[Freeipa-users] ID Ranges in FreeIPA
Rob Crittenden
rcritten at redhat.com
Wed Apr 8 13:49:30 UTC 2015
Coy Hile wrote:
> Hi all,
>
> When I installed FreeIPA, it created a default ID range (of which user
> admin
> is currently the only user existing). Through the UI, I've found that
> one can
> create additional ranges (and that the ipa tools will complain if a user
> has a
> uid assigned manually that falls outside the defined range.) That makes
> sense.
> Is there a way that one can instruct the tools which particular range it
> should
> use for a particular operation? Say one wants different classes of
> users to be
> allocated from different ranges (For example, faculty/staff vs students,
> FTE vs
> contractors, or 'eyeball' users vs role accounts like jdoe vs
> appteambuildbot)?
>
No. And right now there is little correlation between the ranges
assigned when users and groups are created and the ID range. An ID range
is created for the user/group POSIX range, but any changes made to it
have no affect on the actual values assigned (IIRC there is a ticket to
make this immutable to avoid confusion).
Users and groups ids are generated using the Distributed Numeric Plugin
(DNA) in 389-ds which has its own configuration in cn=config.
rob
More information about the Freeipa-users
mailing list