IDMAP_SSS(8) SSSD Manual pages IDMAP_SSS(8)
NAME
idmap_sss - SSSD's idmap_sss Backend for Winbind
DESCRIPTION
The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and
SIDs. No database is required in this case as the mapping is done by
SSSD.
IDMAP OPTIONS
range = low - high
Defines the available matching UID and GID range for which the
backend is authoritative.
EXAMPLES
This example shows how to configure idmap_sss as the default mapping
module.
[global]
security = ads
workgroup = <AD-DOMAIN-SHORTNAME>
idmap config <AD-DOMAIN-SHORTNAME> : backend = sss
idmap config <AD-DOMAIN-SHORTNAME> : range = 200000-2147483647
idmap config * : backend = tdb
idmap config * : range = 100000-199999
Please replace <AD-DOMAIN-SHORTNAME> with the NetBIOS domain name of the
AD domain. If multiple AD domains should be used each domain needs an
idmap config line with backend = sss and a line with a suitable range.
Since Winbind requires a writeable default backend and idmap_sss is
read-only the example includes backend = tdb as default.
SEE ALSO
sssd(8), sssd.conf(5), sssd-ldap(5), sssd-ldap-attributes(5), sssd-
krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-
sudo(5), sssd-session-recording(5), sss_cache(8), sss_debuglevel(8),
sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8),
sss_ssh_authorizedkeys(1), sss_ssh_knownhosts(1), sssd-ifp(5),
pam_sss(8). sss_rpcidmapd(5) sssd-systemtap(5)
AUTHORS
The SSSD upstream - https://github.com/SSSD/sssd/
SSSD 01/16/2025 IDMAP_SSS(8)
Generated by dwww version 1.16 on Tue Dec 16 05:33:02 CET 2025.