On Fri, 2014-03-14 at 11:21 -0400, Stephen Gallagher wrote:
[snip]
Recommended rephrasing:
NOTE: The value of this option must be at least as large as the
highest user RID planned for use on the Active Directory server. User
lookups and login will fail for any user whose RID is greater than
this value.
For example, if your most recently-added Active Directory user has
objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107,
<quote>ldap_idmap_range_size</quote> must be at least 1107.
It is important to plan ahead for future expansion, as changing this
value will result in changing all of the ID mappings on the system,
leading to users with different local IDs than they previously had.
Thank you Stephen for your prompt response and valuable input.
New patch with recommended rephrasing is attached.