[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [SAGE] LDAP Migration Question
On Fri, 29 Jun 2007, Nick Brockner wrote:
> These machines have all the same users, but they all have different UIDs and
> GIDs locally. I have already chosen one of the servers to use as a migration
> base (using PADL migration tools), so I have one set of UIDs and GIDs on the
> lDAP server, but if and when I cut all servers over to using LDAP, the
> permissions are going to be all hosed. I really want to use LDAP for UIDs and
> GIDs so it is consistent throughout my network and I can control things
> better.
>
> Has anyone run into this? Any suggestions?
I hate to be the bearer of bad news, but the answer is exactly what
you think it is:
1. Choose a server to be the master. All other UIDs and GIDs will be
brought into alignment with this. (Yay, already done!)
2. Choose a server to be the first guinea pig. Slowly, painfully,
one at a time, change over all of the UIDs and GIDs to align with
your master. When you're done, switch that machine to LDAP auth.
3. Repeat, ad nauseam.
There is no profit. I just hope, for the sake of your sanity, that
you don't have too many machines to deal with.
The good news is that you can probably write a quick script to help
you with the second step. Something like:
#!/bin/bash
# invoke as fixerator.sh username new-uid
# this is untested, and probably won't work, but you get the idea
old_uid=`getent passwd $1 | awk -F: '{print $3}'
usermod -u $2 $1
find / -owner $old_uid | xargs chown $2
Together with a list of users and new uids, you can schedule some
downtime and change over a machine pretty easily. Similarly for gids.
Good luck and godspeed!
Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
----------------------------
LOPSA Sysadmin Days: Professional Training for Professional SysAdmins
August 6-7, Cherry Hill, NJ
http://lopsa.org/SysadminDays