1IDMAP_SSS(8) SSSD Manual pages IDMAP_SSS(8)
2
3
4
6 idmap_sss - SSSD's idmap_sss Backend for Winbind
7
9 The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and
10 SIDs. No database is required in this case as the mapping is done by
11 SSSD.
12
14 range = low - high
15 Defines the available matching UID and GID range for which the
16 backend is authoritative.
17
19 This example shows how to configure idmap_sss as the default mapping
20 module.
21
22 [global]
23 security = ads
24 workgroup = <AD-DOMAIN-SHORTNAME>
25
26 idmap config <AD-DOMAIN-SHORTNAME> : backend = sss
27 idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647
28
29 idmap config * : backend = tdb
30 idmap config * : range = 100000-199999
31
32
33 Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of
34 the AD domain. If multiple AD domains should be used each domain needs
35 an idmap config line with backend = sss and a line with a suitable
36 range.
37
38 Since Winbind requires a writeable default backend and idmap_sss is
39 read-only the example includes backend = tdb as default.
40
42 sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5),
43 sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-
44 recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8),
45 sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8),
46 sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8). sss_rpcidmapd(5)
47 sssd-systemtap(5)
48
50 The SSSD upstream - https://github.com/SSSD/sssd/
51
52
53
54SSSD 05/19/2021 IDMAP_SSS(8)