I got rid of the extra range I created and also found more information about the original
range. I can't spot anything wrong though... and, of course, the problem persists.
[root@equator ~]# ipa idrange-find
---------------
1 range matched
---------------
Range name: REDACTED-DOMAIN.COM_id_range
First Posix ID of the range: 1138400000
Number of IDs in the range: 200000
Range type: local domain range
----------------------------
Number of entries returned 1
----------------------------
[root@equator ~]# ipa idrange-show REDACTED-DOMAIN.COM_id_range --all --rights
dn: cn=REDACTED-DOMAIN.COM_id_range,cn=ranges,cn=etc,dc=redacted-domain,dc=com
Range name: REDACTED-DOMAIN.COM_id_range
First Posix ID of the range: 1138400000
Number of IDs in the range: 200000
Range type: local domain range
attributelevelrights: {'objectclass': 'rscwo', 'aci':
'rscwo', 'cn': 'rscwo', 'ipabaseid': 'rscwo',
'ipaidrangesize': 'rscwo', 'iparangetype': 'rscwo',
'ipabaserid': 'rscwo', 'ipasecondarybaserid': 'rscwo',
'nsaccountlock': 'rscwo'}
iparangetyperaw: ipa-local
objectclass: top, ipaIDrange, ipaDomainIDRange
It seems to happen on a freshly joined machine... existing ones don't have the full
BT. I will try to wipe an existing one's cache, leave and rejoin.