docs-xml: Fix idmap_autorid documentation

What we want to avoid:

$ ./bin/testparm -s | grep "idmap config"
        idmap config * : rangesize = 10000
        idmap config * : range = 10000-19999
        idmap config * : backend = autorid

$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)

$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000

$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4058748110-895691256-3682847423-1107 SID_USER (1)

$ ./bin/wbinfo --sid-to-gid S-1-5-21-984165912-589366285-3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-984165912-589366285-3903095728-1107 to gid

If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 16 17:04:53 UTC 2022 on sn-devel-184

1 files changed, 7 insertions, 1 deletions

diff --git a/docs-xml/manpages/idmap_autorid.8.xml b/docs-xml/manpages/idmap_autorid.8.xml
index 6c4da1cad8a..980718f0bd4 100644
--- a/docs-xml/manpages/idmap_autorid.8.xml
+++ b/docs-xml/manpages/idmap_autorid.8.xml
@@ -48,7 +48,13 @@
 			and the corresponding map is discarded.  It is
 			intended as a way to avoid accidental UID/GID
 			overlaps between local and remotely defined
-			IDs.
+			IDs. Note that the range should be a multiple
+			of the rangesize and needs to be at least twice
+			as large in order to have sufficient id range
+			space for the mandatory BUILTIN domain.
+			With a default rangesize of 100000 the range
+			needs to span at least 200000.
+			This would be: range = 100000 - 299999.
 		</para></listitem>
 		</varlistentry>