On Mon, 2011-06-13 at 18:10 -0500, Stamper, Brian P. (ARC-D)[Logyx LLC]
wrote:
> 
> Not until I add 1.299 billion users :)


I think you've missed the point a little bit. The reason for the high
UIDs is to solve a problem that most people don't realize yet that they
have.

A VERY common situation is for a larger company to acquire a smaller
one. When this happens, it becomes necessary to merge their two identity
environments. Right now, most small companies (and a disconcerting
number of large ones) have UIDs that start at 500 or 1000 in their LDAP
servers (because the vast majority of these companies start out by
using /etc/passwd and then dump these values to LDAP when they grow to a
certain point).

Now, in the case of a merger, you have two companies that likely have
colliding UID ranges. If you're using IPA, however, which dedicates much
higher ranges, there's a significantly greater chance that you will be
able to trivially merge the users and groups without forcing one company
or the other to change their IDs. (If you've ever had to do this, you'd
know that this is usually a multi-month project that invariably misses
something.)

The decision to make the range start at 1 billion was made specifically
BECAUSE the chances of a company having that many users was
statistically unlikely.

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to