What we want to avoid:
$ ./bin/testparm -s | grep "idmap config"
idmap config * : rangesize = 10000
idmap config * : range = 10000-19999
idmap config * : backend = autorid
$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)
$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000
$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-
4058748110-
895691256-
3682847423-1107 SID_USER (1)
$ ./bin/wbinfo --sid-to-gid S-1-5-21-
984165912-
589366285-
3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-
984165912-
589366285-
3903095728-1107 to gid
If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
config->maxranges = (dom->high_id - dom->low_id + 1) /
config->rangesize;
- if (config->maxranges == 0) {
- DEBUG(1, ("Allowed uid range is smaller than rangesize. "
- "Increase uid range or decrease rangesize.\n"));
+ if (config->maxranges < 2) {
+ DBG_WARNING("Allowed idmap range is not a least double the "
+ "size of the rangesize. Please increase idmap "
+ "range.\n");
status = NT_STATUS_INVALID_PARAMETER;
goto error;
}