I ran the same ldapsearch on a good server and compared the outputs. Here are the differences:
dnaMaxValue: 1889657499 | dnaMaxValue: 1889607999 dnaNextValue: 1889650758 | dnaNextValue: 1889601276 Thanks. Kathy. On Thu, Aug 19, 2021 at 6:02 PM Kathy Zhu <k...@nuro.ai> wrote: > Hi Rob, > > Thanks for replying! > > It is not missing and I can create new user or group on it: > > [root@ipa2 ~]# ldapsearch -D "cn=directory manager" -W -b "cn=Posix > IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" > > Enter LDAP Password: > > # extended LDIF > > # > > # LDAPv3 > > # base <cn=Posix IDs,cn=Distributed Numeric Assignment > Plugin,cn=plugins,cn=config> with scope subtree > > # filter: (objectclass=*) > > # requesting: ALL > > # > > > # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config > > dn: cn=Posix IDs,cn=Distributed Numeric Assignment > Plugin,cn=plugins,cn=config > > cn: Posix IDs > > dnaExcludeScope: cn=provisioning,dc=example,dc=com > > dnaFilter: > (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ip > > aIDobject)) > > dnaMagicRegen: -1 > > dnaMaxValue: 1889657499 > > dnaNextValue: 1889650758 > > dnaScope: dc=example,dc=com > > dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com > > dnaThreshold: 500 > > dnaType: uidNumber > > dnaType: gidNumber > > objectClass: top > > objectClass: extensibleObject > > > # search result > > search: 2 > > result: 0 Success > > > # numResponses: 2 > > # numEntries: 1 > > [root@ipa2 ~]# > > > > > On Thu, Aug 19, 2021 at 5:14 PM Rob Crittenden <rcrit...@redhat.com> > wrote: > >> Kathy Zhu via FreeIPA-users wrote: >> > Hello, >> > >> > ipa-healthcheck is a great tool! Really appreciate Rob to make it >> > working for Centos. >> > >> > When I ran it on all of our IPA servers, one server reported: >> > >> > [root@ipa2 ~]# ipa-healthcheck--failures-only --output-type human >> > >> > CRITICAL: ipahealthcheck.ipa.dna.IPADNARangeCheck: no matching entry >> found >> > >> > [root@ipa2 ~]# >> > >> > >> > I created a user and a group on this server then deleted them, >> > rerun ipa-healthcheck, I still get the same error. Here is the jason >> > format of it: >> > >> > { >> > >> > "source": "ipahealthcheck.ipa.dna", >> > >> > "kw": { >> > >> > "exception": "no matching entry found" >> > >> > }, >> > >> > "uuid": "aaf4da70-64ca-435f-8011-b40da74b874e", >> > >> > "duration": "0.136489", >> > >> > "when": "20210819224225Z", >> > >> > "check": "IPADNARangeCheck", >> > >> > "result": "CRITICAL" >> > >> > } >> > >> > >> > We have 7 ipa servers, this is the only server with this error. >> > >> > The success one looks like below: >> > >> > { >> > "source": "ipahealthcheck.ipa.dna", >> > "kw": { >> > "range_start": 1889601184, >> > "next_start": 0, >> > "next_max": 0, >> > "range_max": 1889625999 >> > }, >> > "uuid": "1ce671b9-76cf-46ce-b7d2-d5eec4079d63", >> > "duration": "0.309565", >> > "when": "20210630231006Z", >> > "check": "IPADNARangeCheck", >> > "result": "SUCCESS" >> > } >> > >> > >> > Any suggestions/ideas to fix it? >> >> It looks in here for the configuration. It could thrown a not found if >> it is missing (though why/how it could be I don't know): >> >> cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config >> >> rob >> >>
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure