We are evaluating RHEL7 IdM (FreeIPA 3.3) for identity management for our UNIX
infrastructure. All of our Linux hosts currently have standard and consistent
UID/GIDs for at least all of our administrative users. I'm looking for advice
on how to migrate these users into IPA.
Since we already have consistent UID/GID numbering for our local users, would
it be advisable to use these same UID/GIDs for the IPA users? The local users
and groups with the same UID/GIDs would still exist on the host during the IPA
transition. I assume that if we decided to do this, we would need to modify
/etc/nsswitch.conf on each host so "sss" is queried before "files" for
Eventually we plan to configure a kerberos trust with our AD domain where we
could configure these UID/GIDs via AD's POSIX UID/GID settings.
How have others handled local to IPA migrations? Any advice or input would be
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project