[Freeipa-users] Change UID range

[Steven Jones]

8><--------

Now, in the case of a merger, you have two companies that likely have
colliding UID ranges. If you're using IPA, however, which dedicates much
higher ranges, there's a significantly greater chance that you will be
able to trivially merge the users and groups without forcing one company
or the other to change their IDs. (If you've ever had to do this, you'd
know that this is usually a multi-month project that invariably misses
something.)

8><-----

Yep,

I am about to go through this with 100 production linux servers, 350ish T&D, 100s of desktops and at least 2 pre-existing LDAP solutions (openldap and MAC OS ldap) out there that I know of that clash on UIDs plus use of /etc/passwd.  Many of these are described as mission critical, typically financial servers....I might take up smoking and large amounts of mental health insurance.....

;]

Honestly live with the IPA range idea, its a god one.

Multi-Months? yeah could easily be an understatement...just for the prod servers alone I will have to do a in depth look at and write out a conversion plan for each one and do it, I think as much as a week each...So Im thinking not less than 6 months and I reckon as I'm on my own probably 1 to 2 years bearing in mind other work will come along......so some of them could be "organic" ie on a hardware refresh, so 5 years...

My management hasn't a clue yet......but that's because they haven't wanted to listen for 4+ years....

regards