Requested by Orion Poplawski on the mailing list.
In some cases some accounts need to act as users but they are actually application accounts. The example are backup user, rsyslog user, monitoring user etc. Different applications can have special accounts. Is some case it is beneficial to make such accounts local only accounts on the system but in some cases it makes sense to manage accounts centrally and put them into different groups to define right access control rules. This RFE calls for create a way to mark users in the system as person or not. The scope: - Define something in schema to be able to mar account as non human - Expose ability in UI CLI to create such accounts - Handle attempts with such account in UI correctly e.i - no UI for you fellow :-)
Example user:
dn: uid=apache,ou=People,dc=example,dc=com objectClass: top objectClass: posixAccount homeDirectory: /var/www loginShell: /sbin/nologin gidNumber: 48 uidNumber: 48 cn: apache uid: apache
The full thread is here: https://www.redhat.com/archives/freeipa-users/2013-February/msg00275.html
Another important distinction is between accounts with passwords (that you can log into) and accounts without (that you cannot log into). Not sure if this is already done in IPA.
Another example is the provisioning server account.
Also, it would be nice if the migration tools could migrate such users as well.
Closing this ticket as duplicate to #2801, it already handles creating system accounts.
Metadata Update from @dpal: - Issue assigned to tbabej - Issue set to the milestone: Future Releases
Login to comment on this ticket.