On Wed, 2017-10-25 at 09:32 -0400, Douglas Duckworth wrote: It depends on weather your service account needs to login to a UNIX compliant system or not. If the account doesn't have a uid, it will most likely not be able to login as a standard UNIX account via LDAP. If the binds go directly to an application without going through an OS authentication layer, for example a web user login, it probably doesn't matter either way whether the account has a uidNumber set or not. If you have an interaction with sssd or nslcd in the middle, you are going to need the uidNumber attribute set.