[Freeipa-users] Change UID range
Stephen Gallagher
sgallagh at redhat.com
Tue Jun 14 11:42:05 UTC 2011
On Mon, 2011-06-13 at 18:10 -0500, Stamper, Brian P. (ARC-D)[Logyx LLC]
wrote:
>
> Not until I add 1.299 billion users :)
I think you've missed the point a little bit. The reason for the high
UIDs is to solve a problem that most people don't realize yet that they
have.
A VERY common situation is for a larger company to acquire a smaller
one. When this happens, it becomes necessary to merge their two identity
environments. Right now, most small companies (and a disconcerting
number of large ones) have UIDs that start at 500 or 1000 in their LDAP
servers (because the vast majority of these companies start out by
using /etc/passwd and then dump these values to LDAP when they grow to a
certain point).
Now, in the case of a merger, you have two companies that likely have
colliding UID ranges. If you're using IPA, however, which dedicates much
higher ranges, there's a significantly greater chance that you will be
able to trivially merge the users and groups without forcing one company
or the other to change their IDs. (If you've ever had to do this, you'd
know that this is usually a multi-month project that invariably misses
something.)
The decision to make the range start at 1 billion was made specifically
BECAUSE the chances of a company having that many users was
statistically unlikely.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110614/924b7f4c/attachment.sig>
More information about the Freeipa-users
mailing list