Now, in the case of a merger, you have two companies that likely have
colliding UID ranges. If you're using IPA, however, which dedicates much
higher ranges, there's a significantly greater chance that you will be
able to trivially merge the users and groups without forcing one company
or the other to change their IDs. (If you've ever had to do this, you'd
know that this is usually a multi-month project that invariably misses
I am about to go through this with 100 production linux servers, 350ish T&D,
100s of desktops and at least 2 pre-existing LDAP solutions (openldap and MAC
OS ldap) out there that I know of that clash on UIDs plus use of /etc/passwd.
Many of these are described as mission critical, typically financial
servers....I might take up smoking and large amounts of mental health
Honestly live with the IPA range idea, its a god one.
Multi-Months? yeah could easily be an understatement...just for the prod
servers alone I will have to do a in depth look at and write out a conversion
plan for each one and do it, I think as much as a week each...So Im thinking
not less than 6 months and I reckon as I'm on my own probably 1 to 2 years
bearing in mind other work will come along......so some of them could be
"organic" ie on a hardware refresh, so 5 years...
My management hasn't a clue yet......but that's because they haven't wanted to
listen for 4+ years....
Freeipa-users mailing list