This document is something I do every time I setup an IPA server. Many applications need a bind user to perform searches of the directory, and I find it to be useful.

The first thing we will do is create an ldif file to load into the LDAP server

cat << EOF > search.ldif
dn: uid=search,cn=sysaccounts,cn=etc,dc=example,dc=org (1)
changetype: add
objectclass: account
objectclass: simplesecurityobject
uid: search
userPassword: supersecurepassword (2)
passwordExpirationTime: 20380119031407Z
nsIdleTimeout: 0
1 This is the user that will be created in the LDAP directory for searching, binding,ETC. Don’t forget to edit for your own domain before just pasting into the command line
2 Change this password to something very secure

Next we are going to load this LDIF into the directory. There are many way to do this, depending on where the LDIF file is located.

ldapmodify -h localhost -p 389 -x -D "cn=Directory Manager" -w 'anothersupersecretpassword' -f search.ldif (1)
1 The password required here is the password for the Directory Manager created during ipa-server-install

That is it, now you have a bind user that can be used to searchs, binds, etc.