Login/Register
OpenLDAP Create a Service Account for LDAP queries
Asked Answered
active-directoryldapopenldapservice-accounts
P

0

6

There is a defined way to create a Active Directory ( AD ) Service Account for LDAP queries.

There is no much article on LDAP Service account creation in OpenLDAP

I am trying to find ways to create a LDAP Service Account in OpenLDAP. The LDAP Service account should have the read and search access. The Service account DN and Service Account Password should be used for LDAP Bind , Search and Authentication.

The LDAP Service account DN should be able to find the User DN by a LDAP query with User_ID_Attribute=.

Eg: ldapsearch -h <LDAP_Server> -p <LDAP_Port> -b <Base/Root DN> -D -w uid=LOGINUSER dn Result: dn: uid:LOGINUSER,ou=<LDAP_Group>,dc=example,dc=com

I am stuck at the point of LDAP Service account creation. I need help on that. If you need more info kindly reply so that I can provide that.

Perfectly answered 14/7, 2020 at 17:34 Comment(1)
What's the difference between a regular user account and a service account? Just the purpose, right? Does it ever need to log in? If not, you can set loginShell to /sbin/nologin. Does it ever need email? If not, you can set mail to some noreply junk. All you're asking is how to create an account. The finding of users via ldap query can be done via a script, it's not inherent to the account. By the way, -w in ldapsearch requires the password to be given on the command line, while -W will prompt for the password. I would recommend using '-y passwdfile' to supply a password as this is secure.Frenchy

© 2022 - 2024 — McMap. All rights reserved.