LDAP: Inform about small range size

When a returned RID has a higher value than the ldap_idmap_range_size,
it means that the administrator did not plan appropriately for the size
of their network. We need to alert the admin at a severe notification
level that their configuration will fail on entries with a high RID and
point them at the explanation in the manual.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

1 files changed, 7 insertions, 0 deletions

diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c
index 36d529836..f4a065b0b 100644
--- a/src/providers/ldap/sdap_idmap.c
+++ b/src/providers/ldap/sdap_idmap.c
@@ -503,6 +503,13 @@ sdap_idmap_sid_to_unix(struct sdap_idmap_ctx *idmap_ctx,
         ret = ENOTSUP;
         goto done;
         break;
+    case IDMAP_NO_RANGE:
+        DEBUG(SSSDBG_IMPORTANT_INFO,
+              "Object SID [%s] has a RID that is larger than the "
+              "ldap_idmap_range_size. See the \"ID MAPPING\" section of "
+              "sssd-ad(5) for an explanation of how to resolve this issue.",
+              sid_str);
+        /* Fall through intentionally */
     default:
         DEBUG(SSSDBG_MINOR_FAILURE,
               "Could not convert objectSID [%s] to a UNIX ID\n",