'\" t
.\" Title: idmap_sss
.\" Author: The SSSD upstream - https://github.com/SSSD/sssd/
.\" Generator: DocBook XSL Stylesheets vsnapshot
.\" Date: 01/18/2024
.\" Manual: SSSD Manual pages
.\" Source: SSSD
.\" Language: English
.\"
.TH "IDMAP_SSS" "8" "01/18/2024" "SSSD" "SSSD Manual pages"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
idmap_sss \- SSSD\*(Aqs idmap_sss Backend for Winbind
.SH "DESCRIPTION"
.PP
The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs\&. No database is required in this case as the mapping is done by SSSD\&.
.SH "IDMAP OPTIONS"
.PP
range = low \- high
.RS 4
Defines the available matching UID and GID range for which the backend is authoritative\&.
.RE
.SH "EXAMPLES"
.PP
This example shows how to configure idmap_sss as the default mapping module\&.
.sp
.if n \{\
.RS 4
.\}
.nf
[global]
security = ads
workgroup =
idmap config : backend = sss
idmap config : range = 200000\-2147483647
idmap config * : backend = tdb
idmap config * : range = 100000\-199999
.fi
.if n \{\
.RE
.\}
.PP
Please replace with the NetBIOS domain name of the AD domain\&. If multiple AD domains should be used each domain needs an
idmap config
line with
backend = sss
and a line with a suitable
range\&.
.PP
Since Winbind requires a writeable default backend and idmap_sss is read\-only the example includes
backend = tdb
as default\&.
.SH "SEE ALSO"
.PP
\fBsssd\fR(8),
\fBsssd.conf\fR(5),
\fBsssd-ldap\fR(5),
\fBsssd-ldap-attributes\fR(5),
\fBsssd-krb5\fR(5),
\fBsssd-simple\fR(5),
\fBsssd-ipa\fR(5),
\fBsssd-ad\fR(5),
\fBsssd-files\fR(5),
\fBsssd-sudo\fR(5),
\fBsssd-session-recording\fR(5),
\fBsss_cache\fR(8),
\fBsss_debuglevel\fR(8),
\fBsss_obfuscate\fR(8),
\fBsss_seed\fR(8),
\fBsssd_krb5_locator_plugin\fR(8),
\fBsss_ssh_authorizedkeys\fR(8), \fBsss_ssh_knownhostsproxy\fR(8),
\fBsssd-ifp\fR(5),
\fBpam_sss\fR(8)\&.
\fBsss_rpcidmapd\fR(5)
\fBsssd-systemtap\fR(5)
.SH "AUTHORS"
.PP
\fBThe SSSD upstream \- https://github\&.com/SSSD/sssd/\fR