[clug] Syncronising UID/GIDs when migrating to LDAP

Alex Satrapa grail at goldweb.com.au
Thu Sep 13 23:23:11 GMT 2007

On 13/09/2007, at 12:22 , Michael James wrote:

> Years ago I migrated a batch by hand using:
> root>  find -name <old-number> -exec chown <new-name> {} \;
> This becomes a nightmare if the new and old numbers overlap.

Way back in the day, when I was being taught to program (as opposed  
to when I actually learned), we were taught this basic swap routine:

To swap X and Y:
Temp = X
X = Y
Y = Temp

So applying this to the situation at hand, you could either (a) move  
all uids in one fell swoop to a much higher number range than you're  
currently using and keep them there, or (b) temporarily move all uids  
to a number range that is not being used anywhere, then move them  
back to have the one user with the same UID on each machine.

At this point you can introduce the central directory system, and  
consider removing all but system and "rescue" user details from the  
local hosts. You will need a non-root rescue user in order to allow  
safe access to each machine when the central directory server becomes  

The hard part of the exercise is determining the final UID for each  
user, and shipping that out as a script to each host. The rest is  
just waiting for the find to finish.


More information about the linux mailing list