When half of the RIDs in a pool are allocated (default=500), every subsequent RID allocation also causes a new RID pool allocation and the RID values jump by 124501. This has a few side effects: 1) Reduces life expectancy of the domain since only a finite number of RIDs can be allocated. 2) Creates some additional overhead of allocating RIDs on each RID allocation. 3) Reduces the number of domains sssd's AD integration can handle (see "slices" http://jhrozek.fedorapeople.org/sssd/1.9.0/man/sssd-ad.5.html)
Created attachment 8986 [details] Possible fix?
How to reproduce In a new instance, create over one RID pool of accounts accounts: j=0 while [ $j -le 500 ]; do /usr/local/samba/bin/samba-tool user add user_$x Password123 j=$(( $j + 1 )) done List the RID numbers used, noting the 124501 spike: /usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb '(cn=user_*)' objectSid|grep objectSid | awk -F- '{print $8}'|sort -n
*** This bug has been marked as a duplicate of bug 10014 ***