On 12/12/2011 04:18 PM, Simo Sorce wrote:
On Mon, 2011-12-12 at 16:13 +0100, Sigbjorn Lie wrote:
On Mon, December 12, 2011 15:31, Simo Sorce wrote:
On Mon, 2011-12-12 at 11:55 +0100, Sigbjorn Lie wrote:

options ldap.name uid=s-netapp,cn=users,cn=accounts,dc=test,dc=local options 
ldap.passwd
passwordforbinduser
If you need a special user you can avoid polluting the normal user space
by creating a user under cn=sysaccounts,cn=etc,suffix..

It is a simple object, you can look at one user already there called
uid=kdc, it is basically just an objectclass and a userPassword.

We have no UI to create these users though, you'll have to create them
manually, and they are not seen as regular users by any client, they are 
useuful exclusively to
bind to ldap with a plaintext password.
Excellent!

I suppose these are excempt from password policies? So their password will 
never expire...?
Yes the password policy applies only to kerberized entities.

One of the reasons to use this.


Cool. How much access does these accounts have? Do they have write access anywhere?

Rgds,
Siggi

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to