Cox, Jason wrote: > Hi all, > > > > I had to reinstall my IPA setup, so I’m using 4.4 and am learning the > newer domain levels and topology features. > > I’ve installed 3 servers. > > I promoted one of the replicas to master and demoted the original master > to replica according to the documentation.
According to what documentation? Note that they are all masters, some may just run different services and only one has a few duties (like CRL generation). > I ran into an issue with the original master no longer replicating, so I > performed an ipa-server-install –uninstall and removed the host/server > from IPA. This is the where the problem started. > > I re-setup the replica using ipa-client-install and then > ipa-replica-install, and had no errors reported in the output. > > I then went into Web UI and setup replication agreements using the > topology graph page between the new replica and the previous replica > (the master/new replica agreements being setup by the replica install > script). > > > > I then attempted to add a posix group account and got an operational > error message. This caused ldap to crash on the server I was interfacing > with. If you are getting a core it would be very enlightening to get a stack trace from that (you'll need to install the debuginfo package to get any really useful data out of it). > > I performed an ‘ipactl restart’ on the affected server and attempted > again with the same issue. > > I tried adding a non-posix group and it was successful. > > > > I found the dirsrv logs and see the error ‘dna-plugin - dna_pre_op: no > more values available!!’ which lead me to > https://www.redhat.com/archives/freeipa-users/2014-February/msg00247.html > > > > Performing the ldapserch I see: > > dnaMaxValue is 1100 > > dnaNextValue is 1101 > > dnaThreshold is 500 Right. A master only gets a range when it needs one. In this case it needed one after the master holding the entire range went away. > I also did ‘ipa idrange-find’, which shows: > > > > --------------- > > 1 range matched > > --------------- > > Range name: MYDOMAIN.COM_id_range > > First Posix ID of the range: 1946000000 > > Number of IDs in the range: 200000 > > Range type: local domain range > > ---------------------------- > > Number of entries returned 1 > > ---------------------------- > > > > > > So now my question is what do I need to change to fix the issue? > > I can do the ldapmodify to adjust the dnaMaxValue, but I don’t know what > I should be adjusting the idrange to? > > I’d like to keep the idrange the same and just adjust the dnaMaxValue, > so would I need to change dnaMaxValue to 200000? See https://blog-rcritten.rhcloud.com/?p=50 rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
