As it happens my paranoia seems to be on message.
We have just deployed 4 new sles 12 systems, with the following config:
id_provider = ad
auth_provider = ad
subdomains_provider = none
access_provider = ad
enumerate = false
cache_credentials = true
These systems were deployed without ldap_idmap_default_domain_sid or ldap_idmap_default_domain.
And the range they have started using is different to the range that exists on other deployed systems.
It appears that sssd has returned a different range from that which exists on our other systems.
I would apreciate advice on how to configure a range that will be uniform from the start.
Thanks for your help in advance.
Craig Silva
_________
Craig Silva
| Specialist Engineer – Unix Services – Servers, Storage and IDAM
Cenitex | Level 15, 80 Collins Street, Melbourne 3000
ph: 03-8688-1297 mob: 0429 365 609 |
www.cenitex.vic.gov.au
This office is located on the land of the Traditional Owners of the Kulin Nation.
Accountability, Collaboration, Respect, Initiative and Courage