On 12/12/2011 08:02 PM, Simo Sorce wrote:
On Mon, 2011-12-12 at 19:34 +0100, Sigbjorn Lie wrote:
On 12/12/2011 04:18 PM, Simo Sorce wrote:
On Mon, 2011-12-12 at 16:13 +0100, Sigbjorn Lie wrote:
On Mon, December 12, 2011 15:31, Simo Sorce wrote:
On Mon, 2011-12-12 at 11:55 +0100, Sigbjorn Lie wrote:

options ldap.name uid=s-netapp,cn=users,cn=accounts,dc=test,dc=local options 
ldap.passwd
passwordforbinduser
If you need a special user you can avoid polluting the normal user space
by creating a user under cn=sysaccounts,cn=etc,suffix..

It is a simple object, you can look at one user already there called
uid=kdc, it is basically just an objectclass and a userPassword.

We have no UI to create these users though, you'll have to create them
manually, and they are not seen as regular users by any client, they are 
useuful exclusively to
bind to ldap with a plaintext password.
Excellent!

I suppose these are excempt from password policies? So their password will 
never expire...?
Yes the password policy applies only to kerberized entities.

One of the reasons to use this.

Cool. How much access does these accounts have? Do they have write
access anywhere?
By default they are powerless, they only have read access.



Just tried this with a Solaris client, works like a charm.

Thank you.


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to