On Thu, Mar 13, 2014 at 06:43:09PM +0100, Pavel Reichl wrote:
Hello,
please see attached patch.
Pavel Reichl
From da1e349a53e6f5028586a1500b314399d4d01c4e Mon Sep 17 00:00:00 2001 From: Pavel Reichl preichl@redhat.com Date: Thu, 13 Mar 2014 17:37:17 +0000 Subject: [PATCH] MAN: minimal value expected for ldap_idmap_range_size
Resolves: https://fedorahosted.org/sssd/ticket/1451
src/man/include/ldap_id_mapping.xml | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/src/man/include/ldap_id_mapping.xml b/src/man/include/ldap_id_mapping.xml index 64d2c159d3b7ea0d946dbbdd6d8ab0e38bcd92d5..aaeb99f873570febb5b0e1c15bbcf8c085491fe3 100644 --- a/src/man/include/ldap_id_mapping.xml +++ b/src/man/include/ldap_id_mapping.xml @@ -170,6 +170,14 @@ ldap_schema = ad as it can. </para> <para>
NOTE: A value of this option should be at least the
~~~ Can you check with some native speaker whether there should be "The value" instead?
user's corresponding RID on the AD Server otherwise
~~~~~ I don't hink you need to use a capital S here
lookups and enumeration for the user will not work.E.g. for a user with aobjectSid=S-1-5-21-2153326666-2176343378-3404031434-1107,<quote>ldap_idmap_range_size</quote> should be at least 1107.</para><para> Default: 200000 </para> </listitem>-- 1.8.4.2
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/14/2014 09:52 AM, Jakub Hrozek wrote:
On Thu, Mar 13, 2014 at 06:43:09PM +0100, Pavel Reichl wrote:
Hello,
please see attached patch.
Pavel Reichl
From da1e349a53e6f5028586a1500b314399d4d01c4e Mon Sep 17 00:00:00 2001 From: Pavel Reichl preichl@redhat.com Date: Thu, 13 Mar 2014 17:37:17 +0000 Subject: [PATCH] MAN: minimal value expected for ldap_idmap_range_size
Resolves: https://fedorahosted.org/sssd/ticket/1451 --- src/man/include/ldap_id_mapping.xml | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/src/man/include/ldap_id_mapping.xml b/src/man/include/ldap_id_mapping.xml index 64d2c159d3b7ea0d946dbbdd6d8ab0e38bcd92d5..aaeb99f873570febb5b0e1c15bbcf8c085491fe3 100644 --- a/src/man/include/ldap_id_mapping.xml +++ b/src/man/include/ldap_id_mapping.xml @@ -170,6 +170,14 @@ ldap_schema = ad as it can. </para> <para> + NOTE: A value of this option should be at least the
"The value" instead? > + user's corresponding RID on the AD > Server otherwise ~~~~~ I don't hink you need to use a capital S here > + lookups and enumeration for the user > will not work. + E.g. for a user with > a + > objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, + > <quote>ldap_idmap_range_size</quote> should be at least 1107. + > </para> + <para> Default: 200000 </para> > </listitem> -- 1.8.4.2 >
Recommended rephrasing:
NOTE: The value of this option must be at least as large as the highest user RID planned for use on the Active Directory server. User lookups and login will fail for any user whose RID is greater than this value.
For example, if your most recently-added Active Directory user has objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, <quote>ldap_idmap_range_size</quote> must be at least 1107.
It is important to plan ahead for future expansion, as changing this value will result in changing all of the ID mappings on the system, leading to users with different local IDs than they previously had.
On Fri, 2014-03-14 at 11:21 -0400, Stephen Gallagher wrote: [snip]
Recommended rephrasing:
NOTE: The value of this option must be at least as large as the highest user RID planned for use on the Active Directory server. User lookups and login will fail for any user whose RID is greater than this value.
For example, if your most recently-added Active Directory user has objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, <quote>ldap_idmap_range_size</quote> must be at least 1107.
It is important to plan ahead for future expansion, as changing this value will result in changing all of the ID mappings on the system, leading to users with different local IDs than they previously had.
Thank you Stephen for your prompt response and valuable input.
New patch with recommended rephrasing is attached.
On Fri, Mar 14, 2014 at 04:52:03PM +0100, Pavel Reichl wrote:
On Fri, 2014-03-14 at 11:21 -0400, Stephen Gallagher wrote: [snip]
Recommended rephrasing:
NOTE: The value of this option must be at least as large as the highest user RID planned for use on the Active Directory server. User lookups and login will fail for any user whose RID is greater than this value.
For example, if your most recently-added Active Directory user has objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, <quote>ldap_idmap_range_size</quote> must be at least 1107.
It is important to plan ahead for future expansion, as changing this value will result in changing all of the ID mappings on the system, leading to users with different local IDs than they previously had.
Thank you Stephen for your prompt response and valuable input.
New patch with recommended rephrasing is attached.
As Stephen has reminded me on IRC, he can't formally ack this patch as he was involved in crafting the error message.
That said, the change looks good to me.
ACK
On Thu, Mar 20, 2014 at 08:17:21PM +0100, Jakub Hrozek wrote:
On Fri, Mar 14, 2014 at 04:52:03PM +0100, Pavel Reichl wrote:
On Fri, 2014-03-14 at 11:21 -0400, Stephen Gallagher wrote: [snip]
Recommended rephrasing:
NOTE: The value of this option must be at least as large as the highest user RID planned for use on the Active Directory server. User lookups and login will fail for any user whose RID is greater than this value.
For example, if your most recently-added Active Directory user has objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, <quote>ldap_idmap_range_size</quote> must be at least 1107.
It is important to plan ahead for future expansion, as changing this value will result in changing all of the ID mappings on the system, leading to users with different local IDs than they previously had.
Thank you Stephen for your prompt response and valuable input.
New patch with recommended rephrasing is attached.
As Stephen has reminded me on IRC, he can't formally ack this patch as he was involved in crafting the error message.
That said, the change looks good to me.
ACK
Pushed to master.
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Pavel Reichl -
Stephen Gallagher