[Freeipa-users] AD integration: Could not convert objectSID to a UNIX ID
David Guertin
guertin at middlebury.edu
Wed Mar 18 02:03:33 UTC 2015
On 03/17/2015 08:30 PM, Gould, Joshua wrote:
> It looks like the range for your AD domain defined in ³ipa idrange-find
> ‹all² needs to match whats in for your domain in /etc/sssd/sssd.conf.
>
> For your example. Under the [domain/CSNS.MIDDLEBURY.EDU] should have
>
> ldap_idmap_range_min = 1824600000
> ldap_idmap_range_size = 2000000
>
> Setting these two identically let me resolve AD ID¹s with the id command.
> Hopefully this works for you too.
Bingo! Thank you! That was indeed the solution. I needed to set the ID
range in both places, and now users can log in.
David Guertin
More information about the Freeipa-users
mailing list