0

We are working on to configure our Linux servers to use LDAP for Authentication using PAM_LDAP + SSSD. Our LDAP Usernames are based on staff numbers (all numeric starting at 1). This will cause a conflicts with daemon, bin, sys... system accounts. What is the best option for us given our Username pattern?

Improve this question

1 Answer 1

Reset to default
1

Rename the users. Numeric usernames are bad to start with (because utilities like getent passwd will then have no idea if you're asking about a UID or a username) and having UIDs start as low as 1 is bad for the reason you just found out.

This is exactly why centralized stores like FreeIPA start their UID range in the millions. At the very last, all users (LDAP or not) should not have their UIDs start below UID_MIN from /etc/login.defs.

Improve this answer
1
  • Changing is the usernames is not an option for us.
    – сакиб али
    Commented Aug 3, 2016 at 13:04

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .