On Аўт, 15 ліп 2025, Tien Cao Huy via FreeIPA-users wrote:
Dear,
Thanks for your information.
So I've run command: ipa-replica-manage dnarange-show
freeipa-repl01.domain.com: 748451708-748464499
freeipa-repl02.domain.com: 748476502-748488999
freeipa-server-master.domain.com: No range set
The server freeipa-server-master.domain.com has been set up as the new
replica. Is there anything unusual? After executing the command ipa
config-mod --enable-sid --add-sids, is dnarange expected to appear?
Nothing unusual here. Please follow the KCS article we pointed you to in
the freeipa-container's issue you originally opened. It has all the
details and guidance.
The DNA range on the new replica will only appear if any object
that requires use of DNA ranges will be created on that replica.
Assigning SIDs does not use DNA plugin, thus it will not cause the
replica to request new range slice from a server it was installed from.
SID generation requires presence of ID ranges that IPA maintains but it
does not use DNA ranges. We have a design page that explains interaction
between different types of identity ranges:
https://freeipa.readthedocs.io/en/latest/designs/id-mapping.html
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
