https://bugzilla.redhat.com/show_bug.cgi?id=864735 (Red Hat Enterprise Linux 7)
Description of problem: DNA plugin not reclaiming removed users UID's when close to dnamaxvalue value Version-Release number of selected component (if applicable): ipa-server-2.2.0-16.el6.x86_64 How reproducible: 100% Steps to Reproduce: 1. Add/remove users until end of default(range 275800000-275999999) dnamaxvalue is reached. 2. The removed users UID'd does not get reclaimed, a new range need to be added to allow new users to be added. 3.ldapsearch -xLLL -D "cn=directory manager" -w <dir manager password> -b "cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config" dnanextvalue: 275999999 dnamaxvalue: 275999999 Temp fix: ldapmodify -x -D "cn=Directory Manager" -w password dn: cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config changetype: modify add: dnaNextRange dnaNextRange: 123400000-123500000 Actual results: Error 4203 displayed in IPA web interface when attempting to add a new user when dnamaxvalue reached Expected results: Removed users UID's should be reclaimed and reused Additional info:
Changing 3.2 priority
I think this is already addressed in FreeIPA: 1. Reclaiming removed users UIDs does not work by design - this is a security feature. We do not want new users to for example read files of the removed users. 2. DNS range manipulation functionality was implemented in ticket #3321 - when deleted replica is available, it's DNA range can be used again. Also, one can manually add new range to servers using the new DNA commands in ipa-replica-manage. See #3321 for details.
ipa-replica-manage
Closing as dup to #3321.
Metadata Update from @dpal: - Issue assigned to someone - Issue set to the milestone: Future Releases
Login to comment on this ticket.