Considerations for changing the ID map range and range size

If the IBM Storage Scale system is configured to use AD-based authentication, only the maximum value of ID map range can be changed. All other changes to ID map range and size, except increasing the maximum value of ID map range require reconfiguration of authentication, which results in loss of access to data. For example, if you used the --idmap-range as 3000-10000 and --idmap-range-size as 2000, you can increase only the value 10000 to accommodate more users per domain, without having an impact on the access to the data.

To change the ID mapping of an existing AD-based authentication configuration, either to change the range minimum value, decrease the range maximum value, or change the range size, you must complete the following steps:
Note: The mmuserauth service remove command results in loss of access.
  1. Submit the mmuserauth service remove command and do not specify the --idmapdelete option.
  2. Submit the mmuserauth service remove command and do specify the --idmapdelete option.
  3. Submit the mmuserauth service create command with the options and values that you want for the new Active Directory configuration.
    Important: If you do not perform the preceding three steps in sequence, results are unpredictable and can include complete loss of data access.