Table of Contents
The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. No database is required in this case as the mapping is done by SSSD.
Defines the available matching UID and GID range for which the backend is authoritative.
This example shows how to configure idmap_sss as the default mapping module.
[global] security = ads workgroup = <AD-DOMAIN-SHORTNAME> idmap config <AD-DOMAIN-SHORTNAME> : backend = sss idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647 idmap config * : backend = tdb idmap config * : range = 100000-199999
Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain
name of the AD domain. If multiple AD domains should be used each
domain needs an idmap config
line with
backend = sss
and a line with a suitable
range
.
Since Winbind requires a writeable default backend and idmap_sss is
read-only the example includes backend = tdb
as
default.
sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-secrets(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8), sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8). sss_rpcidmapd(5) sssd-systemtap(5)