On (12/11/14 20:47), Karim wrote:
another question: how are you doing with ID collisions in cross realms scenarios? currently both forest configured with ldap_idmapping_range_size = 20000000
^^^^^^^^^^^^^^^^^^^^^^^^^ The name of the option is ldap_idmap_range_max
anything less than this sssd will complain its not able to convert SID to unix ID and login fail.
i didn't configure _range_max parameter, is there any recommendations for setting this across the two domains?
You can configure non-overlapping ranges in two domains with options ldap_idmap_range_min, ldap_idmap_range_max @see man sssd-ldap
LS