ID number assignment
Its initial purpose, ADMan can assign RFC 2307 LDAP uidNumber/gidNumber
attributes for users, computers, and groups.
State
Adman assigns UID/GID numbers sequentially from a user-defined range, and stores
the next-highest value in the msSFU30MaxUidNumber/msSFU30MaxGidNumber
attributes in LDAP. This ensures that even if users/groups are removed, UID/GID
values will not be re-used.
These state variables are referred to by ADman as “next uidNumber” and “next gidNumber”.
Actions
For all configured groups, ADMan will:
Assign
gidNumbervaluesThe next
gidNumberto be assigned is stored inmsSFU30MaxGidNumber.
For all configured users and computers, ADMan will:
Assign
uidNumbervaluesThe next
uidNumberto be assigned is stored inmsSFU30MaxUidNumber.
Update the
gidNumberto match that of the user’s primary group (primaryGroupID)
Configuration
The following configuration options (keys) exist under id_assign:
Config Key |
Type |
Default |
Description |
|---|---|---|---|
|
(required) |
The range of values to use for assigning |
|
|
(required) |
The range of values to use for assigning |
|
|
bool |
True |
Whether or not to assign |
|
|
LDAP containers for which members will be assigned IDs |
Example configuration
id_assign:
# Range of values to use for assigning uidNumber attributes
uid_range:
min: 100000
max: 200000
# Range of values to use for assigning gidNumber attributes
gid_range:
min: 100000
max: 200000
# Assign uidNumber to computer accounts? (default True)
computers: True
# The "only" key, if present, will restrict ID assignment to members of the
# given containers. Optional scope can be be 'one' or 'subtree' (default).
# This applies to both users (including computers) and groups.
only:
# Recommended to always include these three containers
CN=Users:
CN=Computers:
OU=Domain Controllers:
# Other custom containers
OU=ADTest People:
scope: one
Commands
Relevant CLI commands: