Sometimes in order to match legacy setups users will do things like set the minimuim uid range to 500 which if you do that and user with a uid will not be able to log into a clean install of fedora 16 as it wont try to use pam_sss and quietly does so. it would be nice to have a way to change the range to make it easier to clean up from such mistakes.
We would need to check other replicas to verify that we don't overlap.
Need mechanism to extend range if it becomes exhausted.
Additional enhancement would to move DNA configuration out of cn=config into replicated tree to make it easier to find and update these values.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=824528
Rename component.
attachment freeipa-rga-0016-DOC-Sometimes-users-set-bad-uid-ranges.patch
Patch posted to mailing list.
docs master:
Metadata Update from @ausil: - Issue assigned to rga - Issue set to the milestone: FreeIPA 3.x Documentation
Login to comment on this ticket.