We are evaluating RHEL7 IdM (FreeIPA 3.3) for identity management for our UNIX 
infrastructure.  All of our Linux hosts currently have standard and consistent 
UID/GIDs for at least all of our administrative users.  I'm looking for advice 
on how to migrate these users into IPA.

Since we already have consistent UID/GID numbering for our local users, would 
it be advisable to use these same UID/GIDs for the IPA users?  The local users 
and groups with the same UID/GIDs would still exist on the host during the IPA 
transition.  I assume that if we decided to do this, we would need to modify 
/etc/nsswitch.conf on each host so "sss" is queried before "files" for 

Eventually we plan to configure a kerberos trust with our AD domain where we 
could configure these UID/GIDs via AD's POSIX UID/GID settings.

How have others handled local to IPA migrations?  Any advice or input would be 
greatly appreciated.



Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to