Hi folks,
I have found an Active Directory domain range in my FreeIPA setup using -1 as the first Posix ID:
Range name: EXAMPLE.COM_subid_range First Posix ID of the range: 2147483648 Number of IDs in the range: 2147352576 First RID of the corresponding RID range: 2147283648 Domain SID of the trusted domain: S-1-5-21-738065-838566-194929194 Range type: Active Directory domain range
The GUI shows a warning about this, see https://pagure.io/freeipa/issue/9408. Is it save to kick out this ID range? AFAICS there are no users or groups defined using an ID out of this range. And there is not trust relationship to an AD server.
Every insightful comment is highly appreciated
Harri
Please don't. Instead, you might benefit from reading https://freeipa.readthedocs.io/en/latest/designs/subordinate-ids.html and other design documents.
Don't assume everything is AD-related if you see a such thing as an ID-range.
пн, 3 июл. 2023 г., 19:47 Harald Dunkel via FreeIPA-users < freeipa-users@lists.fedorahosted.org>:
Hi folks,
I have found an Active Directory domain range in my FreeIPA setup using -1 as the first Posix ID:
Range name: EXAMPLE.COM_subid_range First Posix ID of the range: 2147483648 Number of IDs in the range: 2147352576 First RID of the corresponding RID range: 2147283648 Domain SID of the trusted domain: S-1-5-21-738065-838566-194929194 Range type: Active Directory domain range
The GUI shows a warning about this, see https://pagure.io/freeipa/issue/9408. Is it save to kick out this ID range? AFAICS there are no users or groups defined using an ID out of this range. And there is not trust relationship to an AD server.
Every insightful comment is highly appreciated
Harri _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
freeipa-users@lists.fedorahosted.org