[Freeipa-users] Local users/groups to IPA Transition
Rob Crittenden
rcritten at redhat.com
Thu Jul 31 14:16:50 UTC 2014
Baird, Josh wrote:
>> So if I understand this right, you're planning on two back to back user
>> migrations? First is local->FreeIPA, then eventually FreeIPA->AD? Are your
>> current "local" users coincidentally the same as your current AD users?
>
> Well - I will likely try to skip the Local -> FreeIPA and just go directly to FreeIPA -> AD. My main question though still remains - do I force the same local UID/GIDs to the IPA/AD users? I'm just looking for advice on local user to IPA migration strategies.
I wouldn't recommend duplicating your users, pick one and use that. If
you want to be able to manage your users, groups, HBAC, sudo, etc.
centrally then you'll want the users in IPA. But if you leave them
locally you may end up with corner case problems.
If you *do* end up adding your local users to IPA then yeah, you've got
a decision to make. Either your use the existing UID/GID which is
probably fine (though you may want to look adding a local range) or you
let IPA assign a new UID from its own range, then you have to quickly
change file ownership on all enrolled systems.
rob
More information about the Freeipa-users
mailing list