On Mon, 2011-12-12 at 16:13 +0100, Sigbjorn Lie wrote:
> On Mon, December 12, 2011 15:31, Simo Sorce wrote:
> > On Mon, 2011-12-12 at 11:55 +0100, Sigbjorn Lie wrote:
> >
> >> options ldap.name uid=s-netapp,cn=users,cn=accounts,dc=test,dc=local 
> >> options ldap.passwd
> >> passwordforbinduser
> >
> > If you need a special user you can avoid polluting the normal user space
> > by creating a user under cn=sysaccounts,cn=etc,suffix..
> >
> > It is a simple object, you can look at one user already there called
> > uid=kdc, it is basically just an objectclass and a userPassword.
> >
> > We have no UI to create these users though, you'll have to create them
> > manually, and they are not seen as regular users by any client, they are 
> > useuful exclusively to
> > bind to ldap with a plaintext password.
> 
> Excellent!
> 
> I suppose these are excempt from password policies? So their password will 
> never expire...?

Yes the password policy applies only to kerberized entities.

One of the reasons to use this.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to