How to get around error `The gidNumber is already in use as a uidNumber`

tony2 · March 29, 2022, 8:48am

I am migrating a legacy LDAP server to UCS and run into this problem: I cannot create a group with a gidNumber that is the same as uidNumber of an existing user.

I considered shifting the uidNumbers (or gidNumbers) to another range (for example newUidNumber = oldUidNumber + 10000), but the problem is that we have many files in the company which must be changed to reflect the new uid/gid number. So ideal for us would be to use the existing uid/gid number. Is there any workaround in UCS for this?

tony2 · March 30, 2022, 7:42am

I searched in the python files and it seems the check for uid/gid is done in this file

/usr/lib/python2.7/dist-packages/univention/admin/handlers/groups/group.py

function _check_uid_gid_uniqueness

So I tried to turn it off:

univention-config-registry set directory/manager/uid_gid/uniqueness=false

and afterwards indeed I could create a group with a gidNumber that has been already used as uidNumber for a user.

I’d like to ask what are the risks of doing this? I am sure there are good reasons why UCS requires this uid/gid uniqueness by default.

tony2 · April 6, 2022, 8:06am

I would like to ask if someone from UCS could comment on this? For me it would be helpful to know if this is a:

(a) not supported scenario, might work or not, do at your own risk; or

(b) this is a very, very bad idea and you will regret doing this

thanks in advance for any hint.

Regards,
Tony

Best · July 20, 2022, 9:14pm

The scenario is supported but may lead to errors in Samba IDmap LDB (The UCR variable was implemented in Bug 38796 – ensure uidNumber and gidNumber do not collide when add/mod user or group). So use on own risk, if possible better prevent it.