I finally rested on just
ldap_idmap_default_domain = domain.local
ldap_idmap_default_domain_sid = S-1-5-21-527237240-962098450-7253xxxxx
ldap_idmap_range_min = 1000000000
ldap_idmap_range_size = 20000000and it works just fine. I use a 10 digit number to satisfy our ISO for any collisions with a certain 9 digit number everybody has. Some really early accounts have UIDs and GIDs like 1000001165, others have ones like 1010599347. I've got two more orders of magnitude before I have to worry about the max. that's a LOT of objects. I didn't think we'd ever hit the max based on the rate we're creating objects, so there was no real need to apply one. Todd -----Original Message----- From: Chris Kowalczyk <[email protected]> Sent: Wednesday, September 5, 2018 2:56 AM To: [email protected] Subject: [SSSD-users] Re: ldap slices in sssd.conf Any thoughts about it? Anyone? Anything? :) Regards, Chris On 08/24/2018 02:45 PM, Chris Kowalczyk wrote: > Hello All, > > I have a question regarding ldap slices defined in sssd configuration. > > Is it fine to have just one group defined by ldap_idmap_range_min, > ldap_idmap_range_max and ldap_idmap_range_size parameters? So, > something > like: > > ldap_idmap_range_min = 200000 > ldap_idmap_range_max = 3000200000 > ldap_idmap_range_size = 3000000000 > > Would it be a correct configuration, providing there is only one domain? > > Also, what are the requirements for max_id, etc parameters? I found > that max_id should be bigger than ldap_idmap_range_max etc, but are > there any limits for it or any other restrictions (max value etc)? > > Regards, > Chris Kowalczyk > > > _______________________________________________ > sssd-users mailing list -- [email protected] To > unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://secure-web.cisco.com/1dynJGQqBkCZImU6FR2a2_8D4BfGnfg7kcsTQT5z7 > b7lyN07YyHsccSctG3p1kqYXE1AxKpp1Tx5QEqjwmUTiNzkpBP9nCMDdsryEYo5tjWJaHC > wSjVAW4AZxWUH0-agWEYK5ws7Za3qjIvn2sNnOXNzUXe_C0q6LBlszSj0zHobRwjq6wL_A > EqYNru_rEZb8M77RWlkoDFvEfIKABsavDuCXEQDj6R6l1gYmJaNBK9gbOyu1VMYFR_vE6R > lGWyJjV6x3fLhbS4yqo_FP5REB07fF2ZYTEnwOLT8HiXpKXau3MiBwnmv7XOiXPbNF_zuV > YdeTtjE2UMM03wUnw1U9xOlmAt76hPt1ay5gtcrR7AJoW75-mo4ZNJkHZM2PYaMe1MCTfO > PtekxaiL8I2DVQzzZOPAEJkVP2-6haCJikWbQCqCy7GBuL8DfYHC7ENnRK8XVMQbqlqd29 > KU0AIl237PzN-ojvUg9FMlMFxXrg5HNFxZ0ihfsliIc9CJa6xrCud4p-UDiLa_UhRMkKG5 > oiDd2lipnxdTs8ngmaMZeSP1Ve2WhSB3qSBSinUXIutjGtt-pNRVJ_5ta8ojOWLBypvTOr > K495aeJaDkrHqRW87KZ3bD-QjnkNHgIoXtz7lUul/https%3A%2F%2Fgetfedora.org%2 > Fcode-of-conduct.html List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > osted.org/message/DO5YWT7K7T5LSLO7X3YQ3J5H422DSOBO/ _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://secure-web.cisco.com/1dynJGQqBkCZImU6FR2a2_8D4BfGnfg7kcsTQT5z7b7lyN07YyHsccSctG3p1kqYXE1AxKpp1Tx5QEqjwmUTiNzkpBP9nCMDdsryEYo5tjWJaHCwSjVAW4AZxWUH0-agWEYK5ws7Za3qjIvn2sNnOXNzUXe_C0q6LBlszSj0zHobRwjq6wL_AEqYNru_rEZb8M77RWlkoDFvEfIKABsavDuCXEQDj6R6l1gYmJaNBK9gbOyu1VMYFR_vE6RlGWyJjV6x3fLhbS4yqo_FP5REB07fF2ZYTEnwOLT8HiXpKXau3MiBwnmv7XOiXPbNF_zuVYdeTtjE2UMM03wUnw1U9xOlmAt76hPt1ay5gtcrR7AJoW75-mo4ZNJkHZM2PYaMe1MCTfOPtekxaiL8I2DVQzzZOPAEJkVP2-6haCJikWbQCqCy7GBuL8DfYHC7ENnRK8XVMQbqlqd29KU0AIl237PzN-ojvUg9FMlMFxXrg5HNFxZ0ihfsliIc9CJa6xrCud4p-UDiLa_UhRMkKG5oiDd2lipnxdTs8ngmaMZeSP1Ve2WhSB3qSBSinUXIutjGtt-pNRVJ_5ta8ojOWLBypvTOrK495aeJaDkrHqRW87KZ3bD-QjnkNHgIoXtz7lUul/https%3A%2F%2Fgetfedora.org%2Fcode-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
