[clug] Syncronising UID/GIDs when migrating to LDAP

Michael James clug3 at james.st
Thu Sep 13 02:22:11 GMT 2007

On Thu, 13 Sep 2007 11:47:55 am Edward Lang wrote:

> Does anyone have any knowledge or experience in syncronising UID/GIDs
> across myriad servers when migrating the servers to use LDAP for
> authentication and user data storage?
> I've got a bunch of servers that have been put into use over a period of
> time and unfortunately the UIDs and GIDs don't presently match up. 
> They're each presently using local authentication and local user
> administration. I've been asked to assist in moving them to point at a
> Win2003 AD PDC using LDAP as the transport. (Kerberos doesn't do group
> enumeration!) Centralising the administration and authentication would be
> nice but maintaining file and directory ownerships could well be a
> nightmare.

What are you using for UID numbers?
Taking the 64 bit AD numbers raw?
 (That's what is being proposed here at CSIRO)

Or using some sort of LDAP gateway that back-ends into AD?

Are you using Samba4 anywhere?

Or using winbind to map to more Unix-friendly numbers?
If so can the new numbers be in a different range than the old?

Are the home dirs NFS mapped or local disks?

Years ago I migrated a batch by hand using:
root>  find -name <old-number> -exec chown <new-name> {} \;

This becomes a nightmare if the new and old numbers overlap.

rsync might be your friend, it maps UIDs through the local user data-source
  IF you can find a way to use it between machines.


Konqueror has gotten so clever for its own boots
  that it has forgotten what a web browser is for.

More information about the linux mailing list