4 files changed, 23 insertions, 8 deletions
diff --git a/install/share/bootstrap-template.ldif b/install/share/bootstrap-template.ldif
index 5c716f6a..e98c73b0 100644
--- a/install/share/bootstrap-template.ldif
+++ b/install/share/bootstrap-template.ldif
@@ -69,8 +69,8 @@ uid: admin
 krbPrincipalName: admin@$REALM
 cn: Administrator
 sn: Administrator
-uidNumber: 999
-gidNumber: 1001
+uidNumber: $UIDSTART
+gidNumber: $GIDSTART
 homeDirectory: /home/admin
 loginShell: /bin/bash
 gecos: Administrator
@@ -107,7 +107,7 @@ objectClass: groupofnames
 objectClass: posixgroup
 cn: admins
 description: Account administrators group
-gidNumber: 1001
+gidNumber: $GIDSTART
 member: uid=admin,cn=users,cn=accounts,$SUFFIX
 nsAccountLock: False
 
@@ -118,7 +118,7 @@ objectClass: groupofnames
 objectClass: nestedgroup
 objectClass: ipausergroup
 objectClass: posixgroup
-gidNumber: 1002
+gidNumber: eval($GIDSTART+1)
 description: Default group for all users
 cn: ipausers
 
@@ -127,7 +127,7 @@ changetype: add
 objectClass: top
 objectClass: groupofnames
 objectClass: posixgroup
-gidNumber: 1003
+gidNumber: eval($GIDSTART+2)
 description: Limited admins who can edit other users
 cn: editors
 
diff --git a/install/share/dna-posix.ldif b/install/share/dna-posix.ldif
index 6b5cef8c..e255bb27 100644
--- a/install/share/dna-posix.ldif
+++ b/install/share/dna-posix.ldif
@@ -6,7 +6,7 @@ objectclass: top
 objectclass: extensibleObject
 cn: Posix Accounts
 dnaType: uidNumber
-dnaNextValue: 1100
+dnaNextValue: eval($UIDSTART+1)
 dnaInterval: 1
 dnaMaxValue: 1000000000
 dnaMagicRegen: 999
@@ -21,7 +21,7 @@ objectclass: top
 objectclass: extensibleObject
 cn: Posix Groups
 dnaType: gidNumber
-dnaNextValue: 1100
+dnaNextValue: eval($GIDSTART+3)
 dnaInterval: 1
 dnaMaxValue: 1000000000
 dnaMagicRegen: 999
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index c09b24de..d0e93979 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -36,6 +36,7 @@ import shutil
 import glob
 import traceback
 from optparse import OptionParser
+import random
 
 from ipaserver.install import dsinstance
 from ipaserver.install import krbinstance
@@ -54,7 +55,11 @@ from ipalib import util
 
 pw_name = None
 
+# Used to determine the the highest possible uid/gid
+MAXINT_32BIT = 2147483648
+
 def parse_options():
+    namespace = random.randint(1000000, (MAXINT_32BIT - 1000000))
     parser = OptionParser(version=version.VERSION)
     parser.add_option("-u", "--user", dest="ds_user",
                       help="ds user")
@@ -97,6 +102,10 @@ def parse_options():
                       default=False,
                       help="Do not use DNS for hostname lookup during installation")
 
+    parser.add_option("--uidstart", dest="uidstart", default=namespace, type=int,
+                      help="The starting uid value (default random)")
+    parser.add_option("--gidstart", dest="gidstart", default=namespace, type=int,
+                      help="The starting gid value (default random)")
     options, args = parser.parse_args()
 
     if options.uninstall:
@@ -537,7 +546,7 @@ def main():
         finally:
             os.remove(pw_name)
     else:
-        ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, self_signed_ca=not options.ca)
+        ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, self_signed_ca=not options.ca, uidstart=options.uidstart, gidstart=options.gidstart)
 
     # Create a kerberos instance
     krb = krbinstance.KrbInstance(fstore)
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index bf533af8..df977c2f 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -75,6 +75,12 @@ The password of the Directory Server PKCS#12 file
 \fB\-\-http_pin\fR=\fIHTTP_PIN\fR
 The password of the Apache Server PKCS#12 file
 .PP 
+\fB\-\-uidstart\fR=\fIUIDSTART\fR
+The starting user id number (default random)
+.PP 
+\fB\-\-gidstart\fR=\fIGIDSTART\fR
+The starting group id number (default random)
+.PP 
 .SH "EXIT STATUS"
 0 if the installation was successful