Explaining useradmin

brucellino (Bruce Becker) 2016-02-19 14:38:17 UTC #1

Continuing the discussion from Error at TERNET IDP Changing Password:

useradmin is the service user which is created by the ldap role. See this template :

AAROC/DevOps/blob/master/Ansible/roles/ldap/templates/useradmin.ldif.j2

dn: cn=useradmin,dc=local
objectClass: simpleSecurityObject
objectClass: person
objectClass: top
cn: useradmin
sn: useradmin
userPassword: {{ useradmin_password }}
description: Account used by external tools to manage the users (e.g. the IdP)

The username is hardcoded to avoid unnecessary increase in group variables, but if you want, we can parametrise that and you can set it to the local user with these privileges. This would mean having another variable in group_vars/<site_name> to define the local authorised ldap admin.

dmakweba (Damas Makweba) 2016-02-19 14:52:33 UTC #2

@brucellino thanks,
No, I don't want to change the setup at all but I was wondering how this fixed our problem of "reset forgotten password" at the IDP web page. of course, as per what I understand now through your explanation then automatically without changing or assign useradmin to the admin group could be able to manage and let users do their stuffs.
Please advise if what I did (even although seems to fix our problem) will have any effect.
Rgds,