How to get around error `The gidNumber is already in use as a uidNumber`

I am migrating a legacy LDAP server to UCS and run into this problem: I cannot create a group with a gidNumber that is the same as uidNumber of an existing user.

I considered shifting the uidNumbers (or gidNumbers) to another range (for example newUidNumber = oldUidNumber + 10000), but the problem is that we have many files in the company which must be changed to reflect the new uid/gid number. So ideal for us would be to use the existing uid/gid number. Is there any workaround in UCS for this?

I searched in the python files and it seems the check for uid/gid is done in this file


function _check_uid_gid_uniqueness

So I tried to turn it off:

univention-config-registry set directory/manager/uid_gid/uniqueness=false

and afterwards indeed I could create a group with a gidNumber that has been already used as uidNumber for a user.

I’d like to ask what are the risks of doing this? I am sure there are good reasons why UCS requires this uid/gid uniqueness by default.

I would like to ask if someone from UCS could comment on this? For me it would be helpful to know if this is a:

(a) not supported scenario, might work or not, do at your own risk; or

(b) this is a very, very bad idea and you will regret doing this

thanks in advance for any hint.


The scenario is supported but may lead to errors in Samba IDmap LDB (The UCR variable was implemented in Bug 38796 – ensure uidNumber and gidNumber do not collide when add/mod user or group). So use on own risk, if possible better prevent it.