MJ J wrote:
Service accounts typically use the simpleSecurityObject object class.
But one needs an appropriate structural object class to add the entry. 'simpleSecurityObject' is an auxiliary object class without any naming attribute.
Ciao, Michael.
On Tue, Dec 19, 2017 at 9:15 PM, Douglas Duckworth dod2014@med.cornell.edu wrote:
It seems I created this service account with posixAccount objectClass. That requires uidNumber.
So I need to do some research on what's the appropriate objectClass for this service account. It's used by SSSD and Apache, for example, to perform binds with our LDAP cluster since we do not allow anon binds. In addtion ACLs only permit this account, and the Manager, access to read the entire directory.
From reading here http://www.zytrax.com/books/ldap/ape/#objectclasses I think I would only need objectClass: account which the service account already contains. So I could delete the posixAccount objectClass and then uidNumber, gidNumber, homeDirectory, and loginShell?
Thanks,
Douglas Duckworth, MSc, LFCS