I finally rested on just
ldap_idmap_default_domain = domain.local
ldap_idmap_default_domain_sid = S-1-5-21-527237240-962098450-7253xxxxx
ldap_idmap_range_min = 1000000000
ldap_idmap_range_size = 20000000
and it works just fine. I use a 10 digit number to satisfy our ISO for any
collisions with a certain 9 digit number everybody has. Some really early
accounts have UIDs and GIDs like 1000001165, others have ones like 1010599347.
I've got two more orders of magnitude before I have to worry about the max.
that's a LOT of objects. I didn't think we'd ever hit the max based on the
rate we're creating objects, so there was no real need to apply one.
Todd
-----Original Message-----
From: Chris Kowalczyk <ckowalczyk(a)suse.com>
Sent: Wednesday, September 5, 2018 2:56 AM
To: sssd-users(a)lists.fedorahosted.org
Subject: [SSSD-users] Re: ldap slices in sssd.conf
Any thoughts about it? Anyone? Anything? :)
Regards,
Chris
On 08/24/2018 02:45 PM, Chris Kowalczyk wrote:
Hello All,
I have a question regarding ldap slices defined in sssd configuration.
Is it fine to have just one group defined by ldap_idmap_range_min,
ldap_idmap_range_max and ldap_idmap_range_size parameters? So,
something
like:
ldap_idmap_range_min = 200000
ldap_idmap_range_max = 3000200000
ldap_idmap_range_size = 3000000000
Would it be a correct configuration, providing there is only one domain?
Also, what are the requirements for max_id, etc parameters? I found
that max_id should be bigger than ldap_idmap_range_max etc, but are
there any limits for it or any other restrictions (max value etc)?
Regards,
Chris Kowalczyk
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To
unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://secure-web.cisco.com/1dynJGQqBkCZImU6FR2a2_8D4BfGnfg7kcsTQT5z7
b7lyN07YyHsccSctG3p1kqYXE1AxKpp1Tx5QEqjwmUTiNzkpBP9nCMDdsryEYo5tjWJaHC
wSjVAW4AZxWUH0-agWEYK5ws7Za3qjIvn2sNnOXNzUXe_C0q6LBlszSj0zHobRwjq6wL_A
EqYNru_rEZb8M77RWlkoDFvEfIKABsavDuCXEQDj6R6l1gYmJaNBK9gbOyu1VMYFR_vE6R
lGWyJjV6x3fLhbS4yqo_FP5REB07fF2ZYTEnwOLT8HiXpKXau3MiBwnmv7XOiXPbNF_zuV
YdeTtjE2UMM03wUnw1U9xOlmAt76hPt1ay5gtcrR7AJoW75-mo4ZNJkHZM2PYaMe1MCTfO
PtekxaiL8I2DVQzzZOPAEJkVP2-6haCJikWbQCqCy7GBuL8DfYHC7ENnRK8XVMQbqlqd29
KU0AIl237PzN-ojvUg9FMlMFxXrg5HNFxZ0ihfsliIc9CJa6xrCud4p-UDiLa_UhRMkKG5
oiDd2lipnxdTs8ngmaMZeSP1Ve2WhSB3qSBSinUXIutjGtt-pNRVJ_5ta8ojOWLBypvTOr
K495aeJaDkrHqRW87KZ3bD-QjnkNHgIoXtz7lUul/https%3A%2F%2Fgetfedora.org%2
Fcode-of-conduct.html List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorah
osted.org/message/DO5YWT7K7T5LSLO7X3YQ3J5H422DSOBO/
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe
send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://secure-web.cisco.com/1dynJGQqBkCZImU6FR2a2_8D4BfGnfg7kcsTQT5z7b7l...
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...