I believe that my master dna server isnt currently being used, so I did this.
ldapsearch -x -D 'cn=Directory Manager' -W -b cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=EXAMPLE,dc=lan Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=EXAMPLE,dc=lan> with scope subtree # filter: (objectclass=*) # requesting: ALL # # posix-ids, dna, ipa, etc, EXAMPLE.lan dn: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=EXAMPLE,dc=lan objectClass: nsContainer objectClass: top cn: posix-ids # ipa3.EXAMPLE.lan + 0, posix-ids, dna, ipa, etc, EXAMPLE.lan dn: dnaHostname=ipa3.EXAMPLE.lan+dnaPortNum=0,cn=posix-ids,cn=dna ,cn=ipa,cn=etc,dc=EXAMPLE,dc=lan dnaRemainingValues: 0 dnaSecurePortNum: 636 dnaPortNum: 0 dnaHostname: ipa3.EXAMPLE.lan objectClass: dnaSharedConfig objectClass: top # ipa3.EXAMPLE.lan + 389, posix-ids, dna, ipa, etc, EXAMPLE.lan dn: dnaHostname=ipa3.EXAMPLE.lan+dnaPortNum=389,cn=posix-ids,cn=d na,cn=ipa,cn=etc,dc=EXAMPLE,dc=lan dnaRemainingValues: 99997 dnaSecurePortNum: 636 dnaPortNum: 389 dnaHostname: ipa3.EXAMPLE.lan objectClass: dnaSharedConfig objectClass: top # ipa4.EXAMPLE.lan + 389, posix-ids, dna, ipa, etc, EXAMPLE.lan dn: dnaHostname=ipa4.EXAMPLE.lan+dnaPortNum=389,cn=posix-ids,cn=dna,cn=ip a,cn=etc,dc=EXAMPLE,dc=lan objectClass: dnaSharedConfig objectClass: top dnaHostname: ipa4.EXAMPLE.lan dnaPortNum: 389 dnaSecurePortNum: 636 dnaRemainingValues: 0 # ipa2.EXAMPLE.lan + 389, posix-ids, dna, ipa, etc, EXAMPLE.lan dn: dnaHostname=ipa2.EXAMPLE.lan+dnaPortNum=389,cn=posix-ids,cn =dna,cn=ipa,cn=etc,dc=EXAMPLE,dc=lan objectClass: dnaSharedConfig objectClass: top dnaHostname: ipa2.EXAMPLE.lan dnaPortNum: 389 dnaSecurePortNum: 636 dnaRemainingValues: 0 # search result search: 2 result: 0 Success # numResponses: 6 # numEntries: 5 Bryan On Fri, Apr 17, 2015 at 7:08 AM, Sumit Bose <[email protected]> wrote: > On Fri, Apr 17, 2015 at 06:36:24AM -0400, Bryan Pearson wrote: >> Should I add the same range to this machine or give each one it's own id >> range? > > The ranges are global for the whole IPA domain. The idranges manages > with the ipa tool have their data in the replicated tree hence changes > are available on all replicas. The DNA plugin has its own scheme to > distribute the data, see e.g. > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/Managing-Unique_UID_and_GID_Attributes.html > > for details. > > bye, > Sumit >> On Apr 17, 2015 3:53 AM, "Sumit Bose" <[email protected]> wrote: >> >> > On Thu, Apr 16, 2015 at 07:46:55PM -0400, Bryan Pearson wrote: >> > > I ran this comand on each of my IPA servers and one returned usable >> > > response: ipa idrange-find >> > > >> > > --------------- >> > > 1 range matched >> > > --------------- >> > > Range name: HOSTNAME.LAN_id_range >> > > First Posix ID of the range: 1920200000 >> > > Number of IDs in the range: 300000 >> > > Range type: local domain range >> > > ---------------------------- >> > > Number of entries returned 1 >> > > ---------------------------- >> > > >> > > While trying to add a new user on one of the other severs I recieve: >> > > *** >> > > Operations error: Allocation of a new value for range cn=posix >> > > ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config >> > > failed! Unable to proceed. >> > > *** >> > >> > This is expected, unfortunately the idranges used to manage different >> > idranges in environments with trust and the range used by the DNA plugin >> > to assign IDs to local users and groups are currently not connected. >> > There is ticket https://fedorahosted.org/freeipa/ticket/3609 to fix >> > this. >> > >> > bye, >> > Sumit >> > >> > > >> > > Should I go forward on other masters and do: >> > > >> > > *** >> > > ldapmodify -x -D 'cn=Directory Manager' -W >> > > Enter LDAP Password: >> > > dn: cn=Posix IDs,cn=Distributed Numeric Assignment >> > Plugin,cn=plugins,cn=config >> > > changetype: modify >> > > replace: dnaNextValue >> > > dnaNextValue: 1689700000 >> > > - >> > > replace: dnaMaxValue >> > > dnaMaxValue: 1689799999 >> > > ^D >> > > >> > > modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment >> > > Plugin,cn=plugins,cn=config" >> > > *** >> > > >> > > -- >> > > Manage your subscription for the Freeipa-users mailing list: >> > > https://www.redhat.com/mailman/listinfo/freeipa-users >> > > Go to http://freeipa.org for more info on the project >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
