Table of Contents
The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. No database is required in this case as the mapping is done by SSSD.
Defines the available matching UID and GID range for which the backend is authoritative.
This example shows how to configure idmap_sss as the default mapping module.
[global]
security = ads
workgroup = <AD-DOMAIN-SHORTNAME>
idmap config <AD-DOMAIN-SHORTNAME> : backend = sss
idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647
idmap config * : backend = tdb
idmap config * : range = 100000-199999
Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain
name of the AD domain. If multiple AD domains should be used each
domain needs an idmap config line with
backend = sss and a line with a suitable
range.
Since Winbind requires a writeable default backend and idmap_sss is
read-only the example includes backend = tdb as
default.
sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-secrets(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8), sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8). sss_rpcidmapd(5) sssd-systemtap(5)