Q&A: Is it possible to to modify the uid or guid from a user

Knowledge Base Community
, ,
#1

Question:

Is it possible to to modify the uid or guid from a user and can the uniqueness of guid and uid be lifted?

Answer:

1

If there is no samba on the systems, no problems should be expected on the ldap side.
If you have samba on you system, there could be problems with the share access.

2

You can adjust the user via ldapmodify, and you have to set the ucr for uniquness first:

:~# ucr info directory/manager/uid_gid/uniqueness
directory/manager/uid_gid/uniqueness: <empty>
 If this option is activated or the variable unset, UIDs and GIDs must not use the same number.
 Categories: management-udm

3

Make sure after importing users with specified uids, or manipulate the uids afterwards, that in LDAP there is a highest (the last) used ID (gid and for uid). This is a counter that is maintained by UDM and from which new ID’s are generated. It probably makes sense to set this to the highest ID after the manual adjustments have been made.

univention-ldapsearch univentionLastUsedValue=* dn univentionLastUsedValue
# gidNumber, temporary, univention, four.four
dn: cn=gidNumber,cn=temporary,cn=univention,dc=four,dc=four
univentionLastUsedValue: 5009
# uidNumber, temporary, univention, four.four
dn: cn=uidNumber,cn=temporary,cn=univention,dc=four,dc=four
univentionLastUsedValue: 2007

So after the ldapmodify search once in the LDAP for the highest uidNumber or gidNumber and then add it to the object above.

#2
Mastodon