[Freeipa-users] NetApp Filer with IPA?
Sigbjorn Lie
sigbjorn at nixtra.com
Tue Dec 13 21:21:48 UTC 2011
On 12/12/2011 08:02 PM, Simo Sorce wrote:
> On Mon, 2011-12-12 at 19:34 +0100, Sigbjorn Lie wrote:
>> On 12/12/2011 04:18 PM, Simo Sorce wrote:
>>> On Mon, 2011-12-12 at 16:13 +0100, Sigbjorn Lie wrote:
>>>> On Mon, December 12, 2011 15:31, Simo Sorce wrote:
>>>>> On Mon, 2011-12-12 at 11:55 +0100, Sigbjorn Lie wrote:
>>>>>
>>>>>> options ldap.name uid=s-netapp,cn=users,cn=accounts,dc=test,dc=local options ldap.passwd
>>>>>> passwordforbinduser
>>>>> If you need a special user you can avoid polluting the normal user space
>>>>> by creating a user under cn=sysaccounts,cn=etc,suffix..
>>>>>
>>>>> It is a simple object, you can look at one user already there called
>>>>> uid=kdc, it is basically just an objectclass and a userPassword.
>>>>>
>>>>> We have no UI to create these users though, you'll have to create them
>>>>> manually, and they are not seen as regular users by any client, they are useuful exclusively to
>>>>> bind to ldap with a plaintext password.
>>>> Excellent!
>>>>
>>>> I suppose these are excempt from password policies? So their password will never expire...?
>>> Yes the password policy applies only to kerberized entities.
>>>
>>> One of the reasons to use this.
>>>
>> Cool. How much access does these accounts have? Do they have write
>> access anywhere?
> By default they are powerless, they only have read access.
>
>
Just tried this with a Solaris client, works like a charm.
Thank you.
More information about the Freeipa-users
mailing list