Bug 845255 - Update manpage with the minimal value expected for ldap_idmap_range_size
Update manpage with the minimal value expected for ldap_idmap_range_size
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd (Show other bugs)
7.0
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Jakub Hrozek
Kaushik Banerjee
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-02 09:26 EDT by Dmitri Pal
Modified: 2015-03-05 05:26 EST (History)
1 user (show)

See Also:
Fixed In Version: sssd-1.12.0-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-05 05:26:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dmitri Pal 2012-08-02 09:26:56 EDT
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/1451

In the "ID MAPPING" section of the manpage, the ldap_idmap_range_size should have a mention that the value should be atleast the user's corresponding RID on the AD Server.

e.g. for a user with objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107,  ldap_idmap_range_size should be atleast 1107. Lookups/enumeration for the user will not work if a value less than that is mentioned.
Comment 3 Jakub Hrozek 2014-03-20 15:21:41 EDT
master - 13aea9c2b9c48dd614095b4551021868812ba2f0
Comment 5 Kaushik Banerjee 2015-01-05 05:32:40 EST
Verified in version sssd-1.12.2-39.el7


sssd-ad manpage has:

NOTE: The value of this option must be at least as large as the
highest user RID planned for use on the Active Directory
server. User lookups and login will fail for any user whose RID
is greater than this value.

For example, if your most recently-added Active Directory user
has objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107,
“ldap_idmap_range_size” must be at least 1107.

It is important to plan ahead for future expansion, as changing
this value will result in changing all of the ID mappings on
the system, leading to users with different local IDs than they
previously had.
Comment 7 errata-xmlrpc 2015-03-05 05:26:43 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0441.html

Note You need to log in before you can comment on or make changes to this bug.