[Freeipa-users] unable to add user in freeIPA 4.2.3 using the web UI

[Karl Forner]

Ok.

I read a work-around on https://blog-rcritten.rhcloud.com/?p=50

It says that if one has figured out a safe new range for the replica, the
range could be set using:

ldapmodify -x -D 'cn=Directory Manager' -W
Enter LDAP Password:
dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
changetype: modify
replace: dnaNextValue
dnaNextValue: 1689700000
-
replace: dnaMaxValue
dnaMaxValue: 1689799999
^D

modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment
Plugin,cn=plugins,cn=config"


I suppose this can be dangerous, but would you consider it as a
work-around, or should it be avoided at all means ?






On Fri, Jan 8, 2016 at 5:17 PM, Alexander Bokovoy <abokovoy at redhat.com>
wrote:

> On Fri, 08 Jan 2016, Karl Forner wrote:
>
>> If you never added users through this IPA server, it has no subset of ID
>>> range
>>> allocated to IDs issued on this server. To obtain this subset, it needs
>>> to talk back to the master on first allocation. Master is missing, thus
>>> it couldn't talk to it.
>>>
>>>
>> thanks.
>>
>> But if I understand, I just can not add any users from my replica ?
>> Does not it defeat the purpose of the replica as a failover server ?
>> Or obtaining the subset of IDs should be part of the process of setting-up
>> a replica ?
>>
> ID range is relatively scarce. We don't split it across multiple
> replicas automatically because most of them will not be used to create
> users and thus their sub-ranges will be wasted.
>
> Documentation for the DNA plugin:
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/dna-attributes.html
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160108/6e133aae/attachment.htm>