Thanks John and everyone else. It's only performing binds for Apache, and sssd, as I do not allow anon binds to the LDAP server. This particular account does not perform any interactive logins on *Nix boxes.Thanks,
Douglas Duckworth, MSc, LFCS
HPC System Administrator
Scientific Computing UnitPhysiology and BiophysicsWeill Cornell MedicineOn Wed, Oct 25, 2017 at 9:18 PM, John Lewis <jl@hyperbolicinnovation.com> wrote:It depends on weather your service account needs to login to a UNIXOn Wed, 2017-10-25 at 09:32 -0400, Douglas Duckworth wrote:
> Hi
>
> Do I need uidNumber for Service Accounts used for application /
> server binding if this user won't actually be resolved by sssd or
> nslcd?
>
> I set a very high uidNumber but eventually this will conflict with
> users as in my ignorance I didn't put this in a lower range.
>
> Thanks,
>
> Douglas Duckworth, MSc, LFCS
> HPC System Administrator
> Scientific Computing Unit
> Physiology and Biophysics
> Weill Cornell Medicine
> E: doug@med.cornell.edu
> O: 212-746-6305
> F: 212-746-8690
compliant system or not. If the account doesn't have a uid, it will
most likely not be able to login as a standard UNIX account via LDAP.
If the binds go directly to an application without going through an OS
authentication layer, for example a web user login, it probably doesn't
matter either way whether the account has a uidNumber set or not. If
you have an interaction with sssd or nslcd in the middle, you are going
to need the uidNumber attribute set.