[PATCHES] change example range for '*' domain in idmap_rid & idmap_ad manpages
Rowland Penny
rpenny at samba.org
Thu Sep 14 07:18:20 UTC 2017
On Thu, 14 Sep 2017 08:20:24 +0200
Andreas Schneider <asn at samba.org> wrote:
> On Wednesday, 13 September 2017 19:09:07 CEST Rowland Penny via samba-
> technical wrote:
> > Hi these patches change the example ranges for the '*' domain, from
> > above the the 'DOMAIN' range to below. This makes sense to me.
>
> Hi Rowland,
>
> I'm sorry but those ranges are to small! I'm speaking of experience.
> Customer do copy and paste and then at one point they realize that
> the range they use is not big enough and they run into a problem. We
> need to avoid such things so the ranges need to be big enough that
> this can't happen.
>
> Can we sattle on 10k for the global range:
>
> idmap config * : range = 10000-19999
>
> and for specific domain configs use a range of 1 million:
>
> idmap config MAIN : range = 1000000 - 1999999
> ...
>
> idmap config TRUST1 : range = 2000000 - 2999999
>
>
>
> Cheers,
>
>
> Andreas
>
>
How can a range of '3000-7999' be too small for something that is
primarily meant for the 'well known sids' ? There are less than 200 of
them.
If '3000-7999' is too small, you have got the 'idmap config' block set
up incorrectly. Also the suggestion of using '10000-19999' is a non
starter because ADUC by default starts Unix IDs at 10000.
If you use the suggested '3000-7999' you can use:
idmap config * : range = 3000-7999
idmap config MAIN : range = 10000-1999999
idmap config TRUST1 : range = 2000000-2999999
Perhaps the wiki needs a bit more work to explain about choosing the
range sizes ?
Rowland
More information about the samba-technical
mailing list