[midPoint] Technical/Service Accounts

Rainer Herbst rainer.herbst at aip.de
Thu Nov 7 18:39:08 CET 2019 

Hi everybody!

Currently, I try to introduce Midpoint as the IDMS solution into an 
scientific organisation. But I stumble over a conceptional problem, which I 
guess a lot of you have gone through. So, please shed a light into my 
darkness:

We do have several hundred acounts in the existing databases for users, i.e. 
persons. But we have also more than one hundred accounts for specific email 
addresses, access to technical systems etc. I want to bind these technical 
accounts to a person, that is responsible for that account. One person can 
be responsible for more than one technical account. Further, I want to be 
able to disable the accounts depending of the state of the responsible user.

The service accounts should be synchronized between several ressources, i.e. 
LDAP and the mail system.

These accounts need also passwords etc. and some attributes should be 
checked for uniqueness for all accounts, i.e. mail addresses.

I have read about the Service Account Management in MidPoint:
https://wiki.evolveum.com/display/midPoint/Service+Account+Management
But I am not sure will this do the task, e.g. is it possible to check for 
the email address uniqueness betwenn normal user`s accounts and service 
accounts.

What would you advice?
- Import these accounts into user objects?
- Link the technical accounts to existing users?
- Or extend the service schema with POSIX attributes like numerical UID and 
email adresses?
- Is there an easy way to enforce uniqueness to attributes in different 
object types?

Heap of questions... ;-)

TIA!


Rainer Herbst
Leiter IT-Service
Phone: +49 331 7499-257
e-mail: rainer.herbst at aip.de
https://www.aip.de

-----------------------------------------------------------------------------------------------
Leibniz-Institut für Astrophysik Potsdam (AIP)
An der Sternwarte 16, 14482 Potsdam

Vorstand: Prof. Dr. Matthias Steinmetz, Matthias Winker
Stiftung bürgerlichen Rechts
Stiftungsverzeichnis Brandenburg: 26 742-00/7026
-----------------------------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3646 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20191107/2316f184/attachment.bin>

More information about the midPoint mailing list