[Freeipa-users] Error when adding new users via UI:

Traiano Welcome traiano at gmail.com
Tue Jul 5 17:16:13 UTC 2016 

Finally got around to  fixing this:

On Tue, May 24, 2016 at 5:15 PM, Martin Kosek <mkosek at redhat.com> wrote:
> On 05/24/2016 04:07 PM, Rob Crittenden wrote:
>> Traiano Welcome wrote:
>>> Hi
>>>
>>> I have IPA server 4,2 running on centos 7
>>> (ipa-server-4.2.0-15.el7.centos.3.x86_64).
>>>
>>> This morning, after many months of stable operation, I tried to add a
>>> user and got this error via the web interface:
>>>
>>> ---
>>> Operations error: Allocation of a new value for range cn=posix
>>> ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config
>>> failed! Unable to proceed.
>>> ---
>>>
>>> So basically, can't add any new users.
>>>
>>> Would anyone know how I can troubleshoot this kind of IPA error, or
>>> possibly have come across and resolved it before ?
>>
>> At install a range of 100k id's is allocated to IPA. With each new master this
>> range is divided in half. It appears you've exhausted one of the masters.
>>
>> What you need to do is take an inventory of what ranges (if any) are allocated
>> to various masters then you should be able to move things around (this is
>> assuming of course that you haven't exhausted the entire range).
>>
>> ipa-replica-manage list will give you a list of the IPA masters.
>>
>> ipa-replica-manage dnarange-show <master> and ipa-replica-manage
>> dnanextrange-show <master> will help discover what is available.
>>
>> If you have things in nextrange then I'd start there with reallocation. Setting
>> a next range of 0-0 removes the next range (e.g. make it available for a
>> primary range).
>>
>> Take care when actually re-assigning ranges.
>>

This kind of mental gymnastics will probably land you in a lot of trouble :-)

>> rob
>>
>
> For the record, what currently did not work is when user is being added on a
> master that does not have direct replication connect to other master with
> available range.
>
> This is improved from FreeIPA 4.3.1+:

yum update to the most recent patch levels in the 4.2 series seems to fix this.




> https://fedorahosted.org/freeipa/ticket/4026
>
> Martin

More information about the Freeipa-users mailing list