Chris Cowan via FreeIPA-users wrote: > One other issue, I've encountered is in our existing OpenLDAP directory, with > the private group for the user, the uid != gid. This would be easy to fix > but we have our legacy gid space interspersed with the other supplemental > groups we created. Presently, we're talking about 9K users and 130K groups. > Both the uid and gid spaces were originally started at 100,000. > > I started noticing that NSS stuff wasn't working correctly for users where > uid != gid. Even though the user object shows the correct uid and gid. > > Reading bugzilla, and other posts on this list. It appears that I am not > alone. The workaround suggested, which I tried. > - Detach the private group from the user > - Delete the private group > - Recreate with a group-add > > Just wondering if there's new advice on this particular scenario: Migration > of an existing LDAP directory where the private gid is not in sync with the > user's uid > > Going forward, it seems the best thing to do would be to pick distinct ranges > for users and associated groups, vs the supplemental.
Can you explain how you did the migration? Private groups are not created using migrate-ds. In IPA a "private" group is one where uid=gid and the group cannot have members. So I'm a bit unclear why/how you were able to detach the user from the private group. What "NSS stuff" is not working? rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
