On Аўт, 23 сту 2024, Harald Dunkel wrote:
Hi Alex,
On 2024-01-23 14:41:30, Alexander Bokovoy wrote:
One issue we identified today together with Fedora infrastructure team
is that staged users (created with 'ipa stageuser-add') will prevent
sidgen plugin to generate entries.
I didn't even know this command.
[root@ipa0 ~]# ipa stageuser-find
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------
Still trying to find the right documentation.
All documentation was mentioned already in these threads. Please see at
https://access.redhat.com/articles/7027037 for more details (needs RHEL
subscription, including a free developer subscription).
Thank you for the link.
I found one problem by now: Regular UIDs start with 501 in my environment,
for historical reasons. The GIDs are >=1000. When we migrated from good ol'
yellow pages to FreeIPA there was no problem with small UIDs. And in the
BSD and SYSV years before Linux only the UIDs <100 were reserved for system.
Do I have to migrate the existing users between 501 and 999 to new UIDs
1000? I would like to see an error message showing that this is indeed the
problem, first. Surely I would prefer to just adjust the ID ranges instead
of migrating about 90 user accounts.
What would you suggest?
You can add a new local ID range to cover existing UIDs/GIDs. Make sure
to set base RID and secondary base RID when defining a new ID range.
See https://access.redhat.com/articles/7027037 for details.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
