[Freeipa-users] DNA Ranges
Rob Crittenden
rcritten at redhat.com
Tue Jun 7 15:17:07 UTC 2016
Michael Rainey (Contractor) wrote:
> Greetings Community,
>
> I have a question about restoring the DNA Ranges on my IPA servers. A
> couple of weeks ago I took down one of my servers which involved a few
> issues I had created for myself, but luckily I managed to recover.
> Today I noticed that the DNA Ranges on the retired server was not
> carried over to the new server. After checking my other servers, I also
> noticed none of the other servers have any ranges set. So, my primary
> question is; if I reset the range values to what they were on the
> retired server to the new server, do I run the risk of generating
> duplicate UIDs and GIDs, or should I set a new range to prevent
> duplicate values?
>
> At this point, I haven't found anything in my research which matches my
> current scenario.
You don't mention which version of IPA you have. If you have 4.x+ then
you can use ipa-replica-manage to manage the DNA ranges.
You shouldn't have any problems setting a new range. Being careful about
overlap is good but I'm pretty sure the uniqueness plugin will prevent
duplicate UID/GID but I haven't experimented with it. I typically
recommend ensuring that there is no overlap when setting a new range.
Re-using the range from another server should carry no risk as long as
only one master is offering that range.
rob
More information about the Freeipa-users
mailing list