[Freeipa-users] Best and Secure Way for a System Account
Martin Babinsky
mbabinsk at redhat.com
Mon Oct 17 05:35:26 UTC 2016
On 10/16/2016 12:22 PM, Günther J. Niederwimmer wrote:
> Hello,
>
> IPA 4.3.1
>
> I have a big Problem with my LDAP Read User (ldapbind) I like to install
> dovecot with IPA, but I must have "mailAternateAddress" I found a Plugin for
> this, but now I cant read this Attributes :-(.
>
> Is this the actual way to implement a System Account
>
> # ldapmodify -x -D 'cn=Directory Manager' -W
> dn: uid=system,cn=sysaccounts,cn=etc,dc=example,dc=com
> changetype: add
> objectclass: account
> objectclass: simplesecurityobject
> uid: system
> userPassword: secret123
> passwordExpirationTime: 20380119031407Z
> nsIdleTimeout: 0
> <blank line>
> ^D
>
> https://www.freeipa.org/page/HowTo/LDAP#System_Accounts
>
> The IPA Docs have no time stamp to found out, is this actual or old :-(.
>
> Thanks for a answer,
>
Hi Gunther,
that LDIF look ok to me.
Do not forget that you must set up the correct ACIs in order for the
system account to see the 'mailAlternaleAddress' attribute.
--
Martin^3 Babinsky
More information about the Freeipa-users
mailing list