Change default min_id to 1

Also update manpage for min_id/max_id to be more clear about how
it relates to primary GID.

4 files changed, 16 insertions, 9 deletions

diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index be4dfb6f7..ae7502f8d 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -39,7 +39,7 @@
 
 #define CONFDB_FILE "config.ldb"
 #define CONFDB_DEFAULT_CONFIG_FILE SSSD_CONF_DIR"/sssd.conf"
-#define SSSD_MIN_ID 1000
+#define SSSD_MIN_ID 1
 
 
 /* Configuration options */
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 04d438e06..ea897d716 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -595,7 +595,6 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
         options = domain.list_mandatory_options()
         control_list = [
             'cache_credentials',
-            'min_id',
             'id_provider',
             'auth_provider']
 
@@ -989,9 +988,9 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
         domain = SSSDConfig.SSSDDomain('sssd', self.schema)
 
         # Positive test - Remove existing option
-        self.assertTrue('min_id' in domain.get_all_options().keys())
-        domain.remove_option('min_id')
-        self.assertFalse('min_id' in domain.get_all_options().keys())
+        self.assertTrue('cache_credentials' in domain.get_all_options().keys())
+        domain.remove_option('cache_credentials')
+        self.assertFalse('cache_credentials' in domain.get_all_options().keys())
 
         # Positive test - Remove unset but valid option
         self.assertFalse('max_id' in domain.get_all_options().keys())
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 7d0e20c77..f0ef41149 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -46,7 +46,7 @@ chpass_provider = str, None, false
 debug_level = int, None, false, 0
 debug_timestamps = bool, None, false
 command = str, None, false
-min_id = int, None, true, 1000
+min_id = int, None, false
 max_id = int, None, false
 timeout = int, None, false
 enumerate = bool, None, false
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index bd2d3acd1..497fae630 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -396,11 +396,19 @@
                     <term>min_id,max_id (integer)</term>
                     <listitem>
                         <para>
-                            UID limits for the domain. If a domain contains
-                            entry that is outside these limits, it is ignored
+                            UID and GID limits for the domain. If a domain
+                            contains an entry that is outside these limits, it
+                            is ignored.
                         </para>
                         <para>
-                            Default: 1000 for min_id, 0 (no limit) for max_id
+                            For users, this affects the primary GID limit. The
+                            user will not be returned to NSS if either the
+                            UID or the primary GID is outside the range. For
+                            non-primary group memberships, those that are in
+                            range will be reported as expected.
+                        </para>
+                        <para>
+                            Default: 1 for min_id, 0 (no limit) for max_id
                         </para>
                     </listitem>
                 </varlistentry>