... that helps, thanking you!
-- lawrence On Wed, Sep 5, 2018 at 12:18 PM Sumit Bose <[email protected]> wrote: > On Tue, Sep 04, 2018 at 06:49:15AM -0400, Lawrence Kearney wrote: > > I beleive I understand the use of the the "ldap_idmap_default_domain_sid" > > directive. Most simply the MURMUR algorithm will be disabled and the > domain > > configuration designated as the "default" domain will be assigned to > slice > > [0]. My observation is that the UID-GID for an object becomes > > (ldap_idmap_range_min + <object_RID>) in this configuration. > > > > The man pages are less clear on why and how specifying which domain is > the > > default in a multi-domain configuration matters. My assumption is that > the > > sole purpose of the "[domain/default]" and "ldap_idmap_default_domain" > > options is to do just that. > > > > "[domain/default]" > > > > - Is the entended use for this domain stanza header? > > - Is is still a valid configuration choice? > > It is a valid configuration but there is no special handling. 'default' > is just treated as a name for the domain the same as 'abc' or any other > name. > > > > > > > "ldap_idmap_default_domain" > > > > - Is the entended use for this configuration directive? > > - If it is specified in one domain stanza in a multi-domain configuration > > will the configuration be honored across other configured domains? > > Each configured domain in sssd.conf like e.g [domain/abc] and > [domain/def] is independent of the other, so ldap_idmap_default_domain > is only for the individual section. > > The phrase 'default domain' in the man page entries refers to the > current configured domain in contrast to the discovered sub-domains. > > The 'ldap_idmap_default_domain' must only be set if the domain name you > choose in sssd.conf differs from the actual domain name. E.g. > > ... > [domain/home] > ... > ldap_idmap_default_domain = my.ad.domain > ... > > > HTH > > bye, > Sumit > > > > > > > Many thanks as always, > > > > > > -- lawrence > > > _______________________________________________ > > sssd-users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
