Grant Janssen via FreeIPA-users wrote: > rob - thank you so much for your quick attention. > > with the exception of the dnaMaxValue and dnaNextValue the config appears to > be identical on all 3 servers. > > grant@ef-idm03:~[20181206-10:10][#5]$ ldapsearch -x -D 'cn=Directory Manager' > -W -b "cn=Posix IDs,cn=Distributed Numeric Assignment > Plugin,cn=plugins,cn=config" > Enter LDAP Password: ****** > # extended LDIF > # > # LDAPv3 > # base <cn=Posix IDs,cn=Distributed Numeric Assignment > Plugin,cn=plugins,cn=config> with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > cn: Posix IDs > dnaExcludeScope: cn=provisioning,dc=production,dc=efilm,dc=com > dnaFilter: (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ip > aIDobject)) > dnaMagicRegen: -1 > dnaMaxValue: 1100 > dnaNextValue: 1101 > dnaScope: dc=production,dc=efilm,dc=com > dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=production,dc=efilm,dc=co > m > dnaThreshold: 500 > dnaType: uidNumber > dnaType: gidNumber > objectClass: top > objectClass: extensibleObject > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > grant@ef-idm03:~[20181206-10:11][#6]$
Ok, so this confirms the ipa-replica-manage output. These are the starting values which means that this server may have never allocated a user (even though you added one). If you want to get to the bottom of which master added the user find the user_add in /var/log/httpd/error_log on one of the masters. I suspect it was not idm03. rob > > >> On Dec 6, 2018, at 10:09, Rob Crittenden <[email protected]> wrote: >> >> You might want to look at the actual config to see if it is a tooling issue: >> >> $ ldapsearch -x -D 'cn=Directory Manager' -W -b "cn=Posix >> IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" >> >> This is a per-master setting. >> >> rob > This e-mail and any attachments are intended only for use by the addressee(s) > named herein and may contain confidential information. If you are not the > intended recipient of this e-mail, you are hereby notified any dissemination, > distribution or copying of this email and any attachments is strictly > prohibited. If you receive this email in error, please immediately notify the > sender by return email and permanently delete the original, any copy and any > printout thereof. The integrity and security of e-mail cannot be guaranteed. > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
