添加一个低ID号区域,初忠为想让IdM中允许ID500以上的用户,最后结果为不行。提一下,后来想要删除新增加的都删除不了,因为ID范围在不被允许的范围。
[root@node1 ~]# ipa idrange-add LOW_ID_RANGE
First Posix ID of the range: 500
Number of IDs in the range: 2000
ipa: WARNING: Service dirsrv@SXICC-CAS-CN.service requires restart on IPA server <all IPA servers> to apply configuration changes.
-----------------------------
Added ID range "LOW_ID_RANGE"
-----------------------------
Range name: LOW_ID_RANGE
First Posix ID of the range: 500
Number of IDs in the range: 2000
Range type: local domain range
[root@node1 ~]#
查看当前有那些区域
[root@node1 ~]# ipa idrange-find
----------------
3 ranges matched
----------------
Range name: LOW_ID_RANGE
First Posix ID of the range: 500
Number of IDs in the range: 2000
Range type: local domain range
Range name: SXICC.CAS.CN_id_range
First Posix ID of the range: 193000000
Number of IDs in the range: 200000
First RID of the corresponding RID range: 1000
First RID of the secondary RID range: 100000000
Range type: local domain range
Range name: SXICC.CAS.CN_subid_range
First Posix ID of the range: 2147483648
Number of IDs in the range: 2147352576
First RID of the corresponding RID range: 2147283648
Domain SID of the trusted domain: S-1-5-21-738065-838566-3263723344
Range type: Active Directory domain range
----------------------------
Number of entries returned 3
----------------------------
最后发现在WEB端同样可以查看,也可以增加和修改。
