I ran the same ldapsearch on a good server and compared the outputs. Here
are the differences:
dnaMaxValue: 1889657499 |
dnaMaxValue: 1889607999
dnaNextValue: 1889650758 |
dnaNextValue: 1889601276
Thanks.
Kathy.
On Thu, Aug 19, 2021 at 6:02 PM Kathy Zhu <k...@nuro.ai> wrote:
> Hi Rob,
>
> Thanks for replying!
>
> It is not missing and I can create new user or group on it:
>
> [root@ipa2 ~]# ldapsearch -D "cn=directory manager" -W -b "cn=Posix
> IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config"
>
> Enter LDAP Password:
>
> # extended LDIF
>
> #
>
> # LDAPv3
>
> # base <cn=Posix IDs,cn=Distributed Numeric Assignment
> Plugin,cn=plugins,cn=config> with scope subtree
>
> # filter: (objectclass=*)
>
> # requesting: ALL
>
> #
>
>
> # Posix IDs, Distributed Numeric Assignment Plugin, plugins, config
>
> dn: cn=Posix IDs,cn=Distributed Numeric Assignment
> Plugin,cn=plugins,cn=config
>
> cn: Posix IDs
>
> dnaExcludeScope: cn=provisioning,dc=example,dc=com
>
> dnaFilter:
> (|(objectClass=posixAccount)(objectClass=posixGroup)(objectClass=ip
>
> aIDobject))
>
> dnaMagicRegen: -1
>
> dnaMaxValue: 1889657499
>
> dnaNextValue: 1889650758
>
> dnaScope: dc=example,dc=com
>
> dnaSharedCfgDN: cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com
>
> dnaThreshold: 500
>
> dnaType: uidNumber
>
> dnaType: gidNumber
>
> objectClass: top
>
> objectClass: extensibleObject
>
>
> # search result
>
> search: 2
>
> result: 0 Success
>
>
> # numResponses: 2
>
> # numEntries: 1
>
> [root@ipa2 ~]#
>
>
>
>
> On Thu, Aug 19, 2021 at 5:14 PM Rob Crittenden <rcrit...@redhat.com>
> wrote:
>
>> Kathy Zhu via FreeIPA-users wrote:
>> > Hello,
>> >
>> > ipa-healthcheck is a great tool! Really appreciate Rob to make it
>> > working for Centos.
>> >
>> > When I ran it on all of our IPA servers, one server reported:
>> >
>> > [root@ipa2 ~]# ipa-healthcheck--failures-only --output-type human
>> >
>> > CRITICAL: ipahealthcheck.ipa.dna.IPADNARangeCheck: no matching entry
>> found
>> >
>> > [root@ipa2 ~]#
>> >
>> >
>> > I created a user and a group on this server then deleted them,
>> > rerun ipa-healthcheck, I still get the same error. Here is the jason
>> > format of it:
>> >
>> > {
>> >
>> > "source": "ipahealthcheck.ipa.dna",
>> >
>> > "kw": {
>> >
>> > "exception": "no matching entry found"
>> >
>> > },
>> >
>> > "uuid": "aaf4da70-64ca-435f-8011-b40da74b874e",
>> >
>> > "duration": "0.136489",
>> >
>> > "when": "20210819224225Z",
>> >
>> > "check": "IPADNARangeCheck",
>> >
>> > "result": "CRITICAL"
>> >
>> > }
>> >
>> >
>> > We have 7 ipa servers, this is the only server with this error.
>> >
>> > The success one looks like below:
>> >
>> > {
>> > "source": "ipahealthcheck.ipa.dna",
>> > "kw": {
>> > "range_start": 1889601184,
>> > "next_start": 0,
>> > "next_max": 0,
>> > "range_max": 1889625999
>> > },
>> > "uuid": "1ce671b9-76cf-46ce-b7d2-d5eec4079d63",
>> > "duration": "0.309565",
>> > "when": "20210630231006Z",
>> > "check": "IPADNARangeCheck",
>> > "result": "SUCCESS"
>> > }
>> >
>> >
>> > Any suggestions/ideas to fix it?
>>
>> It looks in here for the configuration. It could thrown a not found if
>> it is missing (though why/how it could be I don't know):
>>
>> cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
>>
>> rob
>>
>>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
