<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 01/05/2012 04:20 PM, Sylvain Angers wrote:
<blockquote
cite="mid:CABn0HjsyJXROU_KhUJ6Qj+q+z3xNuazs6252xV+-16=czq1M1w@mail.gmail.com"
type="cite">Hello
<div><br>
</div>
<div>We have a mixed environment of AIX, and linux servers</div>
<div>All our user accounts are still set locally - no NIS, and we
do not have unique uid/gid toward our hosts!!!</div>
<div>I am evaluating the possibility of using Redhat
Identity management in our environment</div>
<div>I have to figure out what AIX will be able to support - we
would at least want to be able to limit who could access what on
aix</div>
<div>so if you have dealt with AIX, let me knows</div>
<div><br>
</div>
<div>but here my main question</div>
<div><br>
</div>
<div>My question is how do I deal with our current local users? <br>
</div>
</blockquote>
<br>
This is a tough one... The assumption was that some kind of identity
system is already in place.<br>
<br>
<blockquote
cite="mid:CABn0HjsyJXROU_KhUJ6Qj+q+z3xNuazs6252xV+-16=czq1M1w@mail.gmail.com"
type="cite">
<div>When user DAVE get freeipa id 10000000567, do you have to
chown every files he has on a local machine while he might has
uid/gid 501 ?</div>
</blockquote>
<br>
<br>
Yes.<br>
<br>
<blockquote
cite="mid:CABn0HjsyJXROU_KhUJ6Qj+q+z3xNuazs6252xV+-16=czq1M1w@mail.gmail.com"
type="cite">
<div><br>
</div>
<div>I guess we will have to byte the bullet and have a unique id
for every users - right?</div>
</blockquote>
<br>
Correct<br>
<br>
<blockquote
cite="mid:CABn0HjsyJXROU_KhUJ6Qj+q+z3xNuazs6252xV+-16=czq1M1w@mail.gmail.com"
type="cite">
<div>
<div>Is there a simple migration plan from local to freeipa?</div>
</div>
</blockquote>
<br>
You pretty much outlined it here. There is nothing better I know of.<br>
You user IDs are probably low enough that there is no overlap with
user IDs from IdM.<br>
<br>
<blockquote
cite="mid:CABn0HjsyJXROU_KhUJ6Qj+q+z3xNuazs6252xV+-16=czq1M1w@mail.gmail.com"
type="cite">
<div>
<div>do we have to migrate an account at the time do an account
at the time, so if account doe not exist locally, it will
check remote?</div>
</div>
</blockquote>
<br>
This is usually the case when you use files in the nsswitch.conf
first and then ldap or sss.<br>
So logic would be:<br>
1) Create a user in IdM with same name as a local user (if it is not
already exists)<br>
2) Find all files owned by local user and replace UID/GID with the
ones from IPA user with the same name<br>
3) Remove local user<br>
4) Repeat for all local users<br>
5) Repeat on every machine<br>
<br>
Step 1) might be a challenge from AIX machine so you might consider
creating a list of all users first, precreating the users in IdM and
then running a script that would do the rest on each of the machines
you need to convert.<br>
<br>
<blockquote
cite="mid:CABn0HjsyJXROU_KhUJ6Qj+q+z3xNuazs6252xV+-16=czq1M1w@mail.gmail.com"
type="cite">
<div>
<div><br>
</div>
<div>I am missing the big picture</div>
<div><br>
</div>
<div>thanks in advance</div>
-- <br>
Sylvain Angers<br>
<br>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>