One other issue, I've encountered is in our existing OpenLDAP directory, with the private group for the user, the uid != gid. This would be easy to fix but we have our legacy gid space interspersed with the other supplemental groups we created. Presently, we're talking about 9K users and 130K groups. Both the uid and gid spaces were originally started at 100,000.
I started noticing that NSS stuff wasn't working correctly for users where uid != gid. Even though the user object shows the correct uid and gid.
Reading bugzilla, and other posts on this list. It appears that I am not alone. The workaround suggested, which I tried.
- Detach the private group from the user
- Delete the private group
- Recreate with a group-add
Just wondering if there's new advice on this particular scenario: Migration of an existing LDAP directory where the private gid is not in sync with the user's uid
Going forward, it seems the best thing to do would be to pick distinct ranges for users and associated groups, vs the supplemental.