On (12/11/14 20:47), Karim wrote:
>another question:
>how are you doing with ID collisions in cross realms scenarios?
>currently both forest configured with ldap_idmapping_range_size = 20000000
^^^^^^^^^^^^^^^^^^^^^^^^^
The name of the option is ldap_idmap_range_max
>anything less than this sssd will complain its not able to convert SID to unix
>ID and login fail.
>
>i didn't configure _range_max parameter, is there any recommendations for
>setting this across the two domains?
You can configure non-overlapping ranges in two domains with options
ldap_idmap_range_min, ldap_idmap_range_max
@see man sssd-ldap
LS
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
