'\" t
.\"     Title: idmap_sss
.\"    Author: The SSSD upstream - https://github.com/SSSD/sssd/
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\"      Date: 02/04/2024
.\"    Manual: SSSD Manual pages
.\"    Source: SSSD
.\"  Language: English
.\"
.TH "IDMAP_SSS" "8" "02/04/2024" "SSSD" "SSSD Manual pages"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
idmap_sss \- SSSD\*(Aqs idmap_sss Backend for Winbind
.SH "DESCRIPTION"
.PP
The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs\&. No database is required in this case as the mapping is done by SSSD\&.
.SH "IDMAP OPTIONS"
.PP
range = low \- high
.RS 4
Defines the available matching UID and GID range for which the backend is authoritative\&.
.RE
.SH "EXAMPLES"
.PP
This example shows how to configure idmap_sss as the default mapping module\&.
.sp
.if n \{\
.RS 4
.\}
.nf
[global]
security = ads
workgroup = <AD\-DOMAIN\-SHORTNAME>

idmap config <AD\-DOMAIN\-SHORTNAME> : backend        = sss
idmap config <AD\-DOMAIN\-SHORTNAME> : range          = 200000\-2147483647

idmap config * : backend        = tdb
idmap config * : range          = 100000\-199999
        
.fi
.if n \{\
.RE
.\}
.PP
Please replace <AD\-DOMAIN\-SHORTNAME> with the NetBIOS domain name of the AD domain\&. If multiple AD domains should be used each domain needs an
idmap config
line with
backend = sss
and a line with a suitable
range\&.
.PP
Since Winbind requires a writeable default backend and idmap_sss is read\-only the example includes
backend = tdb
as default\&.
.SH "SEE ALSO"
.PP
\fBsssd\fR(8),
\fBsssd.conf\fR(5),
\fBsssd-ldap\fR(5),
\fBsssd-ldap-attributes\fR(5),
\fBsssd-krb5\fR(5),
\fBsssd-simple\fR(5),
\fBsssd-ipa\fR(5),
\fBsssd-ad\fR(5),
\fBsssd-files\fR(5),
\fBsssd-sudo\fR(5),
\fBsssd-session-recording\fR(5),
\fBsss_cache\fR(8),
\fBsss_debuglevel\fR(8),
\fBsss_obfuscate\fR(8),
\fBsss_seed\fR(8),
\fBsssd_krb5_locator_plugin\fR(8),
\fBsss_ssh_authorizedkeys\fR(8), \fBsss_ssh_knownhostsproxy\fR(8),
\fBsssd-ifp\fR(5),
\fBpam_sss\fR(8)\&.
\fBsss_rpcidmapd\fR(5)
\fBsssd-systemtap\fR(5)
.SH "AUTHORS"
.PP
\fBThe SSSD upstream \- https://github\&.com/SSSD/sssd/\fR