After upgrading to RHEL 9.2 it seems I must enable SID in my prod setup.

So when I tried I'm getting an error message

[18/May/2023:23:09:46.570447195 +0800] - ERR - get_ranges - [file
ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range
struct.
[18/May/2023:23:09:46.571579606 +0800] - ERR - sidgen_task_add - [file
ipa_sidgen_task.c, line 283]: Cannot find ranges.


After investigating/search forum it seems like an error with my ID
range. But I can't get why. I have no overlaps

----------------
4 ranges matched
----------------
  dn: cn=INT.LHFT.IO_id_range,cn=ranges,cn=etc,dc=int,dc=lhft,dc=io
  cn: INT.LHFT.IO_id_range
  ipabaseid: 1368600000
  ipaidrangesize: 200000
  ipabaserid: 100000
  iparangetype: ipa-local
  objectclass: top
  objectclass: ipaIDrange
  objectclass: ipaDomainIDRange

  dn: cn=INT.LHFT.IO_subid_range,cn=ranges,cn=etc,dc=int,dc=lhft,dc=io
  cn: INT.LHFT.IO_subid_range
  ipabaseid: 2147483648
  ipaidrangesize: 2147352576
  ipabaserid: 2147283648
  ipanttrusteddomainsid: S-1-5-21-738065-838566-328754306
  iparangetype: ipa-ad-trust
  objectclass: top
  objectclass: ipaIDrange
  objectclass: ipaTrustedADDomainRange

  dn: cn=LHFT_1,cn=ranges,cn=etc,dc=int,dc=lhft,dc=io
  cn: LHFT_1
  ipabaseid: 10000
  ipaidrangesize: 10000
  ipabaserid: 10000
  iparangetype: ipa-local
  objectclass: ipaIDrange
  objectclass: ipadomainidrange

  dn: cn=LHFT_2,cn=ranges,cn=etc,dc=int,dc=lhft,dc=io
  cn: LHFT_2
  ipabaseid: 4000
  ipaidrangesize: 5000
  ipabaserid: 1000
  iparangetype: ipa-local
  objectclass: ipaIDrange
  objectclass: ipadomainidrange
----------------------------
Number of entries returned 4
----------------------------
[root@lt-hk1-avm01 asafonov]#

Any ideas why I can't enable/generate SIDs?
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to