Hi again, by moving away from local account, to freeipa do we affect any of these numbers?:
-group name length limits -group membership limits or they remain the same / as the under limit of the local os? On linux, I believe there will still be a limitation of 16 id per group, right? If anyone has some past experience with AIX, feel free to share with me I am really interested to ear about it Thank you! Sylvain Angers 2012/1/5 Dmitri Pal <[email protected]> > ** > On 01/05/2012 04:20 PM, Sylvain Angers wrote: > > Hello > > We have a mixed environment of AIX, and linux servers > All our user accounts are still set locally - no NIS, and we do not have > unique uid/gid toward our hosts!!! > I am evaluating the possibility of using Redhat Identity management in our > environment > I have to figure out what AIX will be able to support - we would at least > want to be able to limit who could access what on aix > so if you have dealt with AIX, let me knows > > but here my main question > > My question is how do I deal with our current local users? > > > This is a tough one... The assumption was that some kind of identity > system is already in place. > > > When user DAVE get freeipa id 10000000567, do you have to chown every > files he has on a local machine while he might has uid/gid 501 ? > > > > Yes. > > > > I guess we will have to byte the bullet and have a unique id for every > users - right? > > > Correct > > > Is there a simple migration plan from local to freeipa? > > > You pretty much outlined it here. There is nothing better I know of. > You user IDs are probably low enough that there is no overlap with user > IDs from IdM. > > > do we have to migrate an account at the time do an account at the time, > so if account doe not exist locally, it will check remote? > > > This is usually the case when you use files in the nsswitch.conf first and > then ldap or sss. > So logic would be: > 1) Create a user in IdM with same name as a local user (if it is not > already exists) > 2) Find all files owned by local user and replace UID/GID with the ones > from IPA user with the same name > 3) Remove local user > 4) Repeat for all local users > 5) Repeat on every machine > > Step 1) might be a challenge from AIX machine so you might consider > creating a list of all users first, precreating the users in IdM and then > running a script that would do the rest on each of the machines you need to > convert. > > > I am missing the big picture > > thanks in advance > -- > Sylvain Angers > > > _______________________________________________ > Freeipa-users mailing > [email protected]https://www.redhat.com/mailman/listinfo/freeipa-users > > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IPA project, > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs?www.redhat.com/carveoutcosts/ > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > -- Sylvain Angers
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
