FreeIPA Service Account

By default, FreeIPA does not allow anonymous binds. So create a service account with no permissions to login, and just to bind, we're going to have to get down and dirty with LDAP.

  • First, create the file listed below inside your home directory
  • Run the following command. You will be asked for the “Directory Manager” password.
    • ldapmodify -x -D 'cn=Directory Manager' -W < service_account
  • You're done!
dn: uid=CHANGE_THIS_WITH_THE_USERNAME,cn=sysaccounts,cn=etc,dc=ubnetdef,dc=net
changetype: add
objectclass: account
objectclass: simplesecurityobject
userPassword: put-a-good-password-here
passwordExpirationTime: 20380119031407Z
nsIdleTimeout: 0
  • guides/freeipa_service_account.txt
  • Last modified: 2017/05/03 13:08
  • by jamesdro