> On (12/01/16 14:00), hsc(a)miracle.dk wrote:
> because RID (relative ID) of user SID is too big.
Which part is the RID?
> The default value of range size (ldap_idmap_range_size)
> is 200000. So this user does not fit there.
>
> You can increase ldap_idmap_range_size to bigger value,
OK, I tried
> but you will need to remove sssd cache after changing
> idmap settings. This will results in different UID/GID of users.
I did a:
cd /var/lib/sssd/db && rm *
and stated again. now it says:
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [be_get_account_info] (0x0100): Got request for [4097][1][idnumber=952940256]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [be_req_set_domain] (0x0400): Changing request domain from [corp.acme.com] to [corp.acme.com]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [ad_account_can_shortcut] (0x0080): Mapping ID [952940256] to SID failed: [IDMAP domain not found]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [ad_account_info_handler] (0x0400): Cannot determine the right domain: Input/output error
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [users_get_send] (0x0080): [952940256] did not match any configured ID mapping domain
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [sysdb_search_user_by_uid] (0x0400): No such entry
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory)
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [be_get_account_info] (0x0100): Got request for [4097][1][idnumber=952940256]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [be_req_set_domain] (0x0400): Changing request domain from [corp.acme.com] to [ad-root.acme.com]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [ad_account_can_shortcut] (0x0080): Mapping ID [952940256] to SID failed: [IDMAP domain not found]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [ad_account_info_handler] (0x0400): Cannot determine the right domain: Input/output error
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [users_get_send] (0x0080): [952940256] did not match any configured ID mapping domain
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [sysdb_search_user_by_uid] (0x0400): No such entry
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory)
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success
> @see also
> man sssd-ldap -> ldap_idmap_range_size
> man sssd-ldap -> ID MAPPING -> 3rd paragraph
Thanks. I seems like it should be possible to calcutae the right size in some way.
./hans
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
Venlig hilsen - best regards
| |
Miracle ⅍, Borupvang 2C, 2750 Ballerup info@miracle.dk - www.miracle.dk |