Hello everybody,
I'm trying to change the default ldap_idmap_range_min, ldap_idmap_range_max and ldap_idmap_range_size. First of all I'm not sure where to place them. I tried placing them in [domain/DOMAINNAME]. If I do so sssd service fails to start. I can't find any hints in logs even though I put the debug_level on 0xFFF0. Then I placed them in the [sssd] section. The service starts now but it seems that the values are ignored. My sssd.conf looks as follows:
[sssd]
services = nss, pam config_file_version = 2 domains = domain.name debug_level = 0xFFF0
ldap_idmap_default_domain_sid = SID ldap_idmap_default_domain = domain.name [nss]
default_shell = /bin/bash
[pam]
[domain/domain.name]
ad_hostname = hostname.domain.name ad_server = dc1.domain.name ad_backup_server = dc2.domain.name ad_domain = domain.name
#ldap_idmap_range_min = 100000 #ldap_idmap_range_max = 200000 #ldap_idmap_range_size = 10000
ldap_schema = ad ldap_id_mapping=true id_provider = ad ldap_sasl_mech = gssapi ldap_sasl_authid = dc1$@DONAIN.NAME
access_provider = simple
override_homedir = /home/%d/%u # on large directories, you may want to disable enumeration for performance reasons enumerate = true
auth_provider = krb5 chpass_provider = krb5 krb5_realm = DOMAIN.NAME krb5_server = dc1.domain.name krb5_backup_server = dc2.domain.name krb5_kpasswd = dc1.domain.name krb5_backup_kpasswd = dc2.domain.name krb5_keytab = /etc/krb5.sssd.keytab ldap_krb5_init_creds = true
ldap_referrals = false ldap_uri = ldap://dc1.domain.name,ldap://dc2.domain.name
ldap_search_base = some_search_base dyndns_update=false
I hope somebody can help me with this issue.
Thanks
On Mon, Sep 30, 2013 at 02:07:12PM +0200, Melvin Williams wrote:
Hello everybody,
I'm trying to change the default ldap_idmap_range_min, ldap_idmap_range_max and ldap_idmap_range_size. First of all I'm not sure where to place them. I tried placing them in [domain/DOMAINNAME]. If I do so sssd service fails to
the domain section is the right place, also for ldap_idmap_default_domain_sid and ldap_idmap_default_domain. Btw it is sufficient to put one of the two in the config file.
start. I can't find any hints in logs even though I put the debug_level on 0xFFF0. Then I placed them in the [sssd] section. The service starts now
Which version of sssd are you using. I cannot reproduce this with the current version. Feel free to send me the logs file.
bye, Sumit
but it seems that the values are ignored. My sssd.conf looks as follows:
[sssd]
services = nss, pam config_file_version = 2 domains = domain.name debug_level = 0xFFF0
ldap_idmap_default_domain_sid = SID ldap_idmap_default_domain = domain.name [nss]
default_shell = /bin/bash
[pam]
[domain/domain.name]
ad_hostname = hostname.domain.name ad_server = dc1.domain.name ad_backup_server = dc2.domain.name ad_domain = domain.name
#ldap_idmap_range_min = 100000 #ldap_idmap_range_max = 200000 #ldap_idmap_range_size = 10000
ldap_schema = ad ldap_id_mapping=true id_provider = ad ldap_sasl_mech = gssapi ldap_sasl_authid = dc1$@DONAIN.NAME
access_provider = simple
override_homedir = /home/%d/%u # on large directories, you may want to disable enumeration for performance reasons enumerate = true
auth_provider = krb5 chpass_provider = krb5 krb5_realm = DOMAIN.NAME krb5_server = dc1.domain.name krb5_backup_server = dc2.domain.name krb5_kpasswd = dc1.domain.name krb5_backup_kpasswd = dc2.domain.name krb5_keytab = /etc/krb5.sssd.keytab ldap_krb5_init_creds = true
ldap_referrals = false ldap_uri = ldap://dc1.domain.name,ldap://dc2.domain.name
ldap_search_base = some_search_base dyndns_update=false
I hope somebody can help me with this issue.
Thanks
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Thanks for the quick reply. I am using 1.9.2 on centos 6. Which log file do you need? sssd.log? It is about 13 MB big.
Regards Melvin
2013/9/30 Sumit Bose sbose@redhat.com
On Mon, Sep 30, 2013 at 02:07:12PM +0200, Melvin Williams wrote:
Hello everybody,
I'm trying to change the default ldap_idmap_range_min,
ldap_idmap_range_max
and ldap_idmap_range_size. First of all I'm not sure where to place
them. I
tried placing them in [domain/DOMAINNAME]. If I do so sssd service fails
to
the domain section is the right place, also for ldap_idmap_default_domain_sid and ldap_idmap_default_domain. Btw it is sufficient to put one of the two in the config file.
start. I can't find any hints in logs even though I put the debug_level
on
0xFFF0. Then I placed them in the [sssd] section. The service starts now
Which version of sssd are you using. I cannot reproduce this with the current version. Feel free to send me the logs file.
bye, Sumit
but it seems that the values are ignored. My sssd.conf looks as follows:
[sssd]
services = nss, pam config_file_version = 2 domains = domain.name debug_level = 0xFFF0
ldap_idmap_default_domain_sid = SID ldap_idmap_default_domain = domain.name [nss]
default_shell = /bin/bash
[pam]
[domain/domain.name]
ad_hostname = hostname.domain.name ad_server = dc1.domain.name ad_backup_server = dc2.domain.name ad_domain = domain.name
#ldap_idmap_range_min = 100000 #ldap_idmap_range_max = 200000 #ldap_idmap_range_size = 10000
ldap_schema = ad ldap_id_mapping=true id_provider = ad ldap_sasl_mech = gssapi ldap_sasl_authid = dc1$@DONAIN.NAME
access_provider = simple
override_homedir = /home/%d/%u # on large directories, you may want to disable enumeration for
performance
reasons enumerate = true
auth_provider = krb5 chpass_provider = krb5 krb5_realm = DOMAIN.NAME krb5_server = dc1.domain.name krb5_backup_server = dc2.domain.name krb5_kpasswd = dc1.domain.name krb5_backup_kpasswd = dc2.domain.name krb5_keytab = /etc/krb5.sssd.keytab ldap_krb5_init_creds = true
ldap_referrals = false ldap_uri = ldap://dc1.domain.name,ldap://dc2.domain.name
ldap_search_base = some_search_base dyndns_update=false
I hope somebody can help me with this issue.
Thanks
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
sssd-users@lists.fedorahosted.org