Brian J. Murrell via FreeIPA-users wrote: > On Wed, 2024-11-06 at 14:09 -0500, Rob Crittenden via FreeIPA-users > wrote: >> Brian J. Murrell via FreeIPA-users wrote: >>> On Wed, 2024-11-06 at 10:23 -0500, Rob Crittenden via FreeIPA-users >>> wrote: >>>> >>>> It's in the blog. ipa iprange-find. That along with the range of >>>> already >>>> issued ids will give you an idea of what the available ranges >>>> are. >>> >>> I see. Mine reports: >>> >>> # ipa idrange- >>> find >>> ---------------- >>> 2 ranges matched >>> ---------------- >>> Range name: INTERLINX.BC.CA_id_range >>> First Posix ID of the range: 396000000 >>> Number of IDs in the range: 200000 >>> First RID of the corresponding RID range: 1000 >>> First RID of the secondary RID range: 100000000 >>> Range type: local domain range >>> >>> Range name: INTERLINX.BC.CA_subid_range >>> First Posix ID of the range: 2147483648 >>> Number of IDs in the range: 2147352576 >>> First RID of the corresponding RID range: 2147283648 >>> Domain SID of the trusted domain: S-1-5-21-738065-838566- >>> 2194680828 >>> Range type: Active Directory domain range >>> ---------------------------- >>> Number of entries returned 2 >>> ---------------------------- >>> >>> So I just need to use any range other than 396000000-396199999? >>> Even >>> though no IPA server exists (any more) with that range? >> >> No. The DNA range should match the realm id_range with the starting >> point being the last value handed out + 1. > > I'm afraid I don't know what the realm id_range is then. But let me > take another stab at this.
Range name: INTERLINX.BC.CA_id_range > Do I want to use the range, say, 396100000-396199999? I'm not sure I'd lop off an entire 100k without looking. You can get an idea on the values allocated with: ldapsearch -Q -LLL -Y GSSAPI -b cn=users,cn=accounts,dc=example,dc=test uidnumber | grep uidnumber | cut -d: -f2 | sort -n Maybe pair that with a similar search for gidnumber. See what the distribution is. > > And if so: > > # ipa-replica-manage dnarange-set server.interlinx.bc.ca 396100000-396199999 Yup. rob > > > Sorry if I'm being a dolt about this. > > Cheers, > b. > > -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
