> I wouldn't recommend duplicating your users, pick one and use that. If you
> want to be able to manage your users, groups, HBAC, sudo, etc.
> centrally then you'll want the users in IPA. But if you leave them locally you
> may end up with corner case problems.
> If you *do* end up adding your local users to IPA then yeah, you've got a
> decision to make. Either your use the existing UID/GID which is probably fine
> (though you may want to look adding a local range) or you let IPA assign a
> new UID from its own range, then you have to quickly change file ownership
> on all enrolled systems.

Well, the users are definitely going to be in IPA (or AD via IPA).  However, 
they *will* exist in both IPA and locally during the migration period.  If they 
have the same UID/GIDs in both places (local and IPA), then I will need to 
prefer IPA to 'files' in nsswitch.conf.  The main reason I want to duplicate 
the local UID/GID's in IPA is to retain file permissions.


Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to