One other issue, I've encountered is in our existing OpenLDAP directory, with the private group for the user, the uid != gid. This would be easy to fix but we have our legacy gid space interspersed with the other supplemental groups we created. Presently, we're talking about 9K users and 130K groups. Both the uid and gid spaces were originally started at 100,000.
I started noticing that NSS stuff wasn't working correctly for users where uid != gid. Even though the user object shows the correct uid and gid. Reading bugzilla, and other posts on this list. It appears that I am not alone. The workaround suggested, which I tried. - Detach the private group from the user - Delete the private group - Recreate with a group-add Just wondering if there's new advice on this particular scenario: Migration of an existing LDAP directory where the private gid is not in sync with the user's uid Going forward, it seems the best thing to do would be to pick distinct ranges for users and associated groups, vs the supplemental. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue