Ok. I read a work-around on https://blog-rcritten.rhcloud.com/?p=50
It says that if one has figured out a safe new range for the replica, the range could be set using: ldapmodify -x -D 'cn=Directory Manager' -W Enter LDAP Password: dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config changetype: modify replace: dnaNextValue dnaNextValue: 1689700000 - replace: dnaMaxValue dnaMaxValue: 1689799999 ^D modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" I suppose this can be dangerous, but would you consider it as a work-around, or should it be avoided at all means ? On Fri, Jan 8, 2016 at 5:17 PM, Alexander Bokovoy <[email protected]> wrote: > On Fri, 08 Jan 2016, Karl Forner wrote: > >> If you never added users through this IPA server, it has no subset of ID >>> range >>> allocated to IDs issued on this server. To obtain this subset, it needs >>> to talk back to the master on first allocation. Master is missing, thus >>> it couldn't talk to it. >>> >>> >> thanks. >> >> But if I understand, I just can not add any users from my replica ? >> Does not it defeat the purpose of the replica as a failover server ? >> Or obtaining the subset of IDs should be part of the process of setting-up >> a replica ? >> > ID range is relatively scarce. We don't split it across multiple > replicas automatically because most of them will not be used to create > users and thus their sub-ranges will be wasted. > > Documentation for the DNA plugin: > > https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/dna-attributes.html > > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
