<div><div>Hi again, </div><div><br></div><div>by moving away from local account, to freeipa do we affect any of these numbers?: </div><div><br></div><div>-group name length limits</div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:16px;line-height:20px">-group membership limits</span></div> <div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:16px;line-height:20px"><br></span></div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:16px;line-height:20px">or they remain the same / as the under limit of the local os?</span></div> <div><span style="background-color:rgb(255,255,255)"><font color="#222222" face="Arial, Helvetica, sans-serif" size="3"><span style="line-height:20px">On linux, I believe there will still be a limitation of 16 id per group, right?</span></font></span></div> <div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:16px;line-height:20px"><br></span></div><div><div>If anyone has some past experience with AIX, feel free to share with me</div> </div><div><br></div><div>I am really interested to ear about it</div><div><br></div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:16px;line-height:20px">Thank you!</span></div> </div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:16px;line-height:20px"><br></span></div><div><span style="background-color:rgb(255,255,255);color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:16px;line-height:20px">Sylvain Angers</span></div> <div><br><div class="gmail_quote">2012/1/5 Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <u></u> <div bgcolor="#ffffff" text="#000000"><div> On 01/05/2012 04:20 PM, Sylvain Angers wrote: <blockquote type="cite">Hello <div><br> </div> <div>We have a mixed environment of AIX, and linux servers</div> <div>All our user accounts are still set locally - no NIS, and we do not have unique uid/gid toward our hosts!!!</div> <div>I am evaluating the possibility of using Redhat Identity management in our environment</div> <div>I have to figure out what AIX will be able to support - we would at least want to be able to limit who could access what on aix</div> <div>so if you have dealt with AIX, let me knows</div> <div><br> </div> <div>but here my main question</div> <div><br> </div> <div>My question is how do I deal with our current local users? <br> </div> </blockquote> <br></div> This is a tough one... The assumption was that some kind of identity system is already in place.<div><br> <br> <blockquote type="cite"> <div>When user DAVE get freeipa id 10000000567, do you have to chown every files he has on a local machine while he might has uid/gid 501 ?</div> </blockquote> <br> <br></div> Yes.<div><br> <br> <blockquote type="cite"> <div><br> </div> <div>I guess we will have to byte the bullet and have a unique id for every users - right?</div> </blockquote> <br></div> Correct<div><br> <br> <blockquote type="cite"> <div> <div>Is there a simple migration plan from local to freeipa?</div> </div> </blockquote> <br></div> You pretty much outlined it here. There is nothing better I know of.<br> You user IDs are probably low enough that there is no overlap with user IDs from IdM.<div><br> <br> <blockquote type="cite"> <div> <div>do we have to migrate an account at the time do an account at the time, so if account doe not exist locally, it will check remote?</div> </div> </blockquote> <br></div> This is usually the case when you use files in the nsswitch.conf first and then ldap or sss.<br> So logic would be:<br> 1) Create a user in IdM with same name as a local user (if it is not already exists)<br> 2) Find all files owned by local user and replace UID/GID with the ones from IPA user with the same name<br> 3) Remove local user<br> 4) Repeat for all local users<br> 5) Repeat on every machine<br> <br> Step 1) might be a challenge from AIX machine so you might consider creating a list of all users first, precreating the users in IdM and then running a script that would do the rest on each of the machines you need to convert.<br> <br> <blockquote type="cite"><div> <div> <div><br> </div> <div>I am missing the big picture</div> <div><br> </div> <div>thanks in advance</div> -- <br> Sylvain Angers<br> <br> </div> </div><pre><fieldset></fieldset> _______________________________________________ Freeipa-users mailing list <a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre><span><font color="#888888"> </font></span></blockquote><span><font color="#888888"> <br> <br> <pre cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? <a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a> </pre> </font></span></div> <br>_______________________________________________<br> Freeipa-users mailing list<br> <a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a><br> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Sylvain Angers<br> <br> </div>