Hello everybody,

I'm trying to change the default ldap_idmap_range_min, ldap_idmap_range_max and ldap_idmap_range_size. First of all I'm not sure where to place them. I tried placing them in [domain/DOMAINNAME]. If I do so sssd service fails to start. I can't find any hints in logs even though I put the debug_level on 0xFFF0. Then I placed them in the [sssd] section. The service starts now but it seems that the values are ignored. My sssd.conf looks as follows:

[sssd]

services = nss, pam
config_file_version = 2
domains = domain.name
debug_level = 0xFFF0
        
ldap_idmap_default_domain_sid = SID
ldap_idmap_default_domain = domain.name
[nss]
        
default_shell = /bin/bash 
        
[pam]   

        
[domain/domain.name]

ad_hostname = hostname.domain.name
ad_server = dc1.domain.name
ad_backup_server = dc2.domain.name
ad_domain = domain.name

#ldap_idmap_range_min = 100000
#ldap_idmap_range_max = 200000
#ldap_idmap_range_size = 10000
        
ldap_schema = ad
ldap_id_mapping=true
id_provider = ad 
ldap_sasl_mech = gssapi
ldap_sasl_authid = dc1$@DONAIN.NAME

access_provider = simple

override_homedir = /home/%d/%u
# on large directories, you may want to disable enumeration for performance reasons
enumerate = true
        
auth_provider = krb5
chpass_provider = krb5
krb5_realm = DOMAIN.NAME 
krb5_server = dc1.domain.name
krb5_backup_server = dc2.domain.name
krb5_kpasswd = dc1.domain.name
krb5_backup_kpasswd = dc2.domain.name
krb5_keytab = /etc/krb5.sssd.keytab
ldap_krb5_init_creds = true

ldap_referrals = false
ldap_uri = ldap://dc1.domain.name,ldap://dc2.domain.name

ldap_search_base = some_search_base
dyndns_update=false

I hope somebody can help me with this issue. 

Thanks