Hi Rob, Thanks for replying!
It is not missing and I can create new user or group on it: [root@ipa2 ~]# ldapsearch -D "cn=directory manager" -W -b "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config> with scope subtree # filter: (objectclass=*) # requesting: ALL # # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config cn: Posix IDs dnaExcludeScope: cn=provisioning,dc=example,dc=com dnaFilter: (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ip aIDobject)) dnaMagicRegen: -1 dnaMaxValue: 1889657499 dnaNextValue: 1889650758 dnaScope: dc=example,dc=com dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com dnaThreshold: 500 dnaType: uidNumber dnaType: gidNumber objectClass: top objectClass: extensibleObject # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [root@ipa2 ~]# On Thu, Aug 19, 2021 at 5:14 PM Rob Crittenden <rcrit...@redhat.com> wrote: > Kathy Zhu via FreeIPA-users wrote: > > Hello, > > > > ipa-healthcheck is a great tool! Really appreciate Rob to make it > > working for Centos. > > > > When I ran it on all of our IPA servers, one server reported: > > > > [root@ipa2 ~]# ipa-healthcheck--failures-only --output-type human > > > > CRITICAL: ipahealthcheck.ipa.dna.IPADNARangeCheck: no matching entry > found > > > > [root@ipa2 ~]# > > > > > > I created a user and a group on this server then deleted them, > > rerun ipa-healthcheck, I still get the same error. Here is the jason > > format of it: > > > > { > > > > "source": "ipahealthcheck.ipa.dna", > > > > "kw": { > > > > "exception": "no matching entry found" > > > > }, > > > > "uuid": "aaf4da70-64ca-435f-8011-b40da74b874e", > > > > "duration": "0.136489", > > > > "when": "20210819224225Z", > > > > "check": "IPADNARangeCheck", > > > > "result": "CRITICAL" > > > > } > > > > > > We have 7 ipa servers, this is the only server with this error. > > > > The success one looks like below: > > > > { > > "source": "ipahealthcheck.ipa.dna", > > "kw": { > > "range_start": 1889601184, > > "next_start": 0, > > "next_max": 0, > > "range_max": 1889625999 > > }, > > "uuid": "1ce671b9-76cf-46ce-b7d2-d5eec4079d63", > > "duration": "0.309565", > > "when": "20210630231006Z", > > "check": "IPADNARangeCheck", > > "result": "SUCCESS" > > } > > > > > > Any suggestions/ideas to fix it? > > It looks in here for the configuration. It could thrown a not found if > it is missing (though why/how it could be I don't know): > > cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config > > rob > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure