-
Bug
-
Resolution: Can't Do
-
Major
-
RH362 - RHEL 7.4 1 20180531
-
9
-
en-US (English)
URL:
Reporter RHNID:
Section: -
Language: en-US (English)
Workaround:
Description: Integrating Ansible Tower with IdM
The following example shows how to use the ldapmodify command to create a bind account, (p350) and Guided Exercise: Integrating Ansible Towerwith IdM Step 1.3 (P358)
Please add clarification:
What is the benefit of a user being created (manually) in sysconfig -> etc portion of the tree? cn=sysaccounts,cn=etc,dc=lab,dc=example,dc=com
So it doesn't appear in normal user-find searches? And does not expire with the global pwpolicy? Other reasons?
It is still replicated since all of dc=lab,dc=example,dc=com is replicated. Some system bind accounts are not meant to be replicated and should be configured in cn=config tree instead.
Any user which can read the accounts portion of the tree can be used for the bind account. The sample ldapsearch commands work just fine with idmuser01. If additional privileges are needed, a role can be added to the account. Full admin role is not required.