On Fri, 08 Jan 2016, Karl Forner wrote:

I read a work-around on https://blog-rcritten.rhcloud.com/?p=50

It says that if one has figured out a safe new range for the replica, the
range could be set using:

ldapmodify -x -D 'cn=Directory Manager' -W
Enter LDAP Password:
dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: modify
replace: dnaNextValue
dnaNextValue: 1689700000
replace: dnaMaxValue
dnaMaxValue: 1689799999

modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment

I suppose this can be dangerous, but would you consider it as a
work-around, or should it be avoided at all means ?

Rob is one of FreeIPA project original developers and he wrote this
code, so he knows it well. To derive dnaMaxValue/dnaNextValue you need to
consult older server's data, if it is still available (in

At worst you'd need to back out the change if things would work.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to