[Freeipa-users] minimum UIDs and GIDs
Nick Gresham
n.gresham at manchester.ac.uk
Thu Oct 9 19:33:59 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Simo Sorce wrote:
> On Wed, 2008-10-08 at 16:26 +0100, Nick Gresham wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi,
>>
>> I'm a systems administrator at the University of Manchester currently
>> trialling FreeIPA as an authentication solution for a group of
>> workstations and HPC machines.
>>
>> Generally speaking, I am very impressed, but I was wondering if there
>> would be a way of setting minimum values for UIDs and GIDs of new users
>> and groups respectively, so as to keep IPA-generated values from
>> colliding with pre-existing accounts on machines that we are trying to
>> make into FreeIPA clients?
>
> Yes, currently it requires a change in the dna plugin configuration.
>
> You can change the attribute 'dnaNextValue' in these 2 ldap entries:
> cn=Accounts,cn=Posix,cn=ipa-dna,cn=plugins,cn=config
> cn=Groups,cn=Posix,cn=ipa-dna,cn=plugins,cn=config
>
> You can do that online using the 'cn=Directory Manager' ldap user.
>
> Simo.
>
Many thanks: that worked!
In case anyone gets stumped by the command needed to access and edit the
'plugins' part of the dirsrv tree (as I initially was), for the record,
I used:
ldapvi -D "cn=Directory Manager" -b cn=ipa-dna,cn=plugins,cn=config
I'm assuming that one needs to do this on all replica servers: is that
correct?
Regards
[NG]
- --
N.J. Gresham
FLS/IS AIO
Systems Administration and Support
University of Manchester
Faculty of Life Sciences
int: 7759349
ext: 0790-989-3684
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjuXGsACgkQoqZzfMI0Udl4xACfTZPfaF16j1wvIGK3NVRRDfSk
YakAniQAhmk82QK6MrXUQFu0h8jWlFCI
=Cl9h
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list