We need to know the number of the users to set appropriately big ID ranges.
If there are more users on the AD than the size of the range, they will be unable to log in.
We currently do some detection of the number of the users, but it works only for the users that have POSIX attributes defined in the AD. This does not have to be the case, and also, the users need not to be defined in the root domain (see #4525).
We should leverage the fact that SIDs are issues sequentially and try to estimate the number of the users on the AD side in a effective manner.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1139768
Not needed for 4.1 release, though they would fit 4.1.x nicely.
FreeIPA 4.1.1 was released.
4.1.2 was released.
4.1.3 was released.
Talked to Tomas and Alexander, this RFE does not belong in 4.1.x stabilization branch any more. However, it should be in core 4.2 milestone as this is a problem often hit by users.
Related SSSD ticket: https://fedorahosted.org/sssd/ticket/2188
There is not enough time left in 4.2 development to do this, we have to move it to next release.
Metadata Update from @tbabej:
- Issue assigned to tbabej
- Issue set to the milestone: FreeIPA 4.5 backlog
to comment on this ticket.