[Freeipa-users] posix ids not propgating
Rob Crittenden
rcritten at redhat.com
Fri Apr 17 13:40:58 UTC 2015
Bryan Pearson wrote:
> Am I mistaken in your example:
>
> "You can find the master it is trying to talk to here:
> $ ldapsearch -x -D 'cn=Directory Manager' -W -b
> cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=example,dc=com"
>
> Mine:
> $ ldapsearch -x -D 'cn=Directory Manager' -W -b
> cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=EXAMPLE,dc=lan
You're not sharing enough information. A list of DNA hosts tells us
nothing when we don't know which host you're having a problem on, if a
host is down or has been replaced, etc.
I'd poke around the DNA plugin configuration in cn=config on each master
to see what the actual DNA configuration is. You have one with the
default max 1000, next 1001 expired configuration pointing at a host
that is either down or has no ranges.
Or easier, if you are running IPA 3.3+ then ipa-replica-manage has some
DNA commands which makes this easier to figure out and fix.
You don't want to set overlapping ranges.
rob
> Bryan
>
>
> On Fri, Apr 17, 2015 at 9:19 AM, Rob Crittenden <rcritten at redhat.com> wrote:
>> Bryan Pearson wrote:
>>> I believe that my master dna server isnt currently being used, so I did this.
>>>
>>> ldapsearch -x -D 'cn=Directory Manager' -W -b
>>> cn=posix-ids,cn=dna,cn=ipa,cn=etc,dc=EXAMPLE,dc=lan
>>> Enter LDAP Password:
>>
>> That's not the right location to search for the DNA configuration. See
>> http://blog-rcritten.rhcloud.com/?p=50
>>
>> rob
>>
More information about the Freeipa-users
mailing list