On (12/11/14 20:47), Karim wrote:
another question:
how are you doing with ID collisions in cross realms scenarios?
currently both forest configured with ldap_idmapping_range_size = 20000000
^^^^^^^^^^^^^^^^^^^^^^^^^
The name of the option is ldap_idmap_range_max
anything less than this sssd will complain its not able to convert SID
to unix ID and login fail.
i didn't configure _range_max parameter, is there any recommendations for setting this
across the two domains?
You can configure non-overlapping ranges in two domains with options
ldap_idmap_range_min, ldap_idmap_range_max
@see man sssd-ldap
LS