<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Hi Lohit (hey Jim & Christof),<br>
<br>
Whilst you _could_ trawl your entire filesystem, flip uids and
work out how to successfully replace ACL ids without actually
pushing ACLs (which could break defined inheritance options
somewhere in your file tree if you had not first audited your
filesystem) the systems head in me says:<br>
<br>
"We are planning to migrate from LDAP to AD, and one of the best
solution was to change the uidNumber and gidNumber to what SSSD or
Centrify would resolve."<br>
Here's the problem: to what SSSD or Centrify would resolve<br>
<br>
I've done this a few times in the past in a previous life. In many
respects it is easier (and faster!) to remap the AD side to the uids
already on the filesystem.<br>
E.G. if user foo is id 1234, ensure user foo is 1234 in AD when you
move your LDAP world over.<br>
Windows ldifde utility can import an ldif from openldap to take the
config across.<br>
Automation or inline munging can be achieved with powershell or
python.<br>
<br>
I presume there is a large technical blocker which is why you are
looking at remapping the filesystem?<br>
<br>
Best,<br>
<br>
Jez<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 09/06/2020 03:52, Christof Schmitt
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:OF0BC3EBDD.614DD110-ON00258582.000F9D63-00258582.000FC5D8@notes.na.collabserv.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div class="socmaildefaultfont" dir="ltr"
style="font-family:Arial, Helvetica, sans-serif;font-size:9pt">
<div dir="ltr">If there are ACLs, then you also need to update
all ACLs (gpfs_getacl(), update uids and gids in all entries,
gpfs_putacl()), in addition to the chown() call.</div>
<div dir="ltr"> </div>
<div dir="ltr">Regards,</div>
<div dir="ltr">
<div class="socmaildefaultfont" dir="ltr"
style="font-family:Arial, Helvetica,
sans-serif;font-size:10.5pt">
<div class="socmaildefaultfont" dir="ltr"
style="font-family:Arial, Helvetica,
sans-serif;font-size:10.5pt">
<div class="socmaildefaultfont" dir="ltr"
style="font-family:Arial, Helvetica,
sans-serif;font-size:10.5pt">
<div class="socmaildefaultfont" dir="ltr"
style="font-family:Arial, Helvetica,
sans-serif;font-size:10.5pt">
<div class="socmaildefaultfont" dir="ltr"
style="font-family:Arial;font-size:10.5pt">
<div dir="ltr"><font size="2"
face="Verdana,Arial,Helvetica,sans-serif"><font
size="2"
face="Verdana,Arial,Helvetica,sans-serif"><span
style="font-size:0.857em;"> </span></font></font></div>
<div dir="ltr"><font size="2"
face="Verdana,Arial,Helvetica,sans-serif"><font
size="2"
face="Verdana,Arial,Helvetica,sans-serif"><span
style="font-size:0.857em;"><span
style="font-family:
Verdana,Geneva,sans-serif;">Christof
Schmitt || IBM || Spectrum Scale
Development || Tucson, AZ<br>
<a class="moz-txt-link-abbreviated" href="mailto:christof.schmitt@us.ibm.com">christof.schmitt@us.ibm.com</a> ||
+1-520-799-2469 (T/L: 321-2469)</span></span></font></font></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div dir="ltr"> </div>
<div dir="ltr"> </div>
<blockquote data-history-content-modified="1" dir="ltr"
style="border-left:solid #aaaaaa 2px; margin-left:5px;
padding-left:5px; direction:ltr; margin-right:0px">-----
Original message -----<br>
From: Jim Doherty <a class="moz-txt-link-rfc2396E" href="mailto:jjdoherty@yahoo.com"><jjdoherty@yahoo.com></a><br>
Sent by: <a class="moz-txt-link-abbreviated" href="mailto:gpfsug-discuss-bounces@spectrumscale.org">gpfsug-discuss-bounces@spectrumscale.org</a><br>
To: gpfsug main discussion list
<a class="moz-txt-link-rfc2396E" href="mailto:gpfsug-discuss@spectrumscale.org"><gpfsug-discuss@spectrumscale.org></a><br>
Cc:<br>
Subject: [EXTERNAL] Re: [gpfsug-discuss] Change uidNumber and
gidNumber for billions of files<br>
Date: Mon, Jun 8, 2020 5:57 PM<br>
<div style="font-family: Helvetica Neue, Helvetica, Arial,
sans-serif; font-size: 13px;">
<div> </div>
<div data-setdir="false" dir="ltr">You will need to do this
with chown from the c library functions (could do this
from perl or python). If you try to change this from a
shell script you will hit the Linux command which will
have a lot more overhead. I had a customer attempt
this using the shell and it ended up taking forever due to
a brain damaged NIS service :-). </div>
<div data-setdir="false" dir="ltr"> </div>
<div data-setdir="false" dir="ltr">Jim </div>
<div> </div>
</div>
<div id="yahoo_quoted_1869804407">
<div style="font-family:'Helvetica Neue', Helvetica, Arial,
sans-serif;font-size:13px;color:#26282a;">
<div>On Monday, June 8, 2020, 2:01:39 PM EDT, Lohit
Valleru <a class="moz-txt-link-rfc2396E" href="mailto:valleru@cbio.mskcc.org"><valleru@cbio.mskcc.org></a> wrote:</div>
<div> </div>
<div> </div>
<div>
<div id="yiv6988452566">
<div>
<div style="font-family:Helvetica,
Arial;font-size:13px;">Hello Everyone,</div>
<div>
<div> </div>
<div>We are planning to migrate from LDAP to AD,
and one of the best solution was to change the
uidNumber and gidNumber to what SSSD or Centrify
would resolve.</div>
<div> </div>
<div>May I know, if anyone has come across a
tool/tools that can change the uidNumbers and
gidNumbers of billions of files efficiently and
in a reliable manner?</div>
<div>We could spend some time to write a custom
script, but wanted to know if a tool already
exists.</div>
<div> </div>
<div>Please do let me know, if any one else has
come across a similar situation, and the
steps/tools used to resolve the same.</div>
<div> </div>
<div>Regards,</div>
<div>Lohit</div>
</div>
</div>
</div>
_______________________________________________<br>
gpfsug-discuss mailing list<br>
gpfsug-discuss at spectrumscale.org<br>
<a
href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss"
target="_blank" moz-do-not-send="true">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a></div>
</div>
</div>
<div><font size="2" face="Default Monospace,Courier
New,Courier,monospace">_______________________________________________<br>
gpfsug-discuss mailing list<br>
gpfsug-discuss at spectrumscale.org<br>
<a
href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss"
target="_blank" moz-do-not-send="true">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a> </font></div>
</blockquote>
<div dir="ltr"> </div>
</div>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
<a class="moz-txt-link-freetext" href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a>
</pre>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
<div>
<font face="arial" color="#000000">
<b>Jez Tucker</b><br>
VP Research and Development <font color="#BD1C1A">|</font>
Pixit Media<br>
e: <a href="mailto:jtucker@pixitmedia.com">jtucker@pixitmedia.com</a><br>
Visit <a href="https://www.pixitmedia.com">www.pixitmedia.com</a>
</font>
</div>
</div>
</body>
</html>
<br>
<div style="font-family:"Times New Roman";font-size:medium"><a href="https://twitter.com/PixitMedia" target="_blank"><img src="https://www.arcapix.com/email_footer/pixit_twitter.png" width="20" height="20" border="0"></a> <a href="https://www.linkedin.com/company/pixitmedia" target="_blank"><img src="https://www.arcapix.com/email_footer/pixit_linkedin.png" width="20" height="20" border="0"></a></div><div style="font-family:"Times New Roman";font-size:medium;height:30px;width:1904px;clear:both"></div><div style="font-family:"Times New Roman";font-size:medium"><a href="https://www.pixitmedia.com/" target="_blank"><img src="https://www.arcapix.com/email_footer/pixit_logo.png" width="275" height="50" border="0"></a></div><div style="font-family:"Times New Roman";font-size:medium;height:25px;width:1904px;clear:both"></div><div style="font-family:Arial;font-size:0.625em;color:silver;max-width:700px">This email is confidential in that it is intended for the exclusive attention of the addressee(s) indicated. If you are not the intended recipient, this email should not be read or disclosed to any other person. Please notify the sender immediately and delete this email from your computer system. Any opinions expressed are not necessarily those of the company from which this email was sent and, whilst to the best of our knowledge no viruses or defects exist, no responsibility can be accepted for any loss or damage arising from its receipt or subsequent use of this email.</div>