After upgrading to OL 8.1 and replacing all of my 8 IPA servers I ran
into this particular problem.
Is it right that I need to have an ID range where all DNA ranges have to
fit in? And that the DNA range of each IPA server has to be distinct
from the ranges of the other IPA servers?
I will start by checking each IPA server with
ldapsearch -x -D 'cn=Directory Manager' -W -b 'cn=Posix
IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config'
(according to what Rob wrote on his blog some years ago
https://rcritten.wordpress.com/2015/01/05/freeipa-and-no-dna-range/ )
Cheers,
Ronald