ipa-replica-install fails with error Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed

Solution Verified - Updated -

Issue

  • Installing a new IdM replica server fails at the Configuring SID generation step.

    [root@replica-ipa05 ~]# ipa-replica-install --mkhomedir --setup-ca --setup-dns --no-forwarders --setup-kra
[..]
Configuring SID generation
  [1/7]: creating samba domain object
Samba domain object already exists
  [2/7]: adding admin(group) SIDs
Admin SID already set, nothing to do
Admin group SID already set, nothing to do
  [3/7]: adding RID bases
RID bases already set, nothing to do
  [4/7]: updating Kerberos config
'dns_lookup_kdc' already set to 'true', nothing to do.
  [5/7]: activating sidgen task
  [6/7]: restarting Directory Server to take MS PAC and LDAP plugins changes into account
  [7/7]: adding fallback group
Failed to load default-smb-group.ldif: CalledProcessError(Command ['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmph9ogh7uv', '-H', 'ldapi://%2Frun%2Fslapd-ORG-EXAMPLE-COM.socket', '-Y', 'EXTERNAL'] returned non-zero exit status 1: 'ldap_initialize( ldapi://%2Frun%2Fslapd-ORG-EXAMPLE-COM.socket/??base )\nSASL/EXTERNAL authentication started\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add: Operations error (1)\n\tadditional info: Allocation of a new         value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.\n')
Failed to add fallback group.
  [error] CalledProcessError: CalledProcessError(Command ['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmph9ogh7uv', '-H', 'ldapi://%2Frun%2Fslapd-ORG-EXAMPLE-COM.socket', '-Y', 'EXTERNAL'] returned non-zero exit status 1: 'ldap_initialize( ldapi://%2Frun%2Fslapd-ORG-EXAMPLE-COM.socket/??base )\nSASL/EXTERNAL authentication started\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add: Operations error (1)\n\tadditional info: Allocation of a new value for         range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.\n')
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

CalledProcessError(Command ['/usr/bin/ldapmodify', '-v', '-f', '/tmp/tmph9ogh7uv', '-H', 'ldapi://%2Frun%2Fslapd-ORG-EXAMPLE-COM.socket', '-Y', 'EXTERNAL'] returned non-zero exit status 1: 'ldap_initialize( ldapi://%2Frun%2Fslapd-ORG-EXAMPLE-COM.socket/??base )\nSASL/EXTERNAL authentication started\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nldap_add: Operations error (1)\n\tadditional info: Allocation of a new value for range cn=posix         ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.\n')
The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

Environment

  • Red Hat Enterprise Linux (RHEL) 8.5
  • ipa-server-4.9.6-10

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content