On Thu, 22 Mar 2018 14:30:23 +0100
Jose Luis Suarez <tecnico.sistemas at igualdadebenestar.org> wrote:
> Hello.
> Of course I did read that a lot of times.
>
> But it is still not clear to me why I must specify ranges in the
> member server, as uid and gid are already set in the AD DC, where
> this member server is querying them.
I take it you are referring to ID numbers in the '3000000' range on the
DC. If so, these are NOT uidNumber or gidNumber attributes, they are
xidNumber attributes and are only used on a DC (and unless you sync
idmap.ldb between DCs, only that DC). If you do add uidNumber &
gidNumber attributes to AD these will be used instead of the xidNumber
attributes.
>
> Is it not redundant specify two times the same parameters, once in the
> AD DC and again in the member server?
Well it would be, if you could use the 'idmap.config' lines on a DC,
but you cannot, they do not do anything.
Rowland