[Freeipa-users] Change UID range

Dmitri Pal dpal at redhat.com
Mon Jun 13 23:00:30 UTC 2011 

On 06/13/2011 06:34 PM, Stamper, Brian P. (ARC-D)[Logyx LLC] wrote:
>
> It's enough of an issue that I'd spend the 1-2 hours to reinstall my
> server and 1 client.  I just find it really odd that the default would
> be so high.  I'm all for avoiding conflicts, but I can't think of too
> many systems that would have a billion users.  The help on the server
> installer says the idstart is random.  I'd rather skip 1000 UIDs than
> 1.3 billion, I just find the numbers unwieldy.  Browsing the web, it
> looks like the default is random between 1m and 2^31.  I'd just prefer
> it be in the 4-6 digit range, as I do still use UIDs numerically on
> occasion.
>
> I have no issue with the default being what it is, most people may not
> care what their UID range actually is.  I just want to know if it can
> be changed manually or if I have to reinstall.  I'm still in an
> evaluation phase with a testing system anyway, so I'll just add it to
> my notes when I deploy to something I might use in production.
>
As far as I remember it is not possible to change after install as any
first user is created using this setting.

We are heading into the era or multiple name spaces even inside one
organization with all the virtualization and cloud. Though these numbers
look odd it might actually be a good idea to use higher ranges to avoid
conflicts between different environments down the road as there will be
many different domains both IPA based as well as AD based in general
case. It will be very hard to change the ranges later so leave yourself
a bit of breathing room and think about you identity landscape 5-7 years
from now. Wrong or limiting decisions now might lead to a lot of pain
and costs down the road.

Thanks
Dmitri

> -brian
>
> On 6/13/11 3:22 PM, "Steven Jones" <Steven.Jones at vuw.ac.nz> wrote:
>
>     Hi,
>
>     The docs say they do this to try and avoid clashes with other
>     organisations in case of a merger.
>
>     Another reason I can see is possibly Shiboleth (Federation) which
>     I/we have to do. So is changing it that much of an issue?
>
>     regards
>
>
>     ________________________________
>     From: freeipa-users-bounces at redhat.com
>     [freeipa-users-bounces at redhat.com] on behalf of Stamper, Brian P.
>     (ARC-D)[Logyx LLC] [brian.p.stamper at nasa.gov]
>     Sent: Tuesday, 14 June 2011 10:18 a.m.
>     To: freeipa-users at redhat.com
>     Subject: [Freeipa-users] Change UID range
>
>     After installing, I've noticed that my UIDs for freeipa start at
>     1.3 billion.  Now, this isn't technically a problem, but it is ...
>     Odd.  Is there a way to change this value after install, or am I
>     stuck uninstalling and reinstalling with the --idstart value set
>     to get this to a more reasonable number?
>
>     -Brian
>
>     _______________________________________________
>     Freeipa-users mailing list
>     Freeipa-users at redhat.com
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110613/5ade6988/attachment.htm>

More information about the Freeipa-users mailing list