On Wed, Jan 24, 2018 at 03:06:58PM +0100, Franky Van Liedekerke wrote:
we saw a lot of queries for uidnumber=4294967295 in our ldap backend
logs (from sssd), so we did as suggested by
and added max_id=4294967294 in our sssd domain config.
But this seems to be ignored (at least in version
1.15.2-50.el7_4.8.x86_64), as the queries continue to arrive in ldap.
Adding ldap_max_id with the same value resulted in an "numerical out
of range" error and sssd refuses to start then (seems to be 16-bit
And of course I read the nfsnobody discussions where the uid=65534 :-)
As a workaround, I added an entry in /etc/passwd for uid
4294967295 so the problem went away, but this still leaves the max_id
and ldap_max_id issues that should be working fine ...
Sounds like https://pagure.io/SSSD/sssd/issue/3569
which was fixed upstream
in the upcoming (once we fix known regressions...) release. The fix was
also backported to RHEL-7.5 and the next RHEL-7.4.z release..