Hi Rob,

Thanks for replying!

It is not missing and I can create new user or group on it:

[root@ipa2 ~]#  ldapsearch -D "cn=directory manager" -W -b "cn=Posix
IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"

Enter LDAP Password:

# extended LDIF

#

# LDAPv3

# base <cn=Posix IDs,cn=Distributed Numeric Assignment
Plugin,cn=plugins,cn=config> with scope subtree

# filter: (objectclass=*)

# requesting: ALL

#


# Posix IDs, Distributed Numeric Assignment Plugin, plugins, config

dn: cn=Posix IDs,cn=Distributed Numeric Assignment
Plugin,cn=plugins,cn=config

cn: Posix IDs

dnaExcludeScope: cn=provisioning,dc=example,dc=com

dnaFilter:
(|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ip

 aIDobject))

dnaMagicRegen: -1

dnaMaxValue: 1889657499

dnaNextValue: 1889650758

dnaScope: dc=example,dc=com

dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com

dnaThreshold: 500

dnaType: uidNumber

dnaType: gidNumber

objectClass: top

objectClass: extensibleObject


# search result

search: 2

result: 0 Success


# numResponses: 2

# numEntries: 1

[root@ipa2 ~]#




On Thu, Aug 19, 2021 at 5:14 PM Rob Crittenden <rcrit...@redhat.com> wrote:

> Kathy Zhu via FreeIPA-users wrote:
> > Hello,
> >
> > ipa-healthcheck is a great tool! Really appreciate Rob to make it
> > working for Centos.
> >
> > When I ran it on all of our IPA servers, one server reported:
> >
> > [root@ipa2 ~]# ipa-healthcheck--failures-only --output-type human
> >
> > CRITICAL: ipahealthcheck.ipa.dna.IPADNARangeCheck: no matching entry
> found
> >
> > [root@ipa2 ~]#
> >
> >
> > I created a user and a group on this server then deleted them,
> > rerun ipa-healthcheck, I still get the same error. Here is the jason
> > format of it:
> >
> >   {
> >
> >     "source": "ipahealthcheck.ipa.dna",
> >
> >     "kw": {
> >
> >       "exception": "no matching entry found"
> >
> >     },
> >
> >     "uuid": "aaf4da70-64ca-435f-8011-b40da74b874e",
> >
> >     "duration": "0.136489",
> >
> >     "when": "20210819224225Z",
> >
> >     "check": "IPADNARangeCheck",
> >
> >     "result": "CRITICAL"
> >
> >   }
> >
> >
> > We have 7 ipa servers, this is the only server with this error.
> >
> > The success one looks like below:
> >
> >   {
> >     "source": "ipahealthcheck.ipa.dna",
> >     "kw": {
> >       "range_start": 1889601184,
> >       "next_start": 0,
> >       "next_max": 0,
> >       "range_max": 1889625999
> >     },
> >     "uuid": "1ce671b9-76cf-46ce-b7d2-d5eec4079d63",
> >     "duration": "0.309565",
> >     "when": "20210630231006Z",
> >     "check": "IPADNARangeCheck",
> >     "result": "SUCCESS"
> >   }
> >
> >
> > Any suggestions/ideas to fix it?
>
> It looks in here for the configuration. It could thrown a not found if
> it is missing (though why/how it could be I don't know):
>
> cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
>
> rob
>
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to