On 29 September 2017 at 10:21, Alexander Bokovoy <abokovoy(a)redhat.com>
wrote:
On pe, 29 syys 2017, Andy Stubbs via FreeIPA-users wrote:
> Hi
>
> We'd like to test FreeIPA in our environment, but I'm having a little bit
> of trouble importing DNS zone files.
>
> Running on fresh install of CentOS 7.4.1708 with
> FreeIPA 4.5.0-21.el7.centos.1.2
>
> I install a vanilla IPA server from scratch with (something along these
> lines):
>
> ipa-server-install --mkhomedir --setup-dns --setup-adtrust
> --netbios-name=REALM --enable-compat --no-forwarders
> --realm=REALM.BLAHBLAH
> --domain=realm.blahblah --hostname=ds1.realm.blahblah
> --ip-address=10.<something> --reverse-zone=10.in-addr.arpa.
> --allow-zone-overlap --no-host-dns
>
> I have prepared an LDIF file for importing our reverse zone (around about
> 140k entries, thanks to lots of $GENERATE$ in our existing zone files).
>
> I then import the LDIF into 389ds with:
>
> ldapadd -c -d -1 -Y GSSAPI < reverse.ldif
>
> This starts off generally well, but always ends up hanging, with slapd
> locking up too.
>
Do you need compat tree at this point? If not, disable it with
'ipa-compat-manage disable' and 'ipa-nis-manage disable', run your
import job, enable compat/nis.
Good point.
So I reinstalled from scratch removing: --setup-adtrust --netbios-name
--enable-compat
For completeness, I should say I also noticed I was using a magnetic disk
on AWS so I changed to an SSD.
Result is that I have managed to do the import successfully. Almost
perfectly - in fact I had to reimport one of the files (of 5000 entries)
after one of the ldapadd commands failed with err 51 LDAP_BUSY. Which is
fine.
I will continue to poke and prod, but for now this appears to work around
the issue just fine for our needs. Many thanks.
Andy
--
<
https://www.treatwell.com/>
Andrew Stubbs, PhD
Head of Technical Operations
+44 203 770 4582
treatwell.co.uk