Hello, I would like to discuss https://bugzilla.redhat.com/show_bug.cgi?id=1211366 "Error creating a user when jumping from an original server to replica".
Currently the DNA ranges are distributed from master to other replicas on first attempt to get a number from particular range. This works well as long as the original master is reachable but fails miserably when the master is not reachable for any reason. It is apparently confusing to users [1][2] because it is counter-intuitive. They have created a replica to be sure that everything will work when the first server is down, right? Remediation is technically simple [3] (just assign a range to the new replica) but it is confusing to the users, error-prone, and personally I feel that this is an unnecessary obstacle. It seems to me that the original motivation for this behavior was that the masters were not able to request range back from other replicas when a local range was depleted. This deficiency is tracked as https://bugzilla.redhat.com/show_bug.cgi?id=1029640 and it is slated for fix in 4.2.x time frame. Can we distribute ranges to the replicas during ipa-replica-install when we fix bug 1029640? [1] https://bugzilla.redhat.com/show_bug.cgi?id=1211366#c0 [2] https://www.redhat.com/archives/freeipa-users/2015-May/msg00515.html [3] http://blog-rcritten.rhcloud.com/?p=50 -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
