MJ J wrote: > Service accounts typically use the simpleSecurityObject object class. But one needs an appropriate structural object class to add the entry. 'simpleSecurityObject' is an auxiliary object class without any naming attribute. Ciao, Michael. > On Tue, Dec 19, 2017 at 9:15 PM, Douglas Duckworth > <dod2014@med.cornell.edu> wrote: >> It seems I created this service account with posixAccount objectClass. That >> requires uidNumber. >> >> So I need to do some research on what's the appropriate objectClass for this >> service account. It's used by SSSD and Apache, for example, to perform >> binds with our LDAP cluster since we do not allow anon binds. In addtion >> ACLs only permit this account, and the Manager, access to read the entire >> directory. >> >> From reading here http://www.zytrax.com/books/ldap/ape/#objectclasses I >> think I would only need objectClass: account which the service account >> already contains. So I could delete the posixAccount objectClass and then >> uidNumber, gidNumber, homeDirectory, and loginShell? >> >> Thanks, >> >> Douglas Duckworth, MSc, LFCS
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature