Uploaded image for project: 'Product Technical Learning'
  1. Product Technical Learning
  2. PTL-7222

RH362-101: Tower bind account: clarify why choice of tree location

XMLWordPrintable

    • 9
    • en-US (English)

      URL:
      Reporter RHNID:
      Section: -
      Language: en-US (English)
      Workaround:

      Description: Integrating Ansible Tower with IdM

      The following example shows how to use the ldapmodify command to create a bind account, (p350)  and Guided Exercise: Integrating Ansible Towerwith IdM Step 1.3 (P358)

      Please add clarification:

      What is the benefit of a user being created (manually) in sysconfig -> etc portion of the tree? cn=sysaccounts,cn=etc,dc=lab,dc=example,dc=com  

      So it doesn't appear in normal user-find searches? And does not expire with the global pwpolicy? Other reasons?

      It is still replicated since all of dc=lab,dc=example,dc=com is replicated. Some system bind accounts are not meant to be replicated and should be configured in cn=config tree instead.

      Any user which can read the accounts portion of the tree can be used for the bind account. The sample ldapsearch commands work just fine with idmuser01. If additional privileges are needed, a role can be added to the account. Full admin role is not required.

       

              glsbugs-hybridcloud@redhat.com PTL - RHEL Team
              lauber Susan Lauber
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: