AD: autorid compatibility should recommend the use of default domain

Previously, we were failing to start if ldap_idmap_autorid_compat
was True but the default domain SID was unspecified. This is the
recommended configuration, but it is functional without it. There
is just a slight risk that the IDs will be inconsistent between
machines if the first user requested is not from the default
domain.

https://fedorahosted.org/sssd/ticket/1530

1 files changed, 4 insertions, 4 deletions

diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c
index b41958bbe..94170e54a 100644
--- a/src/providers/ldap/sdap_idmap.c
+++ b/src/providers/ldap/sdap_idmap.c
@@ -157,11 +157,11 @@ sdap_idmap_init(TALLOC_CTX *mem_ctx,
         } else {
             if (dp_opt_get_bool(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_AUTORID_COMPAT)) {
                 /* In autorid compatibility mode, we MUST have a slice 0 */
-                DEBUG(SSSDBG_FATAL_FAILURE,
-                      ("Autorid compatibility mode selected, but %s is not set\n",
+                DEBUG(SSSDBG_CRIT_FAILURE,
+                      ("WARNING: Autorid compatibility mode selected, "
+                       "but %s is not set. UID/GID values may differ "
+                       "between clients.\n",
                        idmap_ctx->id_ctx->opts->basic[SDAP_IDMAP_DEFAULT_DOMAIN_SID].opt_name));
-                ret = EINVAL;
-                goto done;
             }
             /* Otherwise, we'll just fall back to hash values as they are seen */
         }