Thanks, it is workning now.

The first value I tried for ldap_idmap_range_size was too high.

I then took the RID which I suppose is the last number in the SID:
340002
and gave it a little higher value
400000

Remove /var/lib/sss/db and restart sssd.



On 13 January 2016 at 08:36, <hsc@miracle.dk> wrote:
> On (12/01/16 14:00), hsc(a)miracle.dk wrote:
> because RID (relative ID) of user SID is too big.

Which part is the RID?


> The default value of range size (ldap_idmap_range_size)
> is 200000. So this user does not fit there.
>
> You can increase ldap_idmap_range_size to bigger value,

OK, I tried

> but you will need to remove sssd cache after changing
> idmap settings. This will results in different UID/GID of users.

I did a:
  cd /var/lib/sssd/db && rm *
and stated again. now it says:

(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [be_get_account_info] (0x0100): Got request for [4097][1][idnumber=952940256]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [be_req_set_domain] (0x0400): Changing request domain from [corp.acme.com] to [corp.acme.com]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [ad_account_can_shortcut] (0x0080): Mapping ID [952940256] to SID failed: [IDMAP domain not found]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [ad_account_info_handler] (0x0400): Cannot determine the right domain: Input/output error
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [users_get_send] (0x0080): [952940256] did not match any configured ID mapping domain
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [sysdb_search_user_by_uid] (0x0400): No such entry
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory)
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [be_get_account_info] (0x0100): Got request for [4097][1][idnumber=952940256]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [be_req_set_domain] (0x0400): Changing request domain from [corp.acme.com] to [ad-root.acme.com]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [ad_account_can_shortcut] (0x0080): Mapping ID [952940256] to SID failed: [IDMAP domain not found]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [ad_account_info_handler] (0x0400): Cannot determine the right domain: Input/output error
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [users_get_send] (0x0080): [952940256] did not match any configured ID mapping domain
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [sysdb_search_user_by_uid] (0x0400): No such entry
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [sysdb_delete_user] (0x0400): Error: 2 (No such file or directory)
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success

> @see also
> man sssd-ldap -> ldap_idmap_range_size
> man sssd-ldap -> ID MAPPING -> 3rd paragraph

Thanks. I seems like it should be possible to calcutae the right size in some way.

./hans
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org



--

Venlig hilsen - best regards

Hans Schou
Konsulent
Mobil: 53747192
E-mail: hsc@miracle.dk
    

Miracle , Borupvang 2C, 2750 Ballerup
info@miracle.dk - www.miracle.dk