[Freeipa-users] ID Ranges in FreeIPA
Hi all, When I installed FreeIPA, it created a default ID range (of which user admin is currently the only user existing). Through the UI, I've found that one can create additional ranges (and that the ipa tools will complain if a user has a uid assigned manually that falls outside the defined range.) That makes sense. Is there a way that one can instruct the tools which particular range it should use for a particular operation? Say one wants different classes of users to be allocated from different ranges (For example, faculty/staff vs students, FTE vs contractors, or 'eyeball' users vs role accounts like jdoe vs appteambuildbot)? Thanks, -c -- Coy Hile coy.h...@coyhile.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] ID Ranges in FreeIPA
Coy Hile wrote: > Hi all, > > When I installed FreeIPA, it created a default ID range (of which user > admin > is currently the only user existing). Through the UI, I've found that > one can > create additional ranges (and that the ipa tools will complain if a user > has a > uid assigned manually that falls outside the defined range.) That makes > sense. > Is there a way that one can instruct the tools which particular range it > should > use for a particular operation? Say one wants different classes of > users to be > allocated from different ranges (For example, faculty/staff vs students, > FTE vs > contractors, or 'eyeball' users vs role accounts like jdoe vs > appteambuildbot)? > No. And right now there is little correlation between the ranges assigned when users and groups are created and the ID range. An ID range is created for the user/group POSIX range, but any changes made to it have no affect on the actual values assigned (IIRC there is a ticket to make this immutable to avoid confusion). Users and groups ids are generated using the Distributed Numeric Plugin (DNA) in 389-ds which has its own configuration in cn=config. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project