Simo proposed the following scheme:
We define 2 ranges, 200k each, the first range has direct UIG/GID - base -> SID + 1st range base translation. The second range includes SIDs exclusively if a group conflicts with a User ID. The only things SSSD needs to know are the ranges and their bases.
So if we have IPA ID range 1200000 - 1399999 we allocate 2 SID ranges in our own domain: 1000 - 200999 and 201000 - 400999
a UID/GID of 1200123 -> S-<domain>-1123 a conflicintg GID of 1200456 -> S-<domain>-201456
SSSD only needs to know: ID-base: 1200000, range 200000, SID-std base: 1000, range 200000, SID-ext base: 201000, range 200000
master: 65ad261
Rename "trusts" component to "Trusts" to achieve correct sorting.
Metadata Update from @sbose: - Issue assigned to sbose - Issue set to the milestone: FreeIPA 3.0 Trust Effort - 2012/06
Log in to comment on this ticket.