Thanks Michael!

No, we do not have uidNumber-based ACLs only DN based.

I will remove the uidNumber.

Thanks
Doug

Thanks,

Douglas Duckworth, MSc, LFCS
HPC System Administrator
Scientific Computing Unit
Physiology and Biophysics
Weill Cornell Medicine
E: doug@med.cornell.edu
O: 212-746-6305
F: 212-746-8690

On Wed, Oct 25, 2017 at 9:55 AM, Michael Ströder <michael@stroeder.com> wrote:
Douglas Duckworth wrote:
> Do I need uidNumber for Service Accounts used for application / server
> binding if this user won't actually be resolved by sssd or nslcd?

In general if your client only binds to the LDAP server it doesn't need
'uidNumber' attribute. It just needs a bind-DN and a password in its
config. I assume though that your LDAP server does not have ACLs based
uidNumber-based filter affecting your client.

And I don't know whether something else in your deployment needs it.
This only you can find out.

Ciao, Michael.