Hi all, I had to reinstall my IPA setup, so I'm using 4.4 and am learning the newer domain levels and topology features. I've installed 3 servers. I promoted one of the replicas to master and demoted the original master to replica according to the documentation. I ran into an issue with the original master no longer replicating, so I performed an ipa-server-install -uninstall and removed the host/server from IPA.
I re-setup the replica using ipa-client-install and then ipa-replica-install, and had no errors reported in the output. I then went into Web UI and setup replication agreements using the topology graph page between the new replica and the previous replica (the master/new replica agreements being setup by the replica install script). I then attempted to add a posix group account and got an operational error message. This caused ldap to crash on the server I was interfacing with. I performed an 'ipactl restart' on the affected server and attempted again with the same issue. I tried adding a non-posix group and it was successful. I found the dirsrv logs and see the error 'dna-plugin - dna_pre_op: no more values available!!' which lead me to https://www.redhat.com/archives/freeipa-users/2014-February/msg00247.html Performing the ldapserch I see: dnaMaxValue is 1100 dnaNextValue is 1101 dnaThreshold is 500 I also did 'ipa idrange-find', which shows: --------------- 1 range matched --------------- Range name: MYDOMAIN.COM_id_range First Posix ID of the range: 1946000000 Number of IDs in the range: 200000 Range type: local domain range ---------------------------- Number of entries returned 1 ---------------------------- So now my question is what do I need to change to fix the issue? I can do the ldapmodify to adjust the dnaMaxValue, but I don't know what I should be adjusting the idrange to? I'd like to keep the idrange the same and just adjust the dnaMaxValue, so would I need to change dnaMaxValue to 200000? Thanks, Jason
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
