[Freeipa-users] unable to add user in freeIPA 4.2.3 using the web UI
Rob Crittenden
rcritten at redhat.com
Fri Jan 8 18:19:44 UTC 2016
Karl Forner wrote:
>
>
> I purposely used rather weak working in my blog to ensure that one
> thinks carefully about making this kind of change. If your original
> master can be brought back up that is definitely the best way to
> resolve it.
>
>
> ok, I'll try this first.
>
>
>
> If it was nuked from orbit then yeah the you'll need to manually set it.
>
> Note that you can use ipa-replica-manage to do this as well and it has a
> much less scary syntax:
>
> $ ipa-replica-manage dnarange-set yourhost.example.com
> <http://yourhost.example.com> 1689700000-1689799999
>
>
> definitely less scary !
>
>
>
> I guess the range 1689600000-1689699999 is the rest of the original
> range, presumably assigned to the original master?
>
>
> I am not sure to follow. The default used my master is
> 134000000-134200000 right ?
> So I could set 135000000-135200000 for instance. Or did I miss something ?
>
>
My example was based on the ldif you proposed.
What the DNA plugin would have done is split the original range in two.
If you want to stick with that it's fine but you'll never get back
whatever was remaining of that original 100k, at least not
automatically. It all depends on what your needs are.
Using 134100000-134199999 is probably what you want.
Otherwise you are just picking a new range out of the blue.
There is no tie-in now between the idrange and the DNA range but there
may be at some point. At that time things could go sideways if you pick
a new DNA range that isn't reflected in the idrange.
rob
More information about the Freeipa-users
mailing list