<div><div>Hi again, </div><div><br></div><div>by moving away from local account, to freeipa do we affect any of these numbers?: </div><div><br></div><div>-group name length limits</div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:16px;line-height:20px">-group membership limits</span></div>
<div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:16px;line-height:20px"><br></span></div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:16px;line-height:20px">or they remain the same / as the under limit of the local os?</span></div>
<div><span style="background-color:rgb(255,255,255)"><font color="#222222" face="Arial, Helvetica, sans-serif" size="3"><span style="line-height:20px">On linux, I believe there will still be a limitation of 16 id per group, right?</span></font></span></div>
<div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:16px;line-height:20px"><br></span></div><div><div>If anyone has some past experience with AIX, feel free to share with me</div>
</div><div><br></div><div>I am really interested to ear about it</div><div><br></div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:16px;line-height:20px">Thank you!</span></div>
</div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:16px;line-height:20px"><br></span></div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:16px;line-height:20px">Sylvain Angers</span></div>
<div><br><div class="gmail_quote">2012/1/5 Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<u></u>
<div bgcolor="#ffffff" text="#000000"><div>
On 01/05/2012 04:20 PM, Sylvain Angers wrote:
<blockquote type="cite">Hello
<div><br>
</div>
<div>We have a mixed environment of AIX, and linux servers</div>
<div>All our user accounts are still set locally - no NIS, and we
do not have unique uid/gid toward our hosts!!!</div>
<div>I am evaluating the possibility of using Redhat
Identity management in our environment</div>
<div>I have to figure out what AIX will be able to support - we
would at least want to be able to limit who could access what on
aix</div>
<div>so if you have dealt with AIX, let me knows</div>
<div><br>
</div>
<div>but here my main question</div>
<div><br>
</div>
<div>My question is how do I deal with our current local users? <br>
</div>
</blockquote>
<br></div>
This is a tough one... The assumption was that some kind of identity
system is already in place.<div><br>
<br>
<blockquote type="cite">
<div>When user DAVE get freeipa id 10000000567, do you have to
chown every files he has on a local machine while he might has
uid/gid 501 ?</div>
</blockquote>
<br>
<br></div>
Yes.<div><br>
<br>
<blockquote type="cite">
<div><br>
</div>
<div>I guess we will have to byte the bullet and have a unique id
for every users - right?</div>
</blockquote>
<br></div>
Correct<div><br>
<br>
<blockquote type="cite">
<div>
<div>Is there a simple migration plan from local to freeipa?</div>
</div>
</blockquote>
<br></div>
You pretty much outlined it here. There is nothing better I know of.<br>
You user IDs are probably low enough that there is no overlap with
user IDs from IdM.<div><br>
<br>
<blockquote type="cite">
<div>
<div>do we have to migrate an account at the time do an account
at the time, so if account doe not exist locally, it will
check remote?</div>
</div>
</blockquote>
<br></div>
This is usually the case when you use files in the nsswitch.conf
first and then ldap or sss.<br>
So logic would be:<br>
1) Create a user in IdM with same name as a local user (if it is not
already exists)<br>
2) Find all files owned by local user and replace UID/GID with the
ones from IPA user with the same name<br>
3) Remove local user<br>
4) Repeat for all local users<br>
5) Repeat on every machine<br>
<br>
Step 1) might be a challenge from AIX machine so you might consider
creating a list of all users first, precreating the users in IdM and
then running a script that would do the rest on each of the machines
you need to convert.<br>
<br>
<blockquote type="cite"><div>
<div>
<div><br>
</div>
<div>I am missing the big picture</div>
<div><br>
</div>
<div>thanks in advance</div>
-- <br>
Sylvain Angers<br>
<br>
</div>
</div><pre><fieldset></fieldset>
_______________________________________________
Freeipa-users mailing list
<a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre><span><font color="#888888">
</font></span></blockquote><span><font color="#888888">
<br>
<br>
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a>
</pre>
</font></span></div>
<br>_______________________________________________<br>
Freeipa-users mailing list<br>
<a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Sylvain Angers<br>
<br>
</div>