Re: uidNumber for Service Accounts?

2017-10-25 Thread John Lewis
On Wed, 2017-10-25 at 09:32 -0400, Douglas Duckworth wrote: > Hi > > Do I need uidNumber for Service Accounts used for application / > server binding if this user won't actually be resolved by sssd or > nslcd?   > > I set a very high uidNumber but eventually this will conflict with > users as in

Re: uidNumber for Service Accounts?

2017-10-25 Thread Douglas Duckworth
Thanks Michael! No, we do not have uidNumber-based ACLs only DN based. I will remove the uidNumber. Thanks Doug Thanks, Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Physiology and Biophysics Weill Cornell Medicine E: d...@med.cornell.edu O: 212-746-6305 F: 21

Re: uidNumber for Service Accounts?

2017-10-25 Thread Michael Ströder
Douglas Duckworth wrote: > Do I need uidNumber for Service Accounts used for application / server > binding if this user won't actually be resolved by sssd or nslcd? In general if your client only binds to the LDAP server it doesn't need 'uidNumber' attribute. It just needs a bind-DN and a passwor

Re: [EXTERNAL] pwdPolicySubentry: value #0 already exists

2017-10-25 Thread Douglas Duckworth
Thanks so much, Jon! I can see it clearly now! # Service Accounts, domain dn: ou=Service Accounts,domain # g14classified, Service Accounts, domain dn: uid=g14classified,ou=Service Accounts,domain pwdPolicySubentry: cn=CustomBindAccountPolicy,ou=Policies,domain Thanks, Douglas Duckworth, MSc,

RE: [EXTERNAL] pwdPolicySubentry: value #0 already exists

2017-10-25 Thread Jon C Kidder
pwdPolicySubentry is an operational attribute. It will not be returned in search results unless you explicitly request it or use + in your requested attribute list. If you change the add to a replace in your ldif file your modify operation should succeed. [cid:image001.png@01D34D74.73170570]<

uidNumber for Service Accounts?

2017-10-25 Thread Douglas Duckworth
Hi Do I need uidNumber for Service Accounts used for application / server binding if this user won't actually be resolved by sssd or nslcd? I set a very high uidNumber but eventually this will conflict with users as in my ignorance I didn't put this in a lower range. Thanks, Douglas Duckworth,

pwdPolicySubentry: value #0 already exists

2017-10-25 Thread Douglas Duckworth
Hi I am trying to make sure my bind Service Account's password does not expire. I set this in ou=Policies with the intention that the policy would only be applied to this user: # Policies, domain dn: ou=Policies,domain ou: Policies objectClass: organizationalUnit # CustomBindAccountPolicy, Poli