Bug 845255

Summary: Update manpage with the minimal value expected for ldap_idmap_range_size
Product: Red Hat Enterprise Linux 7 Reporter: Dmitri Pal <dpal>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED ERRATA QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: kbanerje
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: sssd-1.12.0-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 10:26:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Dmitri Pal 2012-08-02 13:26:56 UTC
This bug is created as a clone of upstream ticket:

In the "ID MAPPING" section of the manpage, the ldap_idmap_range_size should have a mention that the value should be atleast the user's corresponding RID on the AD Server.

e.g. for a user with objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107,  ldap_idmap_range_size should be atleast 1107. Lookups/enumeration for the user will not work if a value less than that is mentioned.

Comment 3 Jakub Hrozek 2014-03-20 19:21:41 UTC
master - 13aea9c2b9c48dd614095b4551021868812ba2f0

Comment 5 Kaushik Banerjee 2015-01-05 10:32:40 UTC
Verified in version sssd-1.12.2-39.el7

sssd-ad manpage has:

NOTE: The value of this option must be at least as large as the
highest user RID planned for use on the Active Directory
server. User lookups and login will fail for any user whose RID
is greater than this value.

For example, if your most recently-added Active Directory user
has objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107,
“ldap_idmap_range_size” must be at least 1107.

It is important to plan ahead for future expansion, as changing
this value will result in changing all of the ID mappings on
the system, leading to users with different local IDs than they
previously had.

Comment 7 errata-xmlrpc 2015-03-05 10:26:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.