"
As a suggestion, to increase security, create a system user in freeipa that has read-only permission and the password does not expire in 90 days
1 - Create a file
]# vim opnsense-binddn.update
add content :
dn: uid=opnsense_bind,cn=sysaccounts,cn=etc,dc=example,dc=local
default:objectclass:account
default:objectclass:simplesecurityobject
default:uid:opnsense_bind
only:userPassword:o9gkUeQNnRexPJrbFNZGC3szN
only:passwordExpirationTime:20380119031407Z
only:nsIdleTimeout:0
2 - run the command to create the user
]# ipa-ldap-updater opnsense-binddn.update
update complete
The ipa-ldap-updater command was successful
1 - Create a file
]# vim opnsense-binddn.update
add content :
dn: uid=opnsense_bind,cn=sysaccounts,cn=etc,dc=example,dc=local
default:objectclass:account
default:objectclass:simplesecurityobject
default:uid:opnsense_bind
only:userPassword:o9gkUeQNnRexPJrbFNZGC3szN
only:passwordExpirationTime:20380119031407Z
only:nsIdleTimeout:0
2 - run the command to create the user
]# ipa-ldap-updater opnsense-binddn.update
update complete
The ipa-ldap-updater command was successful
