Finn Fysj via FreeIPA-users wrote:
Yes, so I managed to successfully install IPA server and replica
using the two roles.
They're both master?
I know the replicas configuration is based on the Master, but one of my problem is that:
- I use Idstart 6000 on my IPA server (master) and my replica does not follow this
configuration, meaning when I try to create a user of both servers they start with
different ID. On IPA server it'll have 6001 and on the replica it'll be 50001.
This is expected. The IPA idrange is configured in the Distributed
Numeric Assignment (DNA) plugin in 389-ds. This plugin is what issues
UID and GID values. When a replica is added and a user or group is
created on that replica then the DNA range is split and each server
retains half.
This is to reduce potential conflicts if multiple servers are issuing
from the same id range.
rob