Man page - idmap_sss(8)

Packages contains this manual

Package:  sssd-common
apt-get install sssd-common

Manuals in package:
• sssd-sudo(5)
• sssd-session-recording(5)
• sssd_krb5_locator_plugin(8)
• sssd.conf(5)
• sssd-systemtap(5)
• sssd_krb5_localauth_plugin(8)
• sss_ssh_knownhosts(1)
• sss_ssh_authorizedkeys(1)
• sssd-simple(5)
• sssd-files(5)
• idmap_sss(8)
• sss_rpcidmapd(5)
• sssd(8)
Documentations in package:
• sssd-common

Manual

IDMAP_SSS

NAME
DESCRIPTION
IDMAP OPTIONS
EXAMPLES
SEE ALSO
AUTHORS

---

NAME

idmap_sss - SSSD's idmap_sss Backend for Winbind

DESCRIPTION

The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. No database is required in this case as the mapping is done by SSSD.

IDMAP OPTIONS

range = low - high

Defines the available matching UID and GID range for which the backend is authoritative.

EXAMPLES

This example shows how to configure idmap_sss as the default mapping module.

[global]
security = ads
workgroup = <AD-DOMAIN-SHORTNAME>

idmap config <AD-DOMAIN-SHORTNAME> : backend = sss
idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647

idmap config * : backend = tdb
idmap config * : range = 100000-199999

Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of the AD domain. If multiple AD domains should be used each domain needs an idmap config line with backend = sss and a line with a suitable range.

Since Winbind requires a writeable default backend and idmap_sss is read-only the example includes backend = tdb as default.

SEE ALSO

sssd (8), sssd.conf (5), sssd-ldap (5), sssd-ldap-attributes (5), sssd-krb5 (5), sssd-simple (5), sssd-ipa (5), sssd-ad (5), sssd-files (5), sssd-sudo (5), sssd-session-recording (5), sss_cache (8), sss_debuglevel (8), sss_obfuscate (8), sss_seed (8), sssd_krb5_locator_plugin (8), sss_ssh_authorizedkeys (1), sss_ssh_knownhosts (1), sssd-ifp (5), pam_sss (8). sss_rpcidmapd (5) sssd-systemtap (5)

AUTHORS

The SSSD upstream - https://github.com/SSSD/sssd/

---