Hello the list,
We imported all our users with uidnumbers from our old LDAP, but their gidNumber was from 4 groups. This caused us issues with users wanting to grant access to personal spaces to one user, but instead granting access to all the members of the group. To resolve this, when they were imported into FreeIPA we assigned them all new gidNumbers, as reusing their uidNumbers caused large number of gidNumber clashes as many groups were assigned from the same integer range. So now we have a log of users with uidNumber 5XXX and gidNumber 5000XXX. When they log in they see an error like this: /usr/bin/id: cannot find name for group ID 100019 It's pretty much because their gidNumber != uidNumber So getting all the name and group details: [username@ipaserver01:~] $ id username uid=5807(username) gid=100019 groups=100019,66400035(group1),66400007(group2),66400012(group3),66400044(gr oup4),175321(group5),2075295(group6),66400046(group7) [username@ipaserver01:~] 2 $ id -g username 100019 [username@ipaserver01:~] $ getent group 5807 username:*:5807: [username@ipaserver01:~] $ getent group 100019 [username@ipaserver01:~] $ Now, the last part, we can't change their uidNumber. We have a massive filesystem (many terabytes) backed by a tape library (many petabytes) so we need their uidNumber to match that file archived to tape in 1987 and migrated through our tape system upgrades :P So the question is; can we make it resolve those gidNumbers? .I could make 2,500 groups for 2,500 users. Regards, Aaron
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
