Finn Fysj via FreeIPA-users wrote:
Yes, so I managed to successfully install IPA server and replica using the two roles. They're both master?
I know the replicas configuration is based on the Master, but one of my problem is that:
- I use Idstart 6000 on my IPA server (master) and my replica does not follow this configuration, meaning when I try to create a user of both servers they start with different ID. On IPA server it'll have 6001 and on the replica it'll be 50001.
This is expected. The IPA idrange is configured in the Distributed Numeric Assignment (DNA) plugin in 389-ds. This plugin is what issues UID and GID values. When a replica is added and a user or group is created on that replica then the DNA range is split and each server retains half.
This is to reduce potential conflicts if multiple servers are issuing from the same id range.
rob