[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] migration plan from local accounts

On 01/05/2012 04:20 PM, Sylvain Angers wrote:
Hello

We have a mixed environment of AIX, and linux servers
All our user accounts are still set locally - no NIS, and we do not have unique uid/gid toward our  hosts!!!
I am evaluating the possibility of using Redhat Identity management in our environment
I have to figure out what AIX will be able to support - we would at least want to be able to limit who could access what on aix
so if you have dealt with AIX, let me knows

but here my main question

My question is how do I deal with our current local users?

This is a tough one... The assumption was that some kind of identity system is already in place.

When user DAVE get freeipa id 10000000567, do you have to chown every files he has on a local machine while he might has uid/gid 501 ?


Yes.


I guess we will have to byte the bullet and have a unique id for every users - right?

Correct

Is there a simple migration plan from local to freeipa?

You pretty much outlined it here. There is nothing better I know of.
You user IDs are probably low enough that there is no overlap with user IDs from IdM.

do we have to migrate an account at the time do an account at the time, so if account doe not exist locally, it will check remote?

This is usually the case when you use files in the nsswitch.conf first and then ldap or sss.
So logic would be:
1) Create a user in IdM with same name as a local user (if it is not already exists)
2) Find all files owned by local user and replace UID/GID with the ones from IPA user with the same name
3) Remove local user
4) Repeat for all local users
5) Repeat on every machine

Step 1) might be a challenge from AIX machine so you might consider creating a list of all users first, precreating the users in IdM and then running a script that would do the rest on each of the machines you need to convert.


I am missing the big picture

thanks in advance
--
Sylvain Angers


_______________________________________________
Freeipa-users mailing list
Freeipa-users redhat com
https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]