[CentOS] Odd useradd/LDAP behaviour

Fri Oct 11 15:56:00 UTC 2013
Paul Jones <paul.jones at atass-sports.co.uk>

Hello list,

On our CentOS 6.4 machines I've LDAP enabled such that Windows users
with the requisite unix attributes can log into the machines. These
remote windows users have UID/GID starting at 20000 so are well out of
the way of local users.

If I now create a local user with useradd, the UID/GID of the local user
is the next available number in the range used by the Windows users.
This is, users created before setting up LDAP are UID 501, 502 etc, but
new users are 200XX. This then potentially causes problems when a new
LDAP user is added, as we then have two users with the same UID/GID values.

I've resolved this by editing the UID_MAX and GID_MAX fields in
/etc/login.defs so the value is below the range used by the windows
users. New test user gets UID/GID 503 as expected. I guess specifying
the values in the useradd command would also work.

So why is LDAP making useradd use the wrong values?

Thanks for any suggestions,