Bruno sent me the logs privately, let me just share the solution of this case
with the list. The problem here was that master had only 1000 numbers allocated
(chosen during IPA installation). Therefore, it had less than 1000 numbers free.

When the replica asked for some free numbers from it, it refused to give any as
it would lower it's pool of free numbers below 500 (dnaThreshold setting).

Bruno was able to fix the issue with this command run on master:

$ ldapmodify -h `hostname` -D "cn=Directory Manager" -x -W
dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: modify
replace: dnaMaxValue
dnaMaxValue: 5000

He should also run idrange-find to see if there is an IPA range listed and adjust it to match the DNA configuration.


