[PATCHES] change example range for '*' domain in idmap_rid & idmap_ad manpages

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCHES] change example range for '*' domain in idmap_rid & idmap_ad manpages

Samba - samba-technical mailing list

Hi these patches change the example ranges for the '*' domain, from
above the the 'DOMAIN' range to below. This makes sense to me.

Rowland

idmap_rid.8.xml-fix-a-typo-and-change-range-for-the.patch (1K) Download Attachment
idmap_ad.8.xml-change-range-for-the-domain-the-old.patch (983 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCHES] change example range for '*' domain in idmap_rid & idmap_ad manpages

Samba - samba-technical mailing list
On Wednesday, 13 September 2017 19:09:07 CEST Rowland Penny via samba-
technical wrote:
> Hi these patches change the example ranges for the '*' domain, from
> above the the 'DOMAIN' range to below. This makes sense to me.

Hi Rowland,

I'm sorry but those ranges are to small! I'm speaking of experience. Customer
do copy and paste and then at one point they realize that the range they use
is not big enough and they run into a problem. We need to avoid such things so
the ranges need to be big enough that this can't happen.

Can we sattle on 10k for the global range:

        idmap config * : range          = 10000-19999

and for specific domain configs use a range of 1 million:

        idmap config MAIN : range       = 1000000 - 1999999
        ...

        idmap config TRUST1 : range       = 2000000 - 2999999



Cheers,


        Andreas


--
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             [hidden email]
www.samba.org

Reply | Threaded
Open this post in threaded view
|

Re: [PATCHES] change example range for '*' domain in idmap_rid & idmap_ad manpages

Samba - samba-technical mailing list
On Thu, 14 Sep 2017 08:20:24 +0200
Andreas Schneider <[hidden email]> wrote:

> On Wednesday, 13 September 2017 19:09:07 CEST Rowland Penny via samba-
> technical wrote:
> > Hi these patches change the example ranges for the '*' domain, from
> > above the the 'DOMAIN' range to below. This makes sense to me.
>
> Hi Rowland,
>
> I'm sorry but those ranges are to small! I'm speaking of experience.
> Customer do copy and paste and then at one point they realize that
> the range they use is not big enough and they run into a problem. We
> need to avoid such things so the ranges need to be big enough that
> this can't happen.
>
> Can we sattle on 10k for the global range:
>
> idmap config * : range          = 10000-19999
>
> and for specific domain configs use a range of 1 million:
>
> idmap config MAIN : range       = 1000000 - 1999999
> ...
>
> idmap config TRUST1 : range       = 2000000 - 2999999
>
>
>
> Cheers,
>
>
> Andreas
>
>

How can a range of '3000-7999' be too small for something that is
primarily meant for the 'well known sids' ? There are less than 200 of
them.
If '3000-7999' is too small, you have got the 'idmap config' block set
up incorrectly. Also the suggestion of using '10000-19999' is a non
starter because ADUC by default starts Unix IDs at 10000.

If you use the suggested '3000-7999' you can use:

    idmap config * : range = 3000-7999

    idmap config MAIN : range = 10000-1999999

    idmap config TRUST1 : range = 2000000-2999999

Perhaps the wiki needs a bit more work to explain about choosing the
range sizes ?
 
Rowland