I'm not sure that we do need it... I think it was put in the config as a placeholder for old accounts on legacy systems when deciding on how UID ranges should be mapped when we ultimately migrate to a FreeIPA domain that trusts our AD forest. We're having some issues getting permission from the AD managers to set up the required trust, but that's another story. Until that's ironed out, we are joining systems to the domain with "realm" using the SID<->UID mapping that FreeIPA will use.
I've found a workaround for the bug for us. If I just comment out the "max_id" line in domain/local, then everything goes back to normal. With only a small number of IDs in local, and anything imported from legacy systems well below the start of the SID mapping, I don't think we need to try and enforce the upper limit. Thanks, David _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]/message/OITRMKTZYHHMUSO3O547HNKCM2GBXWAL/
