How to get around error `The gidNumber is already in use as a uidNumber`

I am migrating a legacy LDAP server to UCS and run into this problem: I cannot create a group with a gidNumber that is the same as uidNumber of an existing user.

I considered shifting the uidNumbers (or gidNumbers) to another range (for example newUidNumber = oldUidNumber + 10000), but the problem is that we have many files in the company which must be changed to reflect the new uid/gid number. So ideal for us would be to use the existing uid/gid number. Is there any workaround in UCS for this?

I searched in the python files and it seems the check for uid/gid is done in this file


function _check_uid_gid_uniqueness

So I tried to turn it off:

univention-config-registry set directory/manager/uid_gid/uniqueness=false

and afterwards indeed I could create a group with a gidNumber that has been already used as uidNumber for a user.

I’d like to ask what are the risks of doing this? I am sure there are good reasons why UCS requires this uid/gid uniqueness by default.

I would like to ask if someone from UCS could comment on this? For me it would be helpful to know if this is a:

(a) not supported scenario, might work or not, do at your own risk; or

(b) this is a very, very bad idea and you will regret doing this

thanks in advance for any hint.