Hi all,

I had to reinstall my IPA setup, so I'm using 4.4 and am learning the newer 
domain levels and topology features.
I've installed 3 servers.
I promoted one of the replicas to master and demoted the original master to 
replica according to the documentation.
I ran into an issue with the original master no longer replicating, so I 
performed an ipa-server-install -uninstall and removed the host/server from IPA.

I re-setup the replica using ipa-client-install and then ipa-replica-install, 
and had no errors reported in the output.
I then went into Web UI and setup replication agreements using the topology 
graph page between the new replica and the previous replica (the master/new 
replica agreements being setup by the replica install script).

I then attempted to add a posix group account and got an operational error 
message. This caused ldap to crash on the server I was interfacing with.
I performed an 'ipactl restart' on the affected server and attempted again with 
the same issue.
I tried adding a non-posix group and it was successful.

I found the dirsrv logs and see the error 'dna-plugin - dna_pre_op: no more 
values available!!' which lead me to 

Performing the ldapserch I see:
  dnaMaxValue is 1100
  dnaNextValue is 1101
  dnaThreshold is 500

I also did 'ipa idrange-find', which shows:

1 range matched
  Range name: MYDOMAIN.COM_id_range
  First Posix ID of the range: 1946000000
  Number of IDs in the range: 200000
  Range type: local domain range
Number of entries returned 1

So now my question is what do I need to change to fix the issue?
I can do the ldapmodify to adjust the dnaMaxValue, but I don't know what I 
should be adjusting the idrange to?
I'd like to keep the idrange the same and just adjust the dnaMaxValue, so would 
I need to change dnaMaxValue to 200000?


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to