Now, in the case of a merger, you have two companies that likely have
colliding UID ranges. If you're using IPA, however, which dedicates much
higher ranges, there's a significantly greater chance that you will be
able to trivially merge the users and groups without forcing one company
or the other to change their IDs. (If you've ever had to do this, you'd
know that this is usually a multi-month project that invariably misses



I am about to go through this with 100 production linux servers, 350ish T&D, 
100s of desktops and at least 2 pre-existing LDAP solutions (openldap and MAC 
OS ldap) out there that I know of that clash on UIDs plus use of /etc/passwd.  
Many of these are described as mission critical, typically financial 
servers....I might take up smoking and large amounts of mental health 


Honestly live with the IPA range idea, its a god one.

Multi-Months? yeah could easily be an understatement...just for the prod 
servers alone I will have to do a in depth look at and write out a conversion 
plan for each one and do it, I think as much as a week each...So Im thinking 
not less than 6 months and I reckon as I'm on my own probably 1 to 2 years 
bearing in mind other work will come along......so some of them could be 
"organic" ie on a hardware refresh, so 5 years...

My management hasn't a clue yet......but that's because they haven't wanted to 
listen for 4+ years....


Freeipa-users mailing list

Reply via email to