I read a work-around on https://blog-rcritten.rhcloud.com/?p=50

It says that if one has figured out a safe new range for the replica, the
range could be set using:

ldapmodify -x -D 'cn=Directory Manager' -W
Enter LDAP Password:
dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: modify
replace: dnaNextValue
dnaNextValue: 1689700000
replace: dnaMaxValue
dnaMaxValue: 1689799999

modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment

I suppose this can be dangerous, but would you consider it as a
work-around, or should it be avoided at all means ?

On Fri, Jan 8, 2016 at 5:17 PM, Alexander Bokovoy <aboko...@redhat.com>

> On Fri, 08 Jan 2016, Karl Forner wrote:
>> If you never added users through this IPA server, it has no subset of ID
>>> range
>>> allocated to IDs issued on this server. To obtain this subset, it needs
>>> to talk back to the master on first allocation. Master is missing, thus
>>> it couldn't talk to it.
>> thanks.
>> But if I understand, I just can not add any users from my replica ?
>> Does not it defeat the purpose of the replica as a failover server ?
>> Or obtaining the subset of IDs should be part of the process of setting-up
>> a replica ?
> ID range is relatively scarce. We don't split it across multiple
> replicas automatically because most of them will not be used to create
> users and thus their sub-ranges will be wasted.
> Documentation for the DNA plugin:
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/dna-attributes.html
> --
> / Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to