On Wed, 2017-10-25 at 09:32 -0400, Douglas Duckworth wrote: > Hi > > Do I need uidNumber for Service Accounts used for application / > server binding if this user won't actually be resolved by sssd or > nslcd? > > I set a very high uidNumber but eventually this will conflict with > users as in my ignorance I didn't put this in a lower range. > > Thanks, > > Douglas Duckworth, MSc, LFCS > HPC System Administrator > Scientific Computing Unit > Physiology and Biophysics > Weill Cornell Medicine > E: [email protected] > O: 212-746-6305 > F: 212-746-8690
It depends on weather your service account needs to login to a UNIX compliant system or not. If the account doesn't have a uid, it will most likely not be able to login as a standard UNIX account via LDAP. If the binds go directly to an application without going through an OS authentication layer, for example a web user login, it probably doesn't matter either way whether the account has a uidNumber set or not. If you have an interaction with sssd or nslcd in the middle, you are going to need the uidNumber attribute set.
