This document is something I do every time I setup an IPA server. Many applications need a bind user to perform searches of the directory, and I find it to be useful.
The first thing we will do is create an ldif file to load into the LDAP server
cat << EOF > search.ldif dn: uid=search,cn=sysaccounts,cn=etc,dc=example,dc=org (1) changetype: add objectclass: account objectclass: simplesecurityobject uid: search userPassword: supersecurepassword (2) passwordExpirationTime: 20380119031407Z nsIdleTimeout: 0 EOF
| 1 | This is the user that will be created in the LDAP directory for searching, binding,ETC. Don’t forget to edit for your own domain before just pasting into the command line |
| 2 | Change this password to something very secure |
Next we are going to load this LDIF into the directory. There are many way to do this, depending on where the LDIF file is located.
ldapmodify -h localhost -p 389 -x -D "cn=Directory Manager" -w 'anothersupersecretpassword' -f search.ldif (1)
| 1 | The password required here is the password for the Directory Manager created during ipa-server-install |
That is it, now you have a bind user that can be used to searchs, binds, etc.
I found this article on the IPA website, http://www.freeipa.org/page/EJabberd_Integration_with_FreeIPA_using_LDAP_Group_memberships