Thanks John and everyone else. It's only performing binds for Apache, and sssd, as I do not allow anon binds to the LDAP server. This particular account does not perform any interactive logins on *Nix boxes.
Thanks, Douglas Duckworth, MSc, LFCS HPC System Administrator Scientific Computing Unit Physiology and Biophysics Weill Cornell Medicine E: [email protected] O: 212-746-6305 F: 212-746-8690 On Wed, Oct 25, 2017 at 9:18 PM, John Lewis <[email protected]> wrote: > On Wed, 2017-10-25 at 09:32 -0400, Douglas Duckworth wrote: > > Hi > > > > Do I need uidNumber for Service Accounts used for application / > > server binding if this user won't actually be resolved by sssd or > > nslcd? > > > > I set a very high uidNumber but eventually this will conflict with > > users as in my ignorance I didn't put this in a lower range. > > > > Thanks, > > > > Douglas Duckworth, MSc, LFCS > > HPC System Administrator > > Scientific Computing Unit > > Physiology and Biophysics > > Weill Cornell Medicine > > E: [email protected] > > O: 212-746-6305 > > F: 212-746-8690 > > It depends on weather your service account needs to login to a UNIX > compliant system or not. If the account doesn't have a uid, it will > most likely not be able to login as a standard UNIX account via LDAP. > > If the binds go directly to an application without going through an OS > authentication layer, for example a web user login, it probably doesn't > matter either way whether the account has a uidNumber set or not. If > you have an interaction with sssd or nslcd in the middle, you are going > to need the uidNumber attribute set. >
