Re: [Freeipa-users] Why not unix UIDs (numbers and range)
On 05/23/2011 05:09 PM, Steven Jones wrote: > um so I thought there was a 65k limit? > The UID is at least 32 bit on the modern systems as far as I recall and has been this way for quite some time. > I have way more numerals than that. > > Also I need to pick up that UID from somewhere as its part of a users > identify in the identity managment system we havehow would I go about > sucking that out of IPA after the account is provisioned? you can get user info via CLI or LDAP. But you can also provide yours as explicit arguments to user creation. If you do the entry will be created with the UID and GID you want though you would have to make sure there is no duplication yourself. We have couple tickets that will help with detection and explanation of this situation. https://fedorahosted.org/freeipa/ticket/1183 (doc) https://fedorahosted.org/freeipa/ticket/341 https://fedorahosted.org/freeipa/ticket/1231 > regards > > Steven > > From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Stephen Gallagher [sgall...@redhat.com] > Sent: Monday, 23 May 2011 11:23 p.m. > To: freeipa-users@redhat.com > Subject: Re: [Freeipa-users] Why not unix UIDs (numbers and range) > > On Mon, 2011-05-23 at 04:42 +, Steven Jones wrote: >> Hi, >> >> Why doesnt IPA use std unix UIDs? and how does that translate into Unix >> permissions on a client if it does not? >> >> BTW neat install, under 10mins and its up! > > FreeIPA does use standard UNIX UIDs and GIDs. By default, however, > they're generated automatically behind the scenes so that the > administrator doesn't need to manage them. FreeIPA does this so it can > ensure that there are no duplicate IDs in the system, which is a common > problem in unmanaged LDAP environments. > > On the various client machines, you can see that the users have UIDs and > GIDs by performing 'getent passwd '. > > ___ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Why not unix UIDs (numbers and range)
That used to be true, but it's been a lot higher for some time now. Linux has had 32-bit integers for UID/GID since Linux kernel 2.4, and Solaris has had the same since Solaris 2.5.1. I can't speak for other *nix flavours. Rgds, Siggi. On 05/23/2011 11:09 PM, Steven Jones wrote: um so I thought there was a 65k limit? I have way more numerals than that. Also I need to pick up that UID from somewhere as its part of a users identify in the identity managment system we havehow would I go about sucking that out of IPA after the account is provisioned? regards Steven From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Stephen Gallagher [sgall...@redhat.com] Sent: Monday, 23 May 2011 11:23 p.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Why not unix UIDs (numbers and range) On Mon, 2011-05-23 at 04:42 +, Steven Jones wrote: Hi, Why doesnt IPA use std unix UIDs? and how does that translate into Unix permissions on a client if it does not? BTW neat install, under 10mins and its up! FreeIPA does use standard UNIX UIDs and GIDs. By default, however, they're generated automatically behind the scenes so that the administrator doesn't need to manage them. FreeIPA does this so it can ensure that there are no duplicate IDs in the system, which is a common problem in unmanaged LDAP environments. On the various client machines, you can see that the users have UIDs and GIDs by performing 'getent passwd'. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Why not unix UIDs (numbers and range)
um so I thought there was a 65k limit? I have way more numerals than that. Also I need to pick up that UID from somewhere as its part of a users identify in the identity managment system we havehow would I go about sucking that out of IPA after the account is provisioned? regards Steven From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Stephen Gallagher [sgall...@redhat.com] Sent: Monday, 23 May 2011 11:23 p.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] Why not unix UIDs (numbers and range) On Mon, 2011-05-23 at 04:42 +, Steven Jones wrote: > Hi, > > Why doesnt IPA use std unix UIDs? and how does that translate into Unix > permissions on a client if it does not? > > BTW neat install, under 10mins and its up! FreeIPA does use standard UNIX UIDs and GIDs. By default, however, they're generated automatically behind the scenes so that the administrator doesn't need to manage them. FreeIPA does this so it can ensure that there are no duplicate IDs in the system, which is a common problem in unmanaged LDAP environments. On the various client machines, you can see that the users have UIDs and GIDs by performing 'getent passwd '. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Why not unix UIDs (numbers and range)
On Mon, 2011-05-23 at 04:42 +, Steven Jones wrote: > Hi, > > Why doesnt IPA use std unix UIDs? and how does that translate into Unix > permissions on a client if it does not? > > BTW neat install, under 10mins and its up! FreeIPA does use standard UNIX UIDs and GIDs. By default, however, they're generated automatically behind the scenes so that the administrator doesn't need to manage them. FreeIPA does this so it can ensure that there are no duplicate IDs in the system, which is a common problem in unmanaged LDAP environments. On the various client machines, you can see that the users have UIDs and GIDs by performing 'getent passwd '. signature.asc Description: This is a digitally signed message part ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users