Re: uidNumber for Service Accounts?

Hi Michael I added it using ldapadd. I removed the account ObjectClass and now only use applicationProcess: # preset, Service Accounts, blah dn: uid=preset,ou=Service Accounts,dc=blah objectClass: top objectClass: extensibleObject objectClass: applicationProcess uid: preset cn: preset sn:

Re: uidNumber for Service Accounts?

Douglas Duckworth wrote: > adding new entry "uid=preset,ou=Service Accounts,dc=blah > ldap_add: Object class violation (65) >         additional info: invalid structural object class chain > (account/applicationProcess) A directory entry must have a *single* structural object class. While there

Re: uidNumber for Service Accounts?

Thanks everyone. I agree it would be ideal to differenaiate this account from others. So far it's in own OU while standard users are in People. Seeing an error. The ldif: dn: uid=preset,ou=Service Accounts,dc=blah objectClass: top objectClass: account objectClass: applicationProcess Enter

Re: uidNumber for Service Accounts?

MJ J wrote: > Service accounts typically use the simpleSecurityObject object class. But one needs an appropriate structural object class to add the entry. 'simpleSecurityObject' is an auxiliary object class without any naming attribute. Ciao, Michael. > On Tue, Dec 19, 2017 at 9:15 PM, Douglas

Re: uidNumber for Service Accounts?

Douglas Duckworth wrote: > It seems I created this service account with posixAccount objectClass.  > That requires uidNumber. > > So I need to do some research on what's the appropriate objectClass for > this service account.  It's used by SSSD and Apache, for example, to > perform binds with our

Re: uidNumber for Service Accounts?

t;> >> On Wed, Oct 25, 2017 at 9:18 PM, John Lewis <j...@hyperbolicinnovation.com> >> wrote: >>> >>> On Wed, 2017-10-25 at 09:32 -0400, Douglas Duckworth wrote: >>> > Hi >>> > >>> > Do I need uidNumber for Service

Re: uidNumber for Service Accounts?

746-8690> > > On Wed, Oct 25, 2017 at 9:18 PM, John Lewis <j...@hyperbolicinnovation.com> > wrote: > >> On Wed, 2017-10-25 at 09:32 -0400, Douglas Duckworth wrote: >> > Hi >> > >> > Do I need uidNumber for Service Accounts used for application / >&g

Re: uidNumber for Service Accounts?

Unit Physiology and Biophysics Weill Cornell Medicine E: d...@med.cornell.edu O: 212-746-6305 F: 212-746-8690 On Wed, Oct 25, 2017 at 9:18 PM, John Lewis <j...@hyperbolicinnovation.com> wrote: > On Wed, 2017-10-25 at 09:32 -0400, Douglas Duckworth wrote: > > Hi > > > > Do I

Re: uidNumber for Service Accounts?

On Wed, 2017-10-25 at 09:32 -0400, Douglas Duckworth wrote: > Hi > > Do I need uidNumber for Service Accounts used for application / > server binding if this user won't actually be resolved by sssd or > nslcd?   > > I set a very high uidNumber but eventually this will

Re: uidNumber for Service Accounts?

: 212-746-8690 On Wed, Oct 25, 2017 at 9:55 AM, Michael Ströder <mich...@stroeder.com> wrote: > Douglas Duckworth wrote: > > Do I need uidNumber for Service Accounts used for application / server > > binding if this user won't actually be resolved by sssd or nslcd? > > In

Re: uidNumber for Service Accounts?

Douglas Duckworth wrote: > Do I need uidNumber for Service Accounts used for application / server > binding if this user won't actually be resolved by sssd or nslcd? In general if your client only binds to the LDAP server it doesn't need 'uidNumber' attribute. It just needs a b

uidNumber for Service Accounts?

Hi Do I need uidNumber for Service Accounts used for application / server binding if this user won't actually be resolved by sssd or nslcd? I set a very high uidNumber but eventually this will conflict with users as in my ignorance I didn't put this in a lower range. Thanks, Douglas Duckworth