On 02/15/2013 09:45 AM, Petr Viktorin wrote:
On 02/15/2013 05:36 PM, Orion Poplawski wrote:
Is there a recommended way to distinguish between "real" human user
accounts in IPA and non-human "system" accounts in IPA?

What kind of system accounts do you have in IPA? Consider not storing them in
IPA at all.

Yeah, that seems like the better idea, but:

I think the main issue we've run into is needing the apache user to be a member of groups in ldap, and that not working unless the apache user was in ldap as well.

Another example is a backup user account that backup software logs in as.

Also some accounts that own files and some services run as that are needed on multiple machines. I suppose we could use puppet to manage those, but ldap seems more convenient.

Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder Office                  FAX: 303-415-9702
3380 Mitchell Lane                       or...@nwra.com
Boulder, CO 80301                   http://www.nwra.com

Freeipa-users mailing list

Reply via email to