Thanks for the quick reply. I am using 1.9.2 on centos 6. Which log file do you need? sssd.log? It is about 13 MB big. 

Regards
Melvin


2013/9/30 Sumit Bose <sbose@redhat.com>
On Mon, Sep 30, 2013 at 02:07:12PM +0200, Melvin Williams wrote:
> Hello everybody,
>
> I'm trying to change the default ldap_idmap_range_min, ldap_idmap_range_max
> and ldap_idmap_range_size. First of all I'm not sure where to place them. I
> tried placing them in [domain/DOMAINNAME]. If I do so sssd service fails to

the domain section is the right place, also for
ldap_idmap_default_domain_sid and ldap_idmap_default_domain. Btw it is
sufficient to put one of the two in the config file.

> start. I can't find any hints in logs even though I put the debug_level on
> 0xFFF0. Then I placed them in the [sssd] section. The service starts now

Which version of sssd are you using. I cannot reproduce this with the
current version. Feel free to send me the logs file.

bye,
Sumit

> but it seems that the values are ignored. My sssd.conf looks as follows:
>
> [sssd]
>
> services = nss, pam
> config_file_version = 2
> domains = domain.name
> debug_level = 0xFFF0
>
> ldap_idmap_default_domain_sid = SID
> ldap_idmap_default_domain = domain.name
> [nss]
>
> default_shell = /bin/bash
>
> [pam]
>
>
> [domain/domain.name]
>
> ad_hostname = hostname.domain.name
> ad_server = dc1.domain.name
> ad_backup_server = dc2.domain.name
> ad_domain = domain.name
>
> #ldap_idmap_range_min = 100000
> #ldap_idmap_range_max = 200000
> #ldap_idmap_range_size = 10000
>
> ldap_schema = ad
> ldap_id_mapping=true
> id_provider = ad
> ldap_sasl_mech = gssapi
> ldap_sasl_authid = dc1$@DONAIN.NAME
>
> access_provider = simple
>
> override_homedir = /home/%d/%u
> # on large directories, you may want to disable enumeration for performance
> reasons
> enumerate = true
>
> auth_provider = krb5
> chpass_provider = krb5
> krb5_realm = DOMAIN.NAME
> krb5_server = dc1.domain.name
> krb5_backup_server = dc2.domain.name
> krb5_kpasswd = dc1.domain.name
> krb5_backup_kpasswd = dc2.domain.name
> krb5_keytab = /etc/krb5.sssd.keytab
> ldap_krb5_init_creds = true
>
> ldap_referrals = false
> ldap_uri = ldap://dc1.domain.name,ldap://dc2.domain.name
>
> ldap_search_base = some_search_base
> dyndns_update=false
>
> I hope somebody can help me with this issue.
>
> Thanks

> _______________________________________________
> sssd-users mailing list
> sssd-users@lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/sssd-users

_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users