That is the problem I was having. If I set ldap_idmap_range_size higher I got the errors I posted.
I set debug_level = 9 and found some more helpful information that lead to a resolution this morning. I'll include some more below to help anyone else who may have this problem. The error on debug_level 9 was "(Thu Jul 31 08:01:43 2014) [sssd[be[ DOMAIN.EDU]]] [sdap_idmap_init] (0x0100): Range size does not divide evenly. Uppermost range will not be used" The man page says "ldap_idmap_range_size ...If the range size does not divide evenly into the min and max values, it will create as many complete slices as it can." However from my error that appears to not always be true. My max and min are ldap_idmap_range_min = 200000 ldap_idmap_range_max = 2000200000 so max minus min gives 2000000000 and picking a ldap_idmap_range_size that divides evenly (800000) made my errors go away. On Thu, Jul 31, 2014 at 5:06 AM, Jakub Hrozek <[email protected]> wrote: > On Wed, Jul 30, 2014 at 03:12:18PM -0400, Thomas Moore wrote: > > I work in an Active Directory environment where new SIDs have RIDs over > > 280,000 when attempting to set ldap_idmap_range_size in sssd.conf > anything > > larger that 268204 causes the following errors in the log file > > > > (Wed Jul 30 10:38:44 2014) [sssd[be[DOMAIN.EDU]]] [load_backend_module] > > (0x0010): Error (5) in module (ad) initialization (sssm_ad_id_init)! > > (Wed Jul 30 10:38:44 2014) [sssd[be[DOMAIN.EDU]]] [be_process_init] > > (0x0010): fatal error initializing data providers > > (Wed Jul 30 10:38:44 2014) [sssd[be[DOMAIN.EDU]]] [main] (0x0010): Could > > not initialize backend [5] > > > > > > I have tested in both Ubuntu 14.04 and CentOS 7.0 with the same results. > > > > Any help is greatly appreciated! > > Hi, > > can you try setting a larger ldap_idmap_range_size value? > > Perhaps: > ldap_idmap_range_size = 400000 > > In order to find your largest RID currently used you can run: > ldapsearch -H ldap://ad-dc.ad.domain -b 'OU=Domain > Controllers,dc=ad,dc=domain' 'CN=Rid Set' ridNextRID" > > HTH > _______________________________________________ > sssd-users mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/sssd-users >
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
