exclusively to
> > bind to ldap with a plaintext password.
> I suppose these are excempt from password policies? So their password will
> never expire...?
Yes the password policy applies only to kerberized entities.
One of the reasons to use this.
Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list