I work in an Active Directory environment where new SIDs have RIDs over 280,000 when attempting to set ldap_idmap_range_size in sssd.conf anything larger that 268204 causes the following errors in the log file
(Wed Jul 30 10:38:44 2014) [sssd[be[DOMAIN.EDU]]] [load_backend_module] (0x0010): Error (5) in module (ad) initialization (sssm_ad_id_init)! (Wed Jul 30 10:38:44 2014) [sssd[be[DOMAIN.EDU]]] [be_process_init] (0x0010): fatal error initializing data providers (Wed Jul 30 10:38:44 2014) [sssd[be[DOMAIN.EDU]]] [main] (0x0010): Could not initialize backend [5]
I have tested in both Ubuntu 14.04 and CentOS 7.0 with the same results.
Any help is greatly appreciated!
On Wed, Jul 30, 2014 at 03:12:18PM -0400, Thomas Moore wrote:
I work in an Active Directory environment where new SIDs have RIDs over 280,000 when attempting to set ldap_idmap_range_size in sssd.conf anything larger that 268204 causes the following errors in the log file
(Wed Jul 30 10:38:44 2014) [sssd[be[DOMAIN.EDU]]] [load_backend_module] (0x0010): Error (5) in module (ad) initialization (sssm_ad_id_init)! (Wed Jul 30 10:38:44 2014) [sssd[be[DOMAIN.EDU]]] [be_process_init] (0x0010): fatal error initializing data providers (Wed Jul 30 10:38:44 2014) [sssd[be[DOMAIN.EDU]]] [main] (0x0010): Could not initialize backend [5]
I have tested in both Ubuntu 14.04 and CentOS 7.0 with the same results.
Any help is greatly appreciated!
Hi,
can you try setting a larger ldap_idmap_range_size value?
Perhaps: ldap_idmap_range_size = 400000
In order to find your largest RID currently used you can run: ldapsearch -H ldap://ad-dc.ad.domain -b 'OU=Domain Controllers,dc=ad,dc=domain' 'CN=Rid Set' ridNextRID"
HTH
That is the problem I was having. If I set ldap_idmap_range_size higher I got the errors I posted.
I set debug_level = 9 and found some more helpful information that lead to a resolution this morning. I'll include some more below to help anyone else who may have this problem.
The error on debug_level 9 was "(Thu Jul 31 08:01:43 2014) [sssd[be[ DOMAIN.EDU]]] [sdap_idmap_init] (0x0100): Range size does not divide evenly. Uppermost range will not be used"
The man page says "ldap_idmap_range_size ...If the range size does not divide evenly into the min and max values, it will create as many complete slices as it can." However from my error that appears to not always be true.
My max and min are ldap_idmap_range_min = 200000 ldap_idmap_range_max = 2000200000
so max minus min gives 2000000000 and picking a ldap_idmap_range_size that divides evenly (800000) made my errors go away.
On Thu, Jul 31, 2014 at 5:06 AM, Jakub Hrozek jhrozek@redhat.com wrote:
On Wed, Jul 30, 2014 at 03:12:18PM -0400, Thomas Moore wrote:
I work in an Active Directory environment where new SIDs have RIDs over 280,000 when attempting to set ldap_idmap_range_size in sssd.conf
anything
larger that 268204 causes the following errors in the log file
(Wed Jul 30 10:38:44 2014) [sssd[be[DOMAIN.EDU]]] [load_backend_module] (0x0010): Error (5) in module (ad) initialization (sssm_ad_id_init)! (Wed Jul 30 10:38:44 2014) [sssd[be[DOMAIN.EDU]]] [be_process_init] (0x0010): fatal error initializing data providers (Wed Jul 30 10:38:44 2014) [sssd[be[DOMAIN.EDU]]] [main] (0x0010): Could not initialize backend [5]
I have tested in both Ubuntu 14.04 and CentOS 7.0 with the same results.
Any help is greatly appreciated!
Hi,
can you try setting a larger ldap_idmap_range_size value?
Perhaps: ldap_idmap_range_size = 400000
In order to find your largest RID currently used you can run: ldapsearch -H ldap://ad-dc.ad.domain -b 'OU=Domain Controllers,dc=ad,dc=domain' 'CN=Rid Set' ridNextRID"
HTH _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users@lists.fedorahosted.org
-
Jakub Hrozek -
Thomas Moore