[Freeipa-users] migration plan from local accounts
Sylvain Angers
sylvainangers at gmail.com
Thu Jan 5 23:27:21 UTC 2012
Hi again,
by moving away from local account, to freeipa do we affect any of these
numbers?:
-group name length limits
-group membership limits
or they remain the same / as the under limit of the local os?
On linux, I believe there will still be a limitation of 16 id per group,
right?
If anyone has some past experience with AIX, feel free to share with me
I am really interested to ear about it
Thank you!
Sylvain Angers
2012/1/5 Dmitri Pal <dpal at redhat.com>
> **
> On 01/05/2012 04:20 PM, Sylvain Angers wrote:
>
> Hello
>
> We have a mixed environment of AIX, and linux servers
> All our user accounts are still set locally - no NIS, and we do not have
> unique uid/gid toward our hosts!!!
> I am evaluating the possibility of using Redhat Identity management in our
> environment
> I have to figure out what AIX will be able to support - we would at least
> want to be able to limit who could access what on aix
> so if you have dealt with AIX, let me knows
>
> but here my main question
>
> My question is how do I deal with our current local users?
>
>
> This is a tough one... The assumption was that some kind of identity
> system is already in place.
>
>
> When user DAVE get freeipa id 10000000567, do you have to chown every
> files he has on a local machine while he might has uid/gid 501 ?
>
>
>
> Yes.
>
>
>
> I guess we will have to byte the bullet and have a unique id for every
> users - right?
>
>
> Correct
>
>
> Is there a simple migration plan from local to freeipa?
>
>
> You pretty much outlined it here. There is nothing better I know of.
> You user IDs are probably low enough that there is no overlap with user
> IDs from IdM.
>
>
> do we have to migrate an account at the time do an account at the time,
> so if account doe not exist locally, it will check remote?
>
>
> This is usually the case when you use files in the nsswitch.conf first and
> then ldap or sss.
> So logic would be:
> 1) Create a user in IdM with same name as a local user (if it is not
> already exists)
> 2) Find all files owned by local user and replace UID/GID with the ones
> from IPA user with the same name
> 3) Remove local user
> 4) Repeat for all local users
> 5) Repeat on every machine
>
> Step 1) might be a challenge from AIX machine so you might consider
> creating a list of all users first, precreating the users in IdM and then
> running a script that would do the rest on each of the machines you need to
> convert.
>
>
> I am missing the big picture
>
> thanks in advance
> --
> Sylvain Angers
>
>
> _______________________________________________
> Freeipa-users mailing listFreeipa-users at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
--
Sylvain Angers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120105/0c200f87/attachment.htm>
More information about the Freeipa-users
mailing list