IDMAP_SSS(8) SSSD Manual pages IDMAP_SSS(8)
NAME
idmap_sss - SSSD's idmap_sss Backend for Winbind
DESCRIPTION
The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and
SIDs. No database is required in this case as the mapping is done by
SSSD.
IDMAP OPTIONS
range = low - high
Defines the available matching UID and GID range for which the
backend is authoritative.
EXAMPLES
This example shows how to configure idmap_sss as the default mapping
module.
[global]
security = ads
workgroup = <AD-DOMAIN-SHORTNAME>
idmap config <AD-DOMAIN-SHORTNAME> : backend = sss
idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647
idmap config * : backend = tdb
idmap config * : range = 100000-199999
Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of
the AD domain. If multiple AD domains should be used each domain needs
an idmap config line with backend = sss and a line with a suitable
range.
Since Winbind requires a writeable default backend and idmap_sss is
read-only the example includes backend = tdb as default.
SEE ALSO
sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5),
sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-
recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8),
sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8),
sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8). sss_rpcidmapd(5)
sssd-systemtap(5)
AUTHORS
The SSSD upstream - https://github.com/SSSD/sssd/
SSSD 02/09/2025 IDMAP_SSS(8)
Generated by dwww version 1.15 on Thu Sep 4 10:49:03 CEST 2025.