From eceefd520802efe356d413a13247c5f68d8e27c8 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 12 Jun 2013 12:17:08 +0200 Subject: Add now options ldap_min_id and ldap_max_id Currently the range for Posix IDs stored in an LDAP server is unbound. This might lead to conflicts in a setup with AD and trusts when the configured domain uses IDs from LDAP. With the two noe options this conflict can be avoided. --- src/man/sssd-ldap.5.xml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'src/man') diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index fd29650e..12e91524 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -1433,6 +1433,27 @@ + + ldap_min_id, ldap_max_id (interger) + + + In contrast to the SID based ID mapping which is + used if ldap_id_mapping is set to true the allowed + ID range for ldap_user_uid_number and + ldap_group_gid_number is unbound. In a setup with + sub/trusted-domains this might lead to ID + collisions. To avoid collisions ldap_min_id and + ldap_max_id can be set to restrict the allowed + range for the IDs which are read directly from the + server. Sub-domains can then pick other ranges to + map IDs. + + + Default: not set (both options are set to 0) + + + + ldap_sasl_mech (string) -- cgit