From a47102e74050d8ab14a9ea835ab2640c9aa65856 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 8 Oct 2015 11:33:30 -0400
Subject: LDAP: Inform about small range size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When a returned RID has a higher value than the ldap_idmap_range_size,
it means that the administrator did not plan appropriately for the size
of their network. We need to alert the admin at a severe notification
level that their configuration will fail on entries with a high RID and
point them at the explanation in the manual.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
---
 src/providers/ldap/sdap_idmap.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c
index 36d529836..f4a065b0b 100644
--- a/src/providers/ldap/sdap_idmap.c
+++ b/src/providers/ldap/sdap_idmap.c
@@ -503,6 +503,13 @@ sdap_idmap_sid_to_unix(struct sdap_idmap_ctx *idmap_ctx,
         ret = ENOTSUP;
         goto done;
         break;
+    case IDMAP_NO_RANGE:
+        DEBUG(SSSDBG_IMPORTANT_INFO,
+              "Object SID [%s] has a RID that is larger than the "
+              "ldap_idmap_range_size. See the \"ID MAPPING\" section of "
+              "sssd-ad(5) for an explanation of how to resolve this issue.",
+              sid_str);
+        /* Fall through intentionally */
     default:
         DEBUG(SSSDBG_MINOR_FAILURE,
               "Could not convert objectSID [%s] to a UNIX ID\n",
-- 
cgit