I recently upgraded to 1.11.7 on my RHEL 6.5 box and have a problem getting sssd work as the conversion from objectSID to Unix IDs fails. With a debug level of 9 (this is the same config that worked in previous versions < 1.11.7 against the same AD forest),  I see the below in sssd domain logs:

 (Mon Oct 13 16:03:32 2014) [sssd[be[dbg]]] [sdap_get_primary_name] (0x0400): Processing object chantri

 (Mon Oct 13 16:03:32 2014) [sssd[be[dbg]]] [sdap_save_user] (0x0400): Processing user chantri

 (Mon Oct 13 16:03:32 2014) [sssd[be[dbg]]] [sdap_save_user] (0x1000): Mapping user [chantri] objectSID [S-1-5-21-1611181143-1305343219-1050001001-2353897] to unix ID

 (Mon Oct 13 16:03:32 2014) [sssd[be[dbg]]] [sdap_idmap_sid_to_unix] (0x0080): Could not convert objectSID [S-1-5-21-1611181143-1305343219-1050001001-2353897] to a UNIX ID

 (Mon Oct 13 16:03:32 2014) [sssd[be[dbg]]] [sdap_save_user] (0x0020): Failed to save user [chantri]

 (Mon Oct 13 16:03:32 2014) [sssd[be[dbg]]] [sdap_save_users] (0x0040): Failed to store user 0. Ignoring.

 I tried with both the AD and LDAP providers but get the same error. I'm mostly using the defaults in the domains section of sssd.conf. Snippet below:

 [domain/test]

 id_provider = ad

 access_provider = ad

 ad_server = example.test.abcd.com

 ad_domain = test.abcd.com

 ldap_id_mapping = true

 dyndns_update = false

 krb5_keytab = /etc/sssd/abcd.keytab

 ldap_schema = ad

 ldap_idmap_default_domain = test.abcd.com

Would appreciate if you could provide some guidance here. Do I have to tweak the idmap ranges with v1.11.7? The RIDs in my AD forest are in the 200k to 3000k range.

Best Regards,
Prajwal Kumar