On 29 September 2017 at 10:21, Alexander Bokovoy <aboko...@redhat.com> wrote:
> On pe, 29 syys 2017, Andy Stubbs via FreeIPA-users wrote: > >> Hi >> >> We'd like to test FreeIPA in our environment, but I'm having a little bit >> of trouble importing DNS zone files. >> >> Running on fresh install of CentOS 7.4.1708 with >> FreeIPA 4.5.0-21.el7.centos.1.2 >> >> I install a vanilla IPA server from scratch with (something along these >> lines): >> >> ipa-server-install --mkhomedir --setup-dns --setup-adtrust >> --netbios-name=REALM --enable-compat --no-forwarders >> --realm=REALM.BLAHBLAH >> --domain=realm.blahblah --hostname=ds1.realm.blahblah >> --ip-address=10.<something> --reverse-zone=10.in-addr.arpa. >> --allow-zone-overlap --no-host-dns >> >> I have prepared an LDIF file for importing our reverse zone (around about >> 140k entries, thanks to lots of $GENERATE$ in our existing zone files). >> >> I then import the LDIF into 389ds with: >> >> ldapadd -c -d -1 -Y GSSAPI < reverse.ldif >> >> This starts off generally well, but always ends up hanging, with slapd >> locking up too. >> > Do you need compat tree at this point? If not, disable it with > 'ipa-compat-manage disable' and 'ipa-nis-manage disable', run your > import job, enable compat/nis. > > Good point. So I reinstalled from scratch removing: --setup-adtrust --netbios-name --enable-compat For completeness, I should say I also noticed I was using a magnetic disk on AWS so I changed to an SSD. Result is that I have managed to do the import successfully. Almost perfectly - in fact I had to reimport one of the files (of 5000 entries) after one of the ldapadd commands failed with err 51 LDAP_BUSY. Which is fine. I will continue to poke and prod, but for now this appears to work around the issue just fine for our needs. Many thanks. Andy -- <https://www.treatwell.com/> Andrew Stubbs, PhD Head of Technical Operations +44 203 770 4582 treatwell.co.uk
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
