Re: [Freeipa-users] UID 999, not possible?

Fri, 29 Jun 2012 07:26:56 -0700 

On Fri, 29 Jun 2012, Petr Viktorin wrote:

On 06/29/2012 03:55 PM, Alexander Bokovoy wrote:

On Fri, 29 Jun 2012, Petr Viktorin wrote:

On 06/29/2012 03:04 PM, Alexander Bokovoy wrote:

On Thu, 28 Jun 2012, sysad...@noboost.org wrote:

Hi All,

Is there a weird restriction to UID 999 in ipa, as IPA keeps changing
the UID when I add a user with that number? (I've already checked the
UID isn't in use)

We use 999 as a marker for DNA plugin. UID/GID 999 is replaced by
an allocated one with the help of the 389-ds plugin
http://directory.fedoraproject.org/wiki/DNA_Plugin
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Deployment_Guide/Defining_Dynamic_Atrribute_Values.html#about-dunamically-assigning-attribute-values



The documentation mentions that the magic value can be a word
("magic"), or it doesn't have to exist at all (it's added for
objectClass:posixAccount entries). Is there a reason IPA is using 999
here?

uidNumber and gidNumber field use integer value syntax:
OID value: 1.3.6.1.4.1.1466.115.121.1.27

OID description:
Values in this syntax are encoded as the decimal representation of their
values, with each decimal digit represented by the its character
equivalent. So the number 1321 is represented by the character string
"1321".
So, you can't have string there that does not evaluate to integer.
That's true, but according to the documentation you linked, uidNumber/gidNumber syntax doesn't matter. The dnaMagicRegen field is in fact a DirectoryString. I assume the DNA plugin sees and modifies the value before it's validated as an integer. 
Looks like you are right:
http://comments.gmane.org/gmane.linux.redhat.fedora.directory.user/10641

We would have issue on our side when using non-integer value as Int()
parameter does not support non-integer values. However, we could select
some negative value as default one and use the same value for DNA
configuration.


--
/ Alexander Bokovoy

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to