On (12/01/16 14:00), hsc(a)miracle.dk wrote:
because RID (relative ID) of user SID is too big.
Which part is the RID?
The default value of range size (ldap_idmap_range_size)
is 200000. So this user does not fit there.
You can increase ldap_idmap_range_size to bigger value,
OK, I tried
but you will need to remove sssd cache after changing
idmap settings. This will results in different UID/GID of users.
I did a:
cd /var/lib/sssd/db && rm *
and stated again. now it says:
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [be_get_account_info] (0x0100): Got
request for [4097][1][idnumber=952940256]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [be_req_set_domain] (0x0400):
Changing request domain from [
corp.acme.com] to [
corp.acme.com]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [ad_account_can_shortcut] (0x0080):
Mapping ID [952940256] to SID failed: [IDMAP domain not found]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [ad_account_info_handler] (0x0400):
Cannot determine the right domain: Input/output error
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [users_get_send] (0x0080):
[952940256] did not match any configured ID mapping domain
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [sysdb_search_user_by_uid] (0x0400):
No such entry
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [sysdb_delete_user] (0x0400): Error:
2 (No such file or directory)
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [acctinfo_callback] (0x0100): Request
processed. Returned 0,0,Success
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [be_get_account_info] (0x0100): Got
request for [4097][1][idnumber=952940256]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [be_req_set_domain] (0x0400):
Changing request domain from [
corp.acme.com] to [
ad-root.acme.com]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [ad_account_can_shortcut] (0x0080):
Mapping ID [952940256] to SID failed: [IDMAP domain not found]
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [ad_account_info_handler] (0x0400):
Cannot determine the right domain: Input/output error
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [users_get_send] (0x0080):
[952940256] did not match any configured ID mapping domain
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [sysdb_search_user_by_uid] (0x0400):
No such entry
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [sysdb_delete_user] (0x0400): Error:
2 (No such file or directory)
(Wed Jan 13 07:31:06 2016) [sssd[be[corp.acme.com]]] [acctinfo_callback] (0x0100): Request
processed. Returned 0,0,Success
@see also
man sssd-ldap -> ldap_idmap_range_size
man sssd-ldap -> ID MAPPING -> 3rd paragraph
Thanks. I seems like it should be possible to calcutae the right size in some way.
./hans