Bug 845255 - Update manpage with the minimal value expected for ldap_idmap_range_size
Summary: Update manpage with the minimal value expected for ldap_idmap_range_size
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
Depends On:
TreeView+ depends on / blocked
Reported: 2012-08-02 13:26 UTC by Dmitri Pal
Modified: 2020-05-02 16:56 UTC (History)
1 user (show)

Fixed In Version: sssd-1.12.0-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-03-05 10:26:43 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github SSSD sssd issues 2493 0 None None None 2020-05-02 16:56:45 UTC
Red Hat Product Errata RHBA-2015:0441 0 normal SHIPPED_LIVE sssd bug fix and enhancement update 2015-03-05 15:05:27 UTC

Description Dmitri Pal 2012-08-02 13:26:56 UTC
This bug is created as a clone of upstream ticket:

In the "ID MAPPING" section of the manpage, the ldap_idmap_range_size should have a mention that the value should be atleast the user's corresponding RID on the AD Server.

e.g. for a user with objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107,  ldap_idmap_range_size should be atleast 1107. Lookups/enumeration for the user will not work if a value less than that is mentioned.

Comment 3 Jakub Hrozek 2014-03-20 19:21:41 UTC
master - 13aea9c2b9c48dd614095b4551021868812ba2f0

Comment 5 Kaushik Banerjee 2015-01-05 10:32:40 UTC
Verified in version sssd-1.12.2-39.el7

sssd-ad manpage has:

NOTE: The value of this option must be at least as large as the
highest user RID planned for use on the Active Directory
server. User lookups and login will fail for any user whose RID
is greater than this value.

For example, if your most recently-added Active Directory user
has objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107,
“ldap_idmap_range_size” must be at least 1107.

It is important to plan ahead for future expansion, as changing
this value will result in changing all of the ID mappings on
the system, leading to users with different local IDs than they
previously had.

Comment 7 errata-xmlrpc 2015-03-05 10:26:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.