[Freeipa-users] UID 999, not possible?

Alexander Bokovoy abokovoy at redhat.com
Fri Jun 29 14:23:24 UTC 2012 

On Fri, 29 Jun 2012, Petr Viktorin wrote:
>On 06/29/2012 03:55 PM, Alexander Bokovoy wrote:
>>On Fri, 29 Jun 2012, Petr Viktorin wrote:
>>>On 06/29/2012 03:04 PM, Alexander Bokovoy wrote:
>>>>On Thu, 28 Jun 2012, sysadmin at noboost.org wrote:
>>>>>Hi All,
>>>>>
>>>>>Is there a weird restriction to UID 999 in ipa, as IPA keeps changing
>>>>>the UID when I add a user with that number? (I've already checked the
>>>>>UID isn't in use)
>>>>We use 999 as a marker for DNA plugin. UID/GID 999 is replaced by
>>>>an allocated one with the help of the 389-ds plugin
>>>>http://directory.fedoraproject.org/wiki/DNA_Plugin
>>>>http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Deployment_Guide/Defining_Dynamic_Atrribute_Values.html#about-dunamically-assigning-attribute-values
>>>>
>>>
>>>The documentation mentions that the magic value can be a word
>>>("magic"), or it doesn't have to exist at all (it's added for
>>>objectClass:posixAccount entries). Is there a reason IPA is using 999
>>>here?
>>uidNumber and gidNumber field use integer value syntax:
>>OID value: 1.3.6.1.4.1.1466.115.121.1.27
>>
>>OID description:
>>Values in this syntax are encoded as the decimal representation of their
>>values, with each decimal digit represented by the its character
>>equivalent. So the number 1321 is represented by the character string
>>"1321".
>>So, you can't have string there that does not evaluate to integer.
>
>That's true, but according to the documentation you linked, 
>uidNumber/gidNumber syntax doesn't matter.
>The dnaMagicRegen field is in fact a DirectoryString. I assume the 
>DNA plugin sees and modifies the value before it's validated as an 
>integer.
Looks like you are right:
http://comments.gmane.org/gmane.linux.redhat.fedora.directory.user/10641

We would have issue on our side when using non-integer value as Int()
parameter does not support non-integer values. However, we could select
some negative value as default one and use the same value for DNA
configuration.


-- 
/ Alexander Bokovoy

More information about the Freeipa-users mailing list