Memberuid
Hi, I am trying to enable LDAP lookup against OD from a VPN Device. The idea is that I can control VPN Access through using an Open Directory Group. When a member of the group connects to VPN I see a sucesfull LDAP Bind to OD, the user authenticates sucesfully but I can not connect to resources and from what I can see its because I can not verify group membership. In the M$ world we would query memberOf and I thought that in OD memberUid would do the same but it appears not. Anyone know of a solution. I have Googled this , some say to enable the memberOf LDAP overlay but I am open to all ideas.
Anyone got any ideas ?
Thanks
Bob
Hello,
i also did this a very Long time ago (MIIS times).
The only way is to use advanced Attribute flows with rules extensions in MA flows
You can use the Util.FindMVEntries Method to search the mv for objects with the accountname you have in the Attribute and with that set it as a reference to the member Attribut of Groups in MV.
See:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms698819(v=vs.85).aspx
Regards
Peter
Peter Stapf - ExpertCircle GmbH - My blog:
JustIDM.wordpress.com
Similar Messages
-
Problem on Solaris 10 Native ldap client.
Hi,
I have configured the DS 5.2 on Solaris 10 and it seems to be working.
I'm getting the answers from the ldapsearch command with the SSL.
./ldapsearch -h ismesl90 -p 636 -Z -P /var/ldap -D "cn=Directory Manager" -w password -b "cn=Password Policy,cn=config" "(objectclass=*)"
version: 1
dn: cn=Password Policy,cn=config
objectClass: top
objectClass: passwordPolicy
cn: Password Policy
passwordInHistory: 0
passwordStorageScheme: CRYPT
passwordUnlock: on
passwordMustChange: off
passwordNonRootMayResetUserpwd: off
passwordWarning: 86400
passwordExpireWithoutWarning: on
passwordLockout: off
passwordMinLength: 6
passwordMaxFailure: 3
passwordMaxAge: 8640000
passwordResetFailureCount: 600
passwordisglobalpolicy: off
passwordChange: on
passwordExp: off
passwordLockoutDuration: 3600
passwordCheckSyntax: off
passwordMinAge: 0
passwordRootdnMayBypassModsChecks: off
but on the client it complians about the connection:
ul 20 18:50:16 king ldap_cachemgr[2823]: [ID 293258 daemon.warning] libsldap: Status: 81 Mesg: openConnection: simple bind failed - Can't contact LDAP server
Jul 20 18:50:16 king ldap_cachemgr[2823]: [ID 293258 daemon.warning] libsldap: Status: 7 Mesg: Session error no available conn.
Jul 20 18:50:16 king ldap_cachemgr[2823]: [ID 186574 daemon.error] Error: Unable to refresh profile:default: Session error no available conn.
I have installed the latest patches on both machines and it didn't solved the problem.
The ldapsearch command that comes with the DS 5.2 works and the native doesn't.
I have create the keys and cert's and everything.
Have someone faced this problem?
Thanks,
Shalom
Message was edited by:
shalomGI get the same error in /var/adm/messages of client and in client's cachemgr.log. Also, in cachemgr.log there is this error message:
Error: Unable to update from profile
I have searched Sun's JSDS documentation and I can't find any troubleshooting info for this problem, so I'm hoping that one of you has found a good solution to this problem-thanks. Some details of my setup:
Results of DS search issued from client:
myclient-root: /var/ldap:143)-> ldapsearch -h myserver -D "cn=pr
oxyagent,ou=profile,dc=example,dc=com" -w (removed) -b ou=profile,dc =example,dc=com objectclass=\*
version: 1
dn: ou=profile,dc=example,dc=com
ou: profile
objectClass: top
objectClass: organizationalUnit
dn: cn=proxyagent,ou=profile,dc=example,dc=com
cn: proxyagent
sn: proxyagent
objectClass: top
objectClass: person
userPassword: (removed)
dn: cn=myprofile1,ou=profile,dc=example,dc=com
objectClass: top
objectClass: DUAConfigProfile
defaultSearchBase: dc=example,dc=com
followReferrals: FALSE
defaultSearchScope: one
searchTimeLimit: 30
cn: myprofile1
bindTimeLimit: 10
preferredServerList: myserver
defaultServerList: myserver
authenticationMethod: none
credentialLevel: anonymous
profileTTL: 3600
dn: cn=myprovile2,ou=profile,dc=example,dc=com
objectClass: top
objectClass: DUAConfigProfile
defaultServerList: myserver
defaultSearchBase: dc=example,dc=com
followReferrals: FALSE
defaultSearchScope: one
searchTimeLimit: 30
preferredServerList: myserver
cn: myprofile2
bindTimeLimit: 10
profileTTL: 3600
authenticationMethod: simple
credentialLevel: proxy
serviceCredentialLevel: proxy
serviceAuthenticationMethod: simple
dn: cn=myprofile3,ou=profile,dc=example,dc=com
objectClass: DUAConfigProfile
objectClass: top
cn: myprofile3
serviceAuthenticationMethod: simple
authenticationMethod: simple
bindTimeLimit: 10
followReferrals: FALSE
searchTimeLimit: 30
defaultSearchBase: dc=example,dc=com
defaultSearchScope: one
attributeMap: shadow:userpassword=userPassword
attributeMap: group:gidnumber=gidNumber
attributeMap: group:userpassword=userPassword
attributeMap: passwd:gecos=cn
attributeMap: group:memberuid=memberUid
attributeMap: passwd:loginshell=loginShell
attributeMap: passwd:gidnumber=gidNumber
attributeMap: passwd:homedirectory=unixHomeDirectory
attributeMap: passwd:uidnumber=uidNumber
attributeMap: shadow:shadowflag=shadowFlag
preferredServerList: myserver
serviceSearchDescriptor: passwd:dc=example,dc=com?sub
serviceSearchDescriptor: group:dc=example,dc=com?sub
serviceCredentialLevel: proxy
credentialLevel: proxy
profileTTL: 3600
defaultServerList: myserver
objectclassMap: group:posixGroup=group
objectclassMap: passwd:posixAccount=user
When I use profile with no authentication ( myprofile1 ), I do not get this error, but, I cannot change my user password ( the documentation says this is expected behavior which is why I'm trying to use proxy authentication )
Info from systems ( client and server ):
(myserver-root: /:281)-> showrev
Hostname: myserver
Hostid: (removed)
Release: 5.10
Kernel architecture: sun4u
Application architecture: sparc
Hardware provider: Sun_Microsystems
Domain: example.com
Kernel version: SunOS 5.10 Generic_127111-01
Directory Server Version Info:
Sun-ldbm/6.0(64-bit) SunOS 5.10 sparc
(myclient-root: /var/ldap:147)-> showrev
Hostname: myclient
Hostid: (removed)
Release: 5.10
Kernel architecture: sun4u
Application architecture: sparc
Hardware provider: Sun_Microsystems
Domain: example.com
Kernel version: SunOS 5.10 Generic_127111-01
Hoping someone out there has a fix for this.
Thanks. -
Directory Binding Script (Active and Open Directory) 10.7
Hi everyone
I'm reposting this in the right thread. I've written a Directory Binding Script for 10.6 and ported it now to 10.7 as among the things that have changed in the upgraded version is a refurbished directory binding enviroment.
The original thread can be found here: https://discussions.apple.com/thread/3090068. The script is applicable for clients as well and simplifies the binding process considerably.
Be aware that the reformatted script here contains some faulty line breaks. So you'll have to correct them in a proper text editor.
#!/bin/sh
#Uncomment the following line to abort the script on errors
#trap exit ERR
## Script to automate OD and AD Binding of Mac OS X 10.7 Servers
## Script written by Marc Horat, URZ Basel, 11.6.2010
## Updated: 12.08.2011
# With the use of the following sources as inspiration:
# http://www.howtomac.co.uk/?p=247
#Created by Ross Hamilton
#Clock restart / Remove existing settings
#Join to Open Directory and Active Directory
# Bombich's AD-Bind Script:
# This script binds to AD and configures advanced options of the AD plugin
# As this scripts contains a password, be sure to take appropriate security
# precautions
# A good way to run this script is to set it as a login hook on your master machine
# Because it only needs to be run once, the last thing this script does is to delete
# itself. If you have another login script that you typically run, include the
# script on your master machine, and indicate its path in the "newLoginScript"
# variable.
# If running this as a one-time login hook to bind to AD after imaging,
# be sure to enable auto-login (for any local user) before creating your master image
#################CONFIGURATION##########################
#OD
# These variables need to be configured for your env
odAdmin="YOURODADMIN" #enter your OD admin name between the quotes
odPassword="YOURODPW" # Enter your OD admin password between the quotes
oddomain="YOURODDOMAIN" # FQDN of your OD domain
computerGroup="YOURNEWODCOMPGROUP" # Add appropriate computer group you want machines to be added to, case sensitive
oldComputerGroup="YOUROLDODCOMPGROUP" # If the Computer is in a Group already
#AD
# Standard parameters
domain="YOURADDOMAIN" # fully qualified DNS name of Active Directory Domain
domainname="YOURADDOMAINNAME" #Name of the Domain as specified in the search paths
udn="YOURADADMIN" # username of a privileged network user
password="YOURADPW" # password of a privileged network user
ou="OU=YOUR,OU=OU,OU=URZ,OU=IN,DC=YOUR,DC=AD,DC=DOMAIN" # Distinguished name of container for the computer E.G. OU=Macs,OU=Computers,DC=AD,DC=DOMAIN,DC=CH
# Advanced options AD Plugin
alldomains="disable" # 'enable' or 'disable' automatic multi-domain authentication
localhome="disable" # 'enable' or 'disable' force home directory to local drive
protocol="smb" # 'afp', 'smb' or 'nfs' (since 10.7) change how home is mounted from server
mobile="enable" # 'enable' or 'disable' mobile account support for offline logon
mobileconfirm="enable" # 'enable' or 'disable' warn the user that a mobile acct will be created
useuncpath="enable" # 'enable' or 'disable' use AD SMBHome attribute to determine the home dir
user_shell="/bin/bash" # e.g., /bin/bash or "none"
preferred="-preferred $domain" # Use the specified server for all Directory lookups and authentication
# (e.g. "-nopreferred" or "-preferred ad.server.edu")
admingroups="$domainname\YOURADADMINGROUP" # These comma-separated AD groups may administer the machine (e.g. "" or "APPLE\macadmins")
packetsign="allow" # allow | disable | require
packetencrypt="allow" # allow | disable | require
passinterval="14" # number of days
namespace="domain" # forest | domain
# Login hook setting -- specify the path to a login hook that you want to run instead of this script
newLoginHook="" # e.g., "/Library/Management/login.sh"
################################# End of configuration
############ Begin of Script
# Host-specific parameters
# computerid should be set dynamically, this value must be machine-specific
# This value may be restricted to 19 characters! The only error you'll receive upon entering
# an invalid computer id is to the effect of not having appropriate privileges to perform the requested operation
#computerid=`/sbin/ifconfig en0 | awk '/ether/ { gsub(":", ""); print $2 }'` # MAC Address
#computerid=`hostname | sed 's/.unibas.ch//'`
#computerid=`/usr/sbin/scutil --get LocalHostName | cut -c 1-19` # Assure that this will produce unique names!
#computerid=`/usr/sbin/scutil --get LocalHostName`
computerid=`scutil --get ComputerName`
adcomputerid=`echo "$computerid" | tr [:lower:] [:upper:]`
# These variables probably don't need to be changed
# Determing if any directory binding exists
nicAddress=`ifconfig en0 | grep ether | awk '{print $2}'`
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
check4ODtmp=`dscl localhost -list /LDAPv3 | grep -n 1 | sed 's/1://' | sed 's/2://'`
check4OD=${check4ODtmp//[[:space:]]/}
echo "Found LDAP: "$check4ODtmp
check4ODaccttmp=`dscl /LDAPv3/"$check4OD" -read Computers/"$computerid" RealName | cut -c 11-`
check4ODacct=${check4ODaccttmp//[[:space:]]/}
echo "Found LDAP-Computer-Account: "$check4ODacct
else
check4OD=""
check4ODacct=""
echo "No bound LDAP Server found"
fi
if [ $oldComputerGroup != "" ] && dscl localhost -list /LDAPv3 | grep . > /dev/null
then
check4ODgroupMembershiptmp=`dscl /LDAPv3/"$check4OD" -read ComputerGroups/"$oldComputerGroup" | grep "$computerid"`
check4ODgroupMembership=$check4ODgroupMembershiptmp
echo "LDAP Group Membership in Group: "$oldComputerGroup
else
check4ODgroupMembership=""
echo "No LDAP Group Membership defined or not bound to a server"
fi
if dscl localhost -list "/Active Directory" | grep $domainname > /dev/null
then
check4ADtmp=`dsconfigad -show | grep "Active Directory Domain" | sed 's/Active Directory Domain//' | sed 's/=//'`
check4AD=${check4ADtmp//[[:space:]]/}
echo "Found AD: "$check4AD
check4ADaccttmp=`dsconfigad -show | grep "Computer Account" | sed 's/Computer Account//' | sed 's/=//'`
check4ADacct=${check4ADaccttmp//[[:space:]]/}
echo "Found AD-Account: "$check4ADacct
else
check4AD=""
check4ADacct=""
echo "No AD-Account found"
fi
osversionlong=`sw_vers -productVersion`
osvers=${osversionlong:3:1}
#Time Sync
#Restart ntpdate
StartService ()
if [ "${TIMESYNC:=-YES-}" = "-YES-" ] && ! GetPID ntpd > /dev/null; then
CheckForNetwork
if [ -f /var/run/NetworkTime.StartupItem -o "${NETWORKUP}" = "-NO-" ]; then exit; fi
touch /var/run/NetworkTime.StartupItem
echo "Starting network time synchronization"
# Synchronize our clock to the network’s time,
# then fire off ntpd to keep the clock in sync.
ntpdate -bvs
ntpd -f /var/run/ntp.drift -p /var/run/ntpd.pid
fi
echo ""
echo ""
sleep 5
#### Removing any existing directory bindings
#Clear OD Computer Account and delete entry from Computer group
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
echo "This computer is bound to the following Open Directory Services:"
dscl localhost -list /LDAPv3
echo "With the Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /LDAP
sleep 5
if [ "${check4ODacct}" == "${computerid}" ]
then
echo "This machine already has a computer account on $oddomain."
# Set the GUID
GUID="$(dscl /LDAPv3/$oddomain -read /Computers/${computerid} GeneratedUID | awk '{ print $2 }')"
echo "Found GUID: "$GUID
if [ "$oldComputerGroup" != "" ] && [ "$check4ODgroupMembership" != "" ]
then
echo "Removing entry from group $oldComputerGroup"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerGroups/"$oldComputerGroup" GroupMembership "${computerid}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerGroups/"$oldComputerGroup" GroupMembers "${GUID}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerLists/"$oldComputerGroup" Computers "${computerid}"
fi
echo "Removing Computer entry $computerid in OD"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /Computers/"${computerid}"
fi
#List existing Directories
echo "Removing OD-Binding to "$check4OD
dsconfigldap -r "$check4OD"
echo "Removing Search Path entries"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4OD"
dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"$check4OD"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4OD"
sleep 5
else
echo "No LDAP or OD Binding present.";
fi
echo ""
# Check a second time in order to delete any remaining LDAP-Bindings
echo "Scanning for further LDAP servers"
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
echo "Found:"
dscl localhost -list /LDAPv3
echo "Removing OD-Binding to "$check4ODtmp
dsconfigldap -r "$check4ODtmp"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
sleep 5
else
echo "No further LDAP or OD Binding present."
fi
echo ""
echo ""
#Remove the Active Directory binding
if [ "$check4AD" != "" ]
then
echo "This computer is bound to the following Active Directory Services:"
dscl localhost -list "/Active Directory"
echo "With the Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /Active
sleep 5
echo "Removing any existing AD-Binding to "$check4AD
dsconfigad -f -remove -username "$udn" -password "$password"
echo "Removing Search Path entries"
if [ "$preferred" != "-nopreferred" ]
then
dscl /Search -delete / CSPSearchPath /Active Directory/"$domainname"
dscl /Search/Contacts -delete / CSPSearchPath /Active Directory/"$domainname"
dscl /Search -delete / CSPSearchPath /Active Directory/"$domainname"
fi
dscl /Search -delete / CSPSearchPath "/Active Directory/$domainname/All Domains"
dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/$domainname/All Domains"
#remove search path entries from 10.6
if dscl /Search -read / CSPSearchPath | grep /Active > /dev/null
then
dscl /Search -delete / CSPSearchPath "/Active Directory/$domainname/$domain"
dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/$domainname/$domain"
fi
sleep 5
else
echo "No Active Directory Binding present."
fi
echo ""
#Remove Existing Directory Services Config
echo "Removing existing DS Config"
if [ -d "/Library/Preferences/edu.mit.Kerberos" ]
then
rm -R /Library/Preferences/edu.mit.Kerberos
fi
if [ -d "/etc/krb5.keytab" ]
then
rm -R /etc/krb5.keytab
fi
# Clean up the DirectoryService configuration files
rm -Rfv /Library/Preferences/DirectoryService/*
#OD
echo ""
echo ""
echo "Binding to OD-Damin "$oddomain
sleep 5
dsconfigldap -v -a "$oddomain" -n "$oddomain" -c "$computerid"
echo "Killing opendirectoryd"
killall opendirectoryd
sleep 5
echo "Adding computer account $computerid to /LDAPv3/${oddomain} on $oddomain"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -create /Computers/"$computerid" ENetAddress "$nicAddress"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /Computers/"$computerid" RealName "$computerid"
# Set the GUID
GUID="$(dscl /LDAPv3/$oddomain -read /Computers/${computerid} GeneratedUID | awk '{ print $2 }')"
# Add computer to ComputerList and ComputerGroup
if [ $computerGroup != "" ]
then
echo "Adding computer $computerid to OD group $computerGroup on $oddomain"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerLists/"$computerGroup" apple-computers "$computerid"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerGroups/"$computerGroup" apple-group-memberguid "${GUID}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerGroups/"$computerGroup" memberUid "$computerid"
fi
echo "Finished OD Binding."
sleep 5 # Give DS a chance to catch up
echo ""
echo ""
echo "Performing the AD Binding"
#AD
# Activate the AD plugin
defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
#Use the existing AD-Computername or generate a new one
computeridtmp="default"
if [ "$check4ADacct" == "" ]
then
LEN=$(echo ${#adcomputerid})
if [ $LEN -lt 15 ]; then
echo "ComputerID "$adcomputerid " has 15 characters or less and is therefore suitable for AD-Binding. It is $adcomputerid"
computeridtmp=$adcomputerid
else
echo "ComputerID "$adcomputerid " has 16 or more characters and needs to be modified for AD-Binding."
echo "Removing any -"
computeridtmp=${adcomputerid//-/}
LEN=$(echo ${#computeridtmp})
if [ $LEN -lt 15 ]; then
echo "ComputerID "$computeridtmp" has now 15 characters or less and is therefore suitable for AD-Binding."
else
echo "Only using the last 15 characters of the Computer name to be able to bind to AD."
computeridtmp=${computeridtmp:(-15)}
fi
echo "Cropped Computername to "$computeridtmp
fi
else
computeridtmp=${check4ADacct//$/}
echo "Found existing AD Account previously, attempting to recreate in the OU: "$computeridtmp
fi
echo ""
# Bind to AD
echo "Binding to AD-Domain "$domain" with computerid "$computeridtmp
dsconfigad -f -add "$domain" -username "$udn" -password "$password" -ou "$ou" -computer "$computeridtmp"
echo ""
echo "Setting the Advanced AD Plugin options"
# Configure advanced AD plugin options
if [ "$admingroups" = "" ]
then
dsconfigad -nogroups
else
dsconfigad -groups "$admingroups"
fi
dsconfigad -alldomains "$alldomains"
dsconfigad -localhome "$localhome"
dsconfigad -protocol "$protocol"
dsconfigad -mobile "$mobile"
dsconfigad -mobileconfirm "$mobileconfirm"
dsconfigad -useuncpath "$useuncpath"
dsconfigad -shell "$user_shell"
dsconfigad "$preferred"
dsconfigad -packetsign "$packetsign" -packetencrypt "$packetencrypt" -passinterval "$passinterval"
dsconfigad -namespace "$namespace"
sleep 5
echo ""
echo ""
# Add the OD & AD node to the search path
if [ "$alldomains" = "enable" ]
then
csp="/Active Directory/$domainname/All Domains"
else
csp="/Active Directory/$domainname"
fi
echo "Finished AD Binding."
echo "Adding Domain /LDAPv3/"$oddomain" and "$csp" to Search Path"
dscl /Search -create / SearchPolicy CSPSearchPath
dscl /Search/Contacts -create / SearchPolicy CSPSearchPath
echo "Adding OD.."
dscl /Search -append / CSPSearchPath /LDAPv3/"$oddomain"
dscl /Search/Contacts -append / CSPSearchPath /LDAPv3/"$oddomain"
echo "Adding AD.."
#Adding all Domains first to improve reliability under 10.7
if [ "$alldomains" != "enable" ]
then
cspadall="/Active Directory/$domainname/All Domains"
dscl /Search/Contacts -append / CSPSearchPath "$cspadall"
dscl /Search -append / CSPSearchPath "$cspadall"
fi
dscl /Search/Contacts -append / CSPSearchPath "$csp"
dscl /Search -append / CSPSearchPath "$csp"
echo "Finished Updating Search Paths."
echo ""
echo ""
# Restart DirectoryService (necessary to reload AD plugin activation settings)
killall opendirectoryd
# Destroy the login hook (or change it)
if [ "${newLoginHook}" == "" ]
then
defaults delete /var/root/Library/Preferences/com.apple.loginwindow LoginHook
else
defaults write /var/root/Library/Preferences/com.apple.loginwindow LoginHook $newLoginHook
fi
sleep 5
# Customizing the login-Window
#defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus
#defaults write /Library/Preferences/com.apple.loginwindow showInputMenu -bool TRUE
#defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool TRUE
# This works in a pinch if the above code does not
#defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
#defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
#plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist
#killall opendirectoryd
# Disable autologin
defaults delete /Library/Preferences/com.apple.loginwindow autoLoginUser
srm /etc/kcpassword
echo ""
echo ""
echo ""
echo "Now bound to OD Domain:"
dscl localhost -list /LDAPv3
echo "With Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /LDAP
echo "Now bound to AD Domain:"
dscl localhost -list "/Active Directory"
echo "With Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /Active
exit 0 ## Success
exit 1 ## Failure
Any inputs, questions and improvement suggestions are, of course, most welcome!
Cheers
SeeHi everyone
I'm reposting this in the right thread. I've written a Directory Binding Script for 10.6 and ported it now to 10.7 as among the things that have changed in the upgraded version is a refurbished directory binding enviroment.
The original thread can be found here: https://discussions.apple.com/thread/3090068. The script is applicable for clients as well and simplifies the binding process considerably.
Be aware that the reformatted script here contains some faulty line breaks. So you'll have to correct them in a proper text editor.
#!/bin/sh
#Uncomment the following line to abort the script on errors
#trap exit ERR
## Script to automate OD and AD Binding of Mac OS X 10.7 Servers
## Script written by Marc Horat, URZ Basel, 11.6.2010
## Updated: 12.08.2011
# With the use of the following sources as inspiration:
# http://www.howtomac.co.uk/?p=247
#Created by Ross Hamilton
#Clock restart / Remove existing settings
#Join to Open Directory and Active Directory
# Bombich's AD-Bind Script:
# This script binds to AD and configures advanced options of the AD plugin
# As this scripts contains a password, be sure to take appropriate security
# precautions
# A good way to run this script is to set it as a login hook on your master machine
# Because it only needs to be run once, the last thing this script does is to delete
# itself. If you have another login script that you typically run, include the
# script on your master machine, and indicate its path in the "newLoginScript"
# variable.
# If running this as a one-time login hook to bind to AD after imaging,
# be sure to enable auto-login (for any local user) before creating your master image
#################CONFIGURATION##########################
#OD
# These variables need to be configured for your env
odAdmin="YOURODADMIN" #enter your OD admin name between the quotes
odPassword="YOURODPW" # Enter your OD admin password between the quotes
oddomain="YOURODDOMAIN" # FQDN of your OD domain
computerGroup="YOURNEWODCOMPGROUP" # Add appropriate computer group you want machines to be added to, case sensitive
oldComputerGroup="YOUROLDODCOMPGROUP" # If the Computer is in a Group already
#AD
# Standard parameters
domain="YOURADDOMAIN" # fully qualified DNS name of Active Directory Domain
domainname="YOURADDOMAINNAME" #Name of the Domain as specified in the search paths
udn="YOURADADMIN" # username of a privileged network user
password="YOURADPW" # password of a privileged network user
ou="OU=YOUR,OU=OU,OU=URZ,OU=IN,DC=YOUR,DC=AD,DC=DOMAIN" # Distinguished name of container for the computer E.G. OU=Macs,OU=Computers,DC=AD,DC=DOMAIN,DC=CH
# Advanced options AD Plugin
alldomains="disable" # 'enable' or 'disable' automatic multi-domain authentication
localhome="disable" # 'enable' or 'disable' force home directory to local drive
protocol="smb" # 'afp', 'smb' or 'nfs' (since 10.7) change how home is mounted from server
mobile="enable" # 'enable' or 'disable' mobile account support for offline logon
mobileconfirm="enable" # 'enable' or 'disable' warn the user that a mobile acct will be created
useuncpath="enable" # 'enable' or 'disable' use AD SMBHome attribute to determine the home dir
user_shell="/bin/bash" # e.g., /bin/bash or "none"
preferred="-preferred $domain" # Use the specified server for all Directory lookups and authentication
# (e.g. "-nopreferred" or "-preferred ad.server.edu")
admingroups="$domainname\YOURADADMINGROUP" # These comma-separated AD groups may administer the machine (e.g. "" or "APPLE\macadmins")
packetsign="allow" # allow | disable | require
packetencrypt="allow" # allow | disable | require
passinterval="14" # number of days
namespace="domain" # forest | domain
# Login hook setting -- specify the path to a login hook that you want to run instead of this script
newLoginHook="" # e.g., "/Library/Management/login.sh"
################################# End of configuration
############ Begin of Script
# Host-specific parameters
# computerid should be set dynamically, this value must be machine-specific
# This value may be restricted to 19 characters! The only error you'll receive upon entering
# an invalid computer id is to the effect of not having appropriate privileges to perform the requested operation
#computerid=`/sbin/ifconfig en0 | awk '/ether/ { gsub(":", ""); print $2 }'` # MAC Address
#computerid=`hostname | sed 's/.unibas.ch//'`
#computerid=`/usr/sbin/scutil --get LocalHostName | cut -c 1-19` # Assure that this will produce unique names!
#computerid=`/usr/sbin/scutil --get LocalHostName`
computerid=`scutil --get ComputerName`
adcomputerid=`echo "$computerid" | tr [:lower:] [:upper:]`
# These variables probably don't need to be changed
# Determing if any directory binding exists
nicAddress=`ifconfig en0 | grep ether | awk '{print $2}'`
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
check4ODtmp=`dscl localhost -list /LDAPv3 | grep -n 1 | sed 's/1://' | sed 's/2://'`
check4OD=${check4ODtmp//[[:space:]]/}
echo "Found LDAP: "$check4ODtmp
check4ODaccttmp=`dscl /LDAPv3/"$check4OD" -read Computers/"$computerid" RealName | cut -c 11-`
check4ODacct=${check4ODaccttmp//[[:space:]]/}
echo "Found LDAP-Computer-Account: "$check4ODacct
else
check4OD=""
check4ODacct=""
echo "No bound LDAP Server found"
fi
if [ $oldComputerGroup != "" ] && dscl localhost -list /LDAPv3 | grep . > /dev/null
then
check4ODgroupMembershiptmp=`dscl /LDAPv3/"$check4OD" -read ComputerGroups/"$oldComputerGroup" | grep "$computerid"`
check4ODgroupMembership=$check4ODgroupMembershiptmp
echo "LDAP Group Membership in Group: "$oldComputerGroup
else
check4ODgroupMembership=""
echo "No LDAP Group Membership defined or not bound to a server"
fi
if dscl localhost -list "/Active Directory" | grep $domainname > /dev/null
then
check4ADtmp=`dsconfigad -show | grep "Active Directory Domain" | sed 's/Active Directory Domain//' | sed 's/=//'`
check4AD=${check4ADtmp//[[:space:]]/}
echo "Found AD: "$check4AD
check4ADaccttmp=`dsconfigad -show | grep "Computer Account" | sed 's/Computer Account//' | sed 's/=//'`
check4ADacct=${check4ADaccttmp//[[:space:]]/}
echo "Found AD-Account: "$check4ADacct
else
check4AD=""
check4ADacct=""
echo "No AD-Account found"
fi
osversionlong=`sw_vers -productVersion`
osvers=${osversionlong:3:1}
#Time Sync
#Restart ntpdate
StartService ()
if [ "${TIMESYNC:=-YES-}" = "-YES-" ] && ! GetPID ntpd > /dev/null; then
CheckForNetwork
if [ -f /var/run/NetworkTime.StartupItem -o "${NETWORKUP}" = "-NO-" ]; then exit; fi
touch /var/run/NetworkTime.StartupItem
echo "Starting network time synchronization"
# Synchronize our clock to the network’s time,
# then fire off ntpd to keep the clock in sync.
ntpdate -bvs
ntpd -f /var/run/ntp.drift -p /var/run/ntpd.pid
fi
echo ""
echo ""
sleep 5
#### Removing any existing directory bindings
#Clear OD Computer Account and delete entry from Computer group
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
echo "This computer is bound to the following Open Directory Services:"
dscl localhost -list /LDAPv3
echo "With the Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /LDAP
sleep 5
if [ "${check4ODacct}" == "${computerid}" ]
then
echo "This machine already has a computer account on $oddomain."
# Set the GUID
GUID="$(dscl /LDAPv3/$oddomain -read /Computers/${computerid} GeneratedUID | awk '{ print $2 }')"
echo "Found GUID: "$GUID
if [ "$oldComputerGroup" != "" ] && [ "$check4ODgroupMembership" != "" ]
then
echo "Removing entry from group $oldComputerGroup"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerGroups/"$oldComputerGroup" GroupMembership "${computerid}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerGroups/"$oldComputerGroup" GroupMembers "${GUID}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /ComputerLists/"$oldComputerGroup" Computers "${computerid}"
fi
echo "Removing Computer entry $computerid in OD"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$check4OD" -delete /Computers/"${computerid}"
fi
#List existing Directories
echo "Removing OD-Binding to "$check4OD
dsconfigldap -r "$check4OD"
echo "Removing Search Path entries"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4OD"
dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"$check4OD"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4OD"
sleep 5
else
echo "No LDAP or OD Binding present.";
fi
echo ""
# Check a second time in order to delete any remaining LDAP-Bindings
echo "Scanning for further LDAP servers"
if dscl localhost -list /LDAPv3 | grep . > /dev/null
then
echo "Found:"
dscl localhost -list /LDAPv3
echo "Removing OD-Binding to "$check4ODtmp
dsconfigldap -r "$check4ODtmp"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
dscl /Search/Contacts -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
dscl /Search -delete / CSPSearchPath /LDAPv3/"$check4ODtmp"
sleep 5
else
echo "No further LDAP or OD Binding present."
fi
echo ""
echo ""
#Remove the Active Directory binding
if [ "$check4AD" != "" ]
then
echo "This computer is bound to the following Active Directory Services:"
dscl localhost -list "/Active Directory"
echo "With the Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /Active
sleep 5
echo "Removing any existing AD-Binding to "$check4AD
dsconfigad -f -remove -username "$udn" -password "$password"
echo "Removing Search Path entries"
if [ "$preferred" != "-nopreferred" ]
then
dscl /Search -delete / CSPSearchPath /Active Directory/"$domainname"
dscl /Search/Contacts -delete / CSPSearchPath /Active Directory/"$domainname"
dscl /Search -delete / CSPSearchPath /Active Directory/"$domainname"
fi
dscl /Search -delete / CSPSearchPath "/Active Directory/$domainname/All Domains"
dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/$domainname/All Domains"
#remove search path entries from 10.6
if dscl /Search -read / CSPSearchPath | grep /Active > /dev/null
then
dscl /Search -delete / CSPSearchPath "/Active Directory/$domainname/$domain"
dscl /Search/Contacts -delete / CSPSearchPath "/Active Directory/$domainname/$domain"
fi
sleep 5
else
echo "No Active Directory Binding present."
fi
echo ""
#Remove Existing Directory Services Config
echo "Removing existing DS Config"
if [ -d "/Library/Preferences/edu.mit.Kerberos" ]
then
rm -R /Library/Preferences/edu.mit.Kerberos
fi
if [ -d "/etc/krb5.keytab" ]
then
rm -R /etc/krb5.keytab
fi
# Clean up the DirectoryService configuration files
rm -Rfv /Library/Preferences/DirectoryService/*
#OD
echo ""
echo ""
echo "Binding to OD-Damin "$oddomain
sleep 5
dsconfigldap -v -a "$oddomain" -n "$oddomain" -c "$computerid"
echo "Killing opendirectoryd"
killall opendirectoryd
sleep 5
echo "Adding computer account $computerid to /LDAPv3/${oddomain} on $oddomain"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -create /Computers/"$computerid" ENetAddress "$nicAddress"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /Computers/"$computerid" RealName "$computerid"
# Set the GUID
GUID="$(dscl /LDAPv3/$oddomain -read /Computers/${computerid} GeneratedUID | awk '{ print $2 }')"
# Add computer to ComputerList and ComputerGroup
if [ $computerGroup != "" ]
then
echo "Adding computer $computerid to OD group $computerGroup on $oddomain"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerLists/"$computerGroup" apple-computers "$computerid"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerGroups/"$computerGroup" apple-group-memberguid "${GUID}"
dscl -u "${odAdmin}" -P "${odPassword}" /LDAPv3/"$oddomain" -merge /ComputerGroups/"$computerGroup" memberUid "$computerid"
fi
echo "Finished OD Binding."
sleep 5 # Give DS a chance to catch up
echo ""
echo ""
echo "Performing the AD Binding"
#AD
# Activate the AD plugin
defaults write /Library/Preferences/DirectoryService/DirectoryService "Active Directory" "Active"
plutil -convert xml1 /Library/Preferences/DirectoryService/DirectoryService.plist
#Use the existing AD-Computername or generate a new one
computeridtmp="default"
if [ "$check4ADacct" == "" ]
then
LEN=$(echo ${#adcomputerid})
if [ $LEN -lt 15 ]; then
echo "ComputerID "$adcomputerid " has 15 characters or less and is therefore suitable for AD-Binding. It is $adcomputerid"
computeridtmp=$adcomputerid
else
echo "ComputerID "$adcomputerid " has 16 or more characters and needs to be modified for AD-Binding."
echo "Removing any -"
computeridtmp=${adcomputerid//-/}
LEN=$(echo ${#computeridtmp})
if [ $LEN -lt 15 ]; then
echo "ComputerID "$computeridtmp" has now 15 characters or less and is therefore suitable for AD-Binding."
else
echo "Only using the last 15 characters of the Computer name to be able to bind to AD."
computeridtmp=${computeridtmp:(-15)}
fi
echo "Cropped Computername to "$computeridtmp
fi
else
computeridtmp=${check4ADacct//$/}
echo "Found existing AD Account previously, attempting to recreate in the OU: "$computeridtmp
fi
echo ""
# Bind to AD
echo "Binding to AD-Domain "$domain" with computerid "$computeridtmp
dsconfigad -f -add "$domain" -username "$udn" -password "$password" -ou "$ou" -computer "$computeridtmp"
echo ""
echo "Setting the Advanced AD Plugin options"
# Configure advanced AD plugin options
if [ "$admingroups" = "" ]
then
dsconfigad -nogroups
else
dsconfigad -groups "$admingroups"
fi
dsconfigad -alldomains "$alldomains"
dsconfigad -localhome "$localhome"
dsconfigad -protocol "$protocol"
dsconfigad -mobile "$mobile"
dsconfigad -mobileconfirm "$mobileconfirm"
dsconfigad -useuncpath "$useuncpath"
dsconfigad -shell "$user_shell"
dsconfigad "$preferred"
dsconfigad -packetsign "$packetsign" -packetencrypt "$packetencrypt" -passinterval "$passinterval"
dsconfigad -namespace "$namespace"
sleep 5
echo ""
echo ""
# Add the OD & AD node to the search path
if [ "$alldomains" = "enable" ]
then
csp="/Active Directory/$domainname/All Domains"
else
csp="/Active Directory/$domainname"
fi
echo "Finished AD Binding."
echo "Adding Domain /LDAPv3/"$oddomain" and "$csp" to Search Path"
dscl /Search -create / SearchPolicy CSPSearchPath
dscl /Search/Contacts -create / SearchPolicy CSPSearchPath
echo "Adding OD.."
dscl /Search -append / CSPSearchPath /LDAPv3/"$oddomain"
dscl /Search/Contacts -append / CSPSearchPath /LDAPv3/"$oddomain"
echo "Adding AD.."
#Adding all Domains first to improve reliability under 10.7
if [ "$alldomains" != "enable" ]
then
cspadall="/Active Directory/$domainname/All Domains"
dscl /Search/Contacts -append / CSPSearchPath "$cspadall"
dscl /Search -append / CSPSearchPath "$cspadall"
fi
dscl /Search/Contacts -append / CSPSearchPath "$csp"
dscl /Search -append / CSPSearchPath "$csp"
echo "Finished Updating Search Paths."
echo ""
echo ""
# Restart DirectoryService (necessary to reload AD plugin activation settings)
killall opendirectoryd
# Destroy the login hook (or change it)
if [ "${newLoginHook}" == "" ]
then
defaults delete /var/root/Library/Preferences/com.apple.loginwindow LoginHook
else
defaults write /var/root/Library/Preferences/com.apple.loginwindow LoginHook $newLoginHook
fi
sleep 5
# Customizing the login-Window
#defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo DSStatus
#defaults write /Library/Preferences/com.apple.loginwindow showInputMenu -bool TRUE
#defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool TRUE
# This works in a pinch if the above code does not
#defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Node Custom Path Array" -array "/Active Directory/All Domains"
#defaults write /Library/Preferences/DirectoryService/SearchNodeConfig "Search Policy" -int 3
#plutil -convert xml1 /Library/Preferences/DirectoryService/SearchNodeConfig.plist
#killall opendirectoryd
# Disable autologin
defaults delete /Library/Preferences/com.apple.loginwindow autoLoginUser
srm /etc/kcpassword
echo ""
echo ""
echo ""
echo "Now bound to OD Domain:"
dscl localhost -list /LDAPv3
echo "With Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /LDAP
echo "Now bound to AD Domain:"
dscl localhost -list "/Active Directory"
echo "With Search Path entries:"
dscl /Search -read / CSPSearchPath | grep /Active
exit 0 ## Success
exit 1 ## Failure
Any inputs, questions and improvement suggestions are, of course, most welcome!
Cheers
See -
How to enable group email accounts
Hi all,
I have spent a while fiddling with (and breaking) my OSX Lion 10.7.4 Server install trying to get group emails working. I would just like to share how I did it.
Follow the below how to.
#!/bin/bash
# Group EMail Enabler v0.2
# Jeff Johnson <[email protected]>
# Tested with OS X Server 10.6 and 10.7
# Should also work with 10.5
# This script allows you to manage email groups using Work Group Manager.
# If you create an executive group in WGM, you then have a executive@ email address
# This is automatically maintained as you adjust the members
# The script searches your LDAP groups for the word 'mail' in the comment field
# You must add mail to the comment field for any group which should have an email address.
# The email address for that group will be the shortname of that group.
# If you miss this step (add 'mail' to the comment field), this script does nothing.
# Known issues
# 1. Only supports groups in LDAP, users can be in LDAP or Local
# 2. Does not support other groups within your email group (no nested groups)
# 3. Almost no error checking, so best to run it manually a few times to check results.
# Installation Instructions
# 1. Save this file as
# /usr/sbin/group_email.sh
# 2. Then adjust permissions
# sudo chmod +x /usr/sbin/group_email.sh
# 3. Modifiy alias_maps in /etc/postfix/main.cf
# You need to add this line to what you already have
# hash:/etc/postfix/group_aliases
# Example, you have:
# alias_maps = hash:/etc/aliases
# Change to:
# alias_maps = hash:/etc/aliases, hash:/etc/postfix/group_aliases
# 4. To run automatically every 5 minutes, I prefer a simple addition to /etc/crontab
# you may need to create /etc/crontab if it doesn't exist
# Add the following to /etc/crontab
# */5 * * * * root /usr/sbin/group_email.sh >> /dev/null 2>&1
# If you followed these instructions, within 5 minutes you will see an alias file at
# /etc/postfix/groupaliases
# you can inspect the file to confirm the results.
cd /etc/postfix
# clear current aliases
echo "" > group_aliases.tmp
# Get list of groups with 'mail' in the comment field
gr=`dscl /LDAPv3/127.0.0.1 -list /Groups Comment | grep mail | awk '{print $1}'`
for group in $gr
do
echo $group: `dscl /LDAPv3/127.0.0.1 -read /Groups/$group dsAttrTypeNative:memberUid | cut -d : -f 3 | grep -v "No such key"` >> group_aliases.tmp
done
cmp -s group_aliases.tmp group_aliases > /dev/null
if [ $? -eq 1 ]; then
echo different
cp group_aliases.tmp group_aliases
/usr/sbin/postalias /etc/postfix/group_aliases
/usr/bin/newaliases
else
echo same
fi
exit
The only additional thing I had to do with Lion Server 10.7.4 was add hash:/etc/postfix/group_aliases to the alias_maps AND alias_database in /etc/postfix/main.cf then run "newaliases" and "postfix reload"
Hopefully this helps the next person to get it all running quicker than I did
Cheers
RyanHi Ryan, yeah 10.7.4 Lion Server - mail is swtiched on although we haven'y migrated to it yet (i do have the accounts setup though)
Script:
#!/bin/bash
# Group EMail Enabler v0.2
# Jeff Johnson <[email protected]>
# Tested with OS X Server 10.6 and 10.7
# Should also work with 10.5
# This script allows you to manage email groups using Work Group Manager.
# If you create an executive group in WGM, you then have a executive@ email address
# This is automatically maintained as you adjust the members
# The script searches your LDAP groups for the word 'mail' in the comment field
# You must add mail to the comment field for any group which should have an email address.
# The email address for that group will be the shortname of that group.
# If you miss this step (add 'mail' to the comment field), this script does nothing.
# Known issues
# 1. Only supports groups in LDAP, users can be in LDAP or Local
# 2. Does not support other groups within your email group (no nested groups)
# 3. Almost no error checking, so best to run it manually a few times to check results.
# Installation Instructions
# 1. Save this file as
# /usr/sbin/group_email.sh
# 2. Then adjust permissions
# sudo chmod +x /usr/sbin/group_email.sh
# 3. Modifiy alias_maps in /etc/postfix/main.cf
# You need to add this line to what you already have
# hash:/etc/postfix/group_aliases
# Example, you have:
# alias_maps = hash:/etc/aliases
# Change to:
# alias_maps = hash:/etc/aliases, hash:/etc/postfix/group_aliases
# 4. To run automatically every 5 minutes, I prefer a simple addition to /etc/crontab
# you may need to create /etc/crontab if it doesn't exist
# Add the following to /etc/crontab
# */5 * * * * root /usr/sbin/group_email.sh >> /dev/null 2>&1
# If you followed these instructions, within 5 minutes you will see an alias file at
# /etc/postfix/groupaliases
# you can inspect the file to confirm the results.
cd /etc/postfix
# clear current aliases
echo "" > group_aliases.tmp
# Get list of groups with 'mail' in the comment field
gr=`dscl /LDAPv3/127.0.0.1 -list /Groups Comment | grep mail | awk '{print $1}'`
for group in $gr
do
echo $group: `dscl /LDAPv3/127.0.0.1 -read /Groups/$group dsAttrTypeNative:memberUid | cut -d : -f 3 | grep -v "No such key"` >> group_aliases.tmp
done
cmp -s group_aliases.tmp group_aliases > /dev/null
if [ $? -eq 1 ]; then
echo different
cp group_aliases.tmp group_aliases
/usr/sbin/postalias /etc/postfix/group_aliases
/usr/bin/newaliases
else
echo same
fi
exit
I've gone through it a few times and can't see any differences to the one you posted so am at a loss as to why its not working..
Thanks
Phil -
Hi,
We recently had a drama with our OD master which rendered it unusable so we're now running with one of our OD replicas promoted to master.
We had two other servers which successfully bound as replicas to the new OD master but they didn't replicate following the initial replication. I converted them back to stand-alone servers and then tried to join them as replicas again.
Initially, I got the "augmented user record" error but manual removal of replica entries through Directory Utility corrected that.
However, I still can't get the servers to join as replicas. Using Server Admin, the replication process gets so far and then stops with no error message. Creating replica via command line gives the output below.
Any ideas? Is it the Kerberos realm that's killing this? I'm not using SSL anywhere and nothing has changed on the OD master since the initial replica creation.
TIA,
Stu
odreplica:~ badger$ sudo slapconfig -createreplica newodmaster.company.com diradmin
diradmin's Password:
2012-11-23 22:16:55 +0000 command: /usr/sbin/sso_util info -r /LDAPv3/ldap://newodmaster.company.com -p
2012-11-23 22:17:07 +0000 command: /usr/sbin/sso_util info -r /LDAPv3/128.56.0.201 -p
2012-11-23 22:17:07 +0000 1 Creating computer record for replica
2012-11-23 22:17:12 +0000 Added computer password to keychain
2012-11-23 22:17:12 +0000 2 Updating master's configuration
2012-11-23 22:17:12 +0000 3 Creating ldap replicator user
2012-11-23 22:17:14 +0000 command: /usr/sbin/ntpd -q -d -d -g -x -c /var/run/tmpntp.conf.newodmaster.company.com
2012-11-23 22:17:18 +0000 Removed file at path /var/run/tmpntp.conf.newodmaster.company.com.
2012-11-23 22:17:18 +0000 4 Updating local replica configuration
2012-11-23 22:17:18 +0000 5 Gathering replication data from the master
2012-11-23 22:17:56 +0000 6 Copying master database to new replica
2012-11-23 22:17:56 +0000 Removed directory at path /var/db/openldap/openldap-data.
2012-11-23 22:17:57 +0000 command: /usr/bin/tar -C / -xf /var/db/openldap/schema.tar
2012-11-23 22:17:57 +0000 Starting LDAP server (slapd)
2012-11-23 22:17:57 +0000 Waiting for slapd to start
2012-11-23 22:17:57 +0000 ...
2012-11-23 22:17:59 +0000 Stopping LDAP server (slapd)
2012-11-23 22:18:03 +0000 command: /usr/sbin/slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
2012-11-23 22:18:03 +0000 command: /usr/sbin/slapadd -c -w -l /var/db/openldap/openldap-data/backup.ldif
2012-11-23 22:18:04 +0000 command: /usr/sbin/slapadd -c -w -b cn=authdata -l /var/db/openldap/authdata/authdata.ldif
2012-11-23 22:18:04 +0000
2012-11-23 22:18:04 +0000 slapd is running in import mode - only use if importing large data
bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
2012-11-23 22:18:04 +0000 7 Starting new replica
2012-11-23 22:18:04 +0000 Starting LDAP server (slapd)
2012-11-23 22:18:05 +0000 Waiting for slapd to start
2012-11-23 22:18:05 +0000 ...
2012-11-23 22:18:06 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-11-23 22:18:06 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID
2012-11-23 22:18:06 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-11-23 22:18:06 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-11-23 22:18:06 +0000 command: /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.PasswordService.plist
2012-11-23 22:18:07 +0000 8 Enabling local Kerberos server
2012-11-23 22:18:07 +0000 Configuring Kerberos server, realm is DEADSERVER.COMPANY.COM
2012-11-23 22:18:07 +0000 command: /usr/sbin/kdcsetup -e
2012-11-23 22:18:07 +0000 command: /usr/sbin/sso_util configure -x -k -r DEADSERVER.COMPANY.COM -f /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -a diradmin -p **** -v 1 all
2012-11-23 22:18:08 +0000 _createLDAPReplica: sso_util configure failed 1. stdout = { } stderr = { Creating the service list
Creating the keytab file
2012-11-23 22:18:09 +0000 9 Enabling syncprov overlay on the replica
2012-11-23 22:18:09 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config objectClass=olcSyncProvConfig dn
2012-11-23 22:18:09 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-11-23 22:18:10 +0000 adding new entry "olcOverlay=syncprov,olcDatabase={1}bdb,cn=config"
2012-11-23 22:18:10 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-11-23 22:18:10 +0000 adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config"
2012-11-23 22:18:10 +0000 10 Adding replica to master
2012-11-23 22:18:10 +0000 addReplica request failed with status 1073 Unknown Error
2012-11-23 22:18:10 +0000 addReplica request failed with status 1073 Unknown Error (error = 69)
2012-11-23 22:18:10 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.opendirectorybackup.plist
2012-11-23 22:18:10 +0000 Deleting Cert Authority related data
2012-11-23 22:18:10 +0000 No intCAIdentity, not removing int CA from keychain
2012-11-23 22:18:10 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2012-11-23 22:18:10 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2012-11-23 22:18:10 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2012-11-23 22:18:10 +0000 Updating ldapreplicas on primary master
2012-11-23 22:18:10 +0000 Removing self from the database
2012-11-23 22:18:11 +0000 Warning: An error occurred while re-enabling GSSAPI.
2012-11-23 22:18:12 +0000 Stopping LDAP server (slapd)
2012-11-23 22:18:16 +0000 cleanKeytab: unable to retrieve default realm
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/apple-company.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/apple-computers.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/apple-hwuuid.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/apple-realname.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/apple-serviceslocator.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/c.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/departmentNumber.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/l.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/mail.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/mobile.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/postalCode.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/st.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/street.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/telephoneNumber.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/__db.001.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/__db.002.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/__db.003.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/__db.004.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/__db.005.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/__db.006.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/alock.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/authdata.ldif.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/authdata_DB_CONFIG.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.
2012-11-23 22:18:16 +0000 Removed directory at path /var/db/openldap/authdata.
2012-11-23 22:18:16 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.
2012-11-23 22:18:16 +0000 Removed file at path /etc/openldap/slapd.conf.
2012-11-23 22:18:16 +0000 Removed file at path /etc/openldap/rootDSE.ldif.
2012-11-23 22:18:16 +0000 Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist.
2012-11-23 22:18:16 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.
2012-11-23 22:18:16 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2012-11-23 22:18:16 +0000 Removed directory at path /etc/openldap/slapd.d.
2012-11-23 22:18:16 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2012-11-23 22:18:16 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2012-11-23 22:18:16 +0000 Removed directory at path /etc/openldap/slapd.d.backup.
2012-11-23 22:18:16 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.PasswordService.plist
2012-11-23 22:18:22 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.SSH is enabled for all users on both Macs. Manually added diradmin aswell just to make me feel better.
Additionally, here's what I get when I try running preflight on either Mac:
usvtamtln101:~ sadmin$ sudo /usr/sbin/slapconfig -preflightreplica 172.20.9.40 diradmin
Password:
172.20.9.40's Password:
2012-12-17 19:34:33 +0000 NSMutableDictionary *_getRootDSE(const char *): rootDSE not found
2012-12-17 19:34:33 +0000 Error: Unable to determine the master's software version.
After seeing this, I tried unbinding both Macs from Active Directory, restarting and then trying again. Same thing... -
Creating Replica in Yosemite is Failing
Hello all,
I have two Yosemite Servers both running 10.10. I have an OD master running fine for all of my clients. I'd like to replicate that OD master. This is what I get in the logs when attempting to create the replica as it fails with a generic error of checking my network settings. Any help would be great. I've checked all DNS and forward and reverse works for both servers.
2014-12-11 20:23:04 +0000 slapconfig -createreplica
2014-12-11 20:23:08 +0000 Warning: An error occurred while disabling GSSAPI binding.
2014-12-11 20:23:08 +0000 1 Creating computer record for replica
2014-12-11 20:23:49 +0000 command: /usr/sbin/slapconfig -delkeychain /LDAPv3/127.0.0.1 campusreplica01.flyers.stark.k12.oh.us$
2014-12-11 20:23:49 +0000 slapconfig -delkeychain
2014-12-11 20:23:49 +0000 Added computer password to keychain
2014-12-11 20:23:49 +0000 Adding ldap and host service principals
2014-12-11 20:23:49 +0000 2 Creating ldap replicator user
2014-12-11 20:23:49 +0000 _ldap_replicator exists from previous replica - migrating
2014-12-11 20:23:49 +0000 NSString *_getReplicatorPasswordWithNode(ODNode *): no syncrepl attribute found in results
2014-12-11 20:23:49 +0000 Unable to get replicator password, recreating replicator
2014-12-11 20:23:49 +0000 ServerID for this replica 8
2014-12-11 20:23:51 +0000 command: /usr/bin/sntp -s time.apple.com.
2014-12-11 20:23:51 +0000 3 Updating local replica configuration
2014-12-11 20:23:51 +0000 4 Gathering replication data from the master
2014-12-11 20:23:51 +0000 5 Copying master database to new replica
2014-12-11 20:23:51 +0000 Removed directory at path /var/db/openldap/openldap-data.
2014-12-11 20:23:52 +0000 Retrieved DB_CONFIG for dc=flyers,dc=stark,dc=k12,dc=oh,dc=us from master
2014-12-11 20:23:52 +0000 Retrieved DB_CONFIG for cn=authdata from master
2014-12-11 20:23:52 +0000 Starting LDAP server (slapd)
2014-12-11 20:23:52 +0000 slapd started
2014-12-11 20:23:52 +0000 Stopping LDAP server (slapd)
2014-12-11 20:23:54 +0000 command: /usr/sbin/slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
2014-12-11 20:23:54 +0000 command: /usr/sbin/slapadd -c -w -l /var/db/openldap/openldap-data/backup.ldif
2014-12-11 20:24:02 +0000 command: /usr/sbin/slapadd -c -w -b cn=authdata -l /var/db/openldap/authdata/authdata.ldif
2014-12-11 20:24:04 +0000
2014-12-11 20:24:04 +0000 5489fd62 slapd is running in import mode - only use if importing large data
5489fd62 bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
2014-12-11 20:24:04 +0000 6 Starting new replica
2014-12-11 20:24:04 +0000 Warning: An error occurred while re-enabling GSSAPI.
2014-12-11 20:24:04 +0000 Starting LDAP server (slapd)
2014-12-11 20:24:04 +0000 slapd started
2014-12-11 20:24:04 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-12-11 20:24:04 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID
2014-12-11 20:24:04 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-12-11 20:24:04 +0000 Starting password server
2014-12-11 20:24:11 +0000 7 Enabling local Kerberos server
2014-12-11 20:24:11 +0000 Configuring Kerberos server, realm is FLYERS.STARK.K12.OH.US
2014-12-11 20:24:11 +0000 command: /usr/sbin/sso_util configure -x -k -r FLYERS.STARK.K12.OH.US -f /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -a diradmin -p **** -v 1 all
2014-12-11 20:24:14 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-12-11 20:24:14 +0000 Stopping LDAP server (slapd)
2014-12-11 20:24:15 +0000 Starting LDAP server (slapd)
2014-12-11 20:24:16 +0000 slapd started
2014-12-11 20:24:16 +0000 8 Enabling syncprov overlay on the replica
2014-12-11 20:24:16 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config objectClass=olcSyncProvConfig dn
2014-12-11 20:24:16 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-12-11 20:24:16 +0000 adding new entry "olcOverlay=syncprov,olcDatabase={1}bdb,cn=config"
2014-12-11 20:24:16 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-12-11 20:24:16 +0000 adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config"
2014-12-11 20:24:16 +0000 9 Adding replica to master
2014-12-11 20:24:16 +0000 Remote server (campus.flyers.stark.k12.oh.us) ID: (null)
2014-12-11 20:24:16 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b dc=flyers,dc=stark,dc=k12,dc=oh,dc=us uid=_ldap_replicator dn
2014-12-11 20:24:16 +0000 No serverID specified, exiting
2014-12-11 20:24:16 +0000 failed to add parent/master to replica
2014-12-11 20:24:16 +0000 failed to add parent/master to replica (error = 73)
2014-12-11 20:24:16 +0000 Deleting Cert Authority related data
2014-12-11 20:24:16 +0000 OPENDIRECTORY_ROOT_CA_IDENTITY not found, unable to determine rootCA name from OPENDIRECTORY_ROOT_CA_CERTIFICATE, defaulting to configured value of (null)
2014-12-11 20:24:16 +0000 No intCAIdentity, not removing int CA from keychain
2014-12-11 20:24:16 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2014-12-11 20:24:16 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2014-12-11 20:24:16 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2014-12-11 20:24:17 +0000 Stopping LDAP server (slapd)
2014-12-11 20:24:18 +0000 Stopping password server
2014-12-11 20:24:21 +0000 Removed all service principals from keytab for realm FLYERS.STARK.K12.OH.US
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/apple-computers.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/apple-realname.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/c.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/l.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000002.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000003.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000004.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000005.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000006.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000007.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000008.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000009.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000010.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000011.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000012.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000013.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000014.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000015.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000016.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000017.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/mail.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/mobile.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/postalCode.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/st.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/street.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/telephoneNumber.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/__db.001.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/__db.002.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/__db.003.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/__db.004.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/__db.005.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/__db.006.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/alock.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/authdata.ldif.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/log.0000000002.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/log.0000000003.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/log.0000000004.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/log.0000000005.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.
2014-12-11 20:24:21 +0000 Removed directory at path /var/db/openldap/authdata.
2014-12-11 20:24:21 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.
2014-12-11 20:24:21 +0000 Removed file at path /etc/openldap/slapd.conf.
2014-12-11 20:24:21 +0000 Removed file at path /etc/openldap/rootDSE.ldif.
2014-12-11 20:24:21 +0000 Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist.
2014-12-11 20:24:21 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.
2014-12-11 20:24:21 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2014-12-11 20:24:21 +0000 Removed directory at path /etc/openldap/slapd.d.
2014-12-11 20:24:21 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2014-12-11 20:24:21 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2014-12-11 20:24:21 +0000 Removed directory at path /etc/openldap/slapd.d.backup.
2014-12-11 20:24:24 +0000 Stopping password server
2014-12-11 20:24:24 +0000 Removed file at path /etc/ntp_opendirectory.conf.
2014-12-11 20:24:24 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.I'm still having trouble getting this replica created.
This is what I see on the OD Master side when I go to add the replica the other way.
The soon to be replica is a fresh install and the certificate looks to be good to me.
I took a suggestion and made sure I did an SSH connection between the two hosts and accepted the Keys. Still nothing.
Any help would be appreciated. -
Server.app: Users button ( + / -) are disabled of a replica server
Hi everybody,
After upgrade the server to 10.9.5 and server app 3.2.1 version, it has been crashing during the importation of users into server app using a text file. At the beginning everything was ok with a text file where there were only one user, but when I tried to do the same thing with all users file, the progress bar was freeze and just after reopen server app the buttons + and - were disabled. We have 1 master than 5 replicas servers working with the same OS X and server app version and this particular issue is only here. There is a similar postBug: Manage +/- buttons "Users" and "Users' Groups" disabled in server.app but this issue coming back again after the first importation (It doesn't matter if you are using a text file with 5, 20 o 100 users).
Moreover, if I set it up as a master, everything is right so I was wondering if this new server app version cause this issue or if it is related to mavericks itself because we upgraded all servers two month ago.
I'll appreciate every clue,
ThanksThis is a copy from Slapconfig.log. This start creating a replica and finish when it is destroyed. Between 21:39:39 ans 22:20:49 the server app crashed and nothing is reported with this service, after that, I destroyed the replica. The only problem that I see, is in times of each register, the real time was already 16:00 aprox. but It show 21:33 aprox, I don't now why and the others files are correct in time.
2014-09-24 21:33:29 +0000 slapconfig -createreplica
2014-09-24 21:33:30 +0000 1 Creating computer record for replica
2014-09-24 21:38:38 +0000 command: /usr/sbin/slapconfig -delkeychain /LDAPv3/127.0.0.1 server_replica.domain.ca$
2014-09-24 21:38:38 +0000 slapconfig -delkeychain
2014-09-24 21:38:39 +0000 Added computer password to keychain
2014-09-24 21:38:39 +0000 Adding ldap and host service principals
2014-09-24 21:38:41 +0000 2 Creating ldap replicator user
2014-09-24 21:38:41 +0000 _ldap_replicator exists from previous replica - migrating
2014-09-24 21:38:41 +0000 ServerID for this replica 37
2014-09-24 21:38:43 +0000 command: /usr/bin/sntp -s time.apple.com.
2014-09-24 21:38:44 +0000 3 Updating local replica configuration
2014-09-24 21:38:44 +0000 4 Gathering replication data from the master
2014-09-24 21:38:44 +0000 5 Copying master database to new replica
2014-09-24 21:38:44 +0000 Removed directory at path /var/db/openldap/openldap-data.
2014-09-24 21:38:55 +0000 Starting LDAP server (slapd)
2014-09-24 21:38:58 +0000 slapd started
2014-09-24 21:38:58 +0000 Stopping LDAP server (slapd)
2014-09-24 21:39:02 +0000 command: /usr/sbin/slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
2014-09-24 21:39:02 +0000 command: /usr/sbin/slapadd -c -w -l /var/db/openldap/openldap-data/backup.ldif
2014-09-24 21:39:08 +0000 command: /usr/sbin/slapadd -c -w -b cn=authdata -l /var/db/openldap/authdata/authdata.ldif
2014-09-24 21:39:09 +0000
2014-09-24 21:39:09 +0000 542339fc slapd is running in import mode - only use if importing large data
542339fd bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
2014-09-24 21:39:09 +0000 6 Starting new replica
2014-09-24 21:39:09 +0000 Starting LDAP server (slapd)
2014-09-24 21:39:09 +0000 slapd started
2014-09-24 21:39:09 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-09-24 21:39:09 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID
2014-09-24 21:39:09 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-09-24 21:39:09 +0000 Starting password server
2014-09-24 21:39:15 +0000 7 Enabling local Kerberos server
2014-09-24 21:39:15 +0000 Configuring Kerberos server, realm is servermaster.domain.CA
2014-09-24 21:39:15 +0000 command: /usr/sbin/sso_util configure -x -k -r servermaster.domain.CA -f /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -a diradmin -p **** -v 1 all
2014-09-24 21:39:17 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-09-24 21:39:17 +0000 Stopping LDAP server (slapd)
2014-09-24 21:39:18 +0000 Starting LDAP server (slapd)
2014-09-24 21:39:18 +0000 slapd started
2014-09-24 21:39:19 +0000 8 Enabling syncprov overlay on the replica
2014-09-24 21:39:19 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config objectClass=olcSyncProvConfig dn
2014-09-24 21:39:19 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-09-24 21:39:19 +0000 adding new entry "olcOverlay=syncprov,olcDatabase={1}bdb,cn=config"
2014-09-24 21:39:19 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-09-24 21:39:19 +0000 adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config"
2014-09-24 21:39:19 +0000 9 Adding replica to master
2014-09-24 21:39:19 +0000 Configuring multimaster for (server_replica.domain.ca) with ServerID (37)
2014-09-24 21:39:19 +0000 Remote server (servermaster.domain.ca) ID: 1
2014-09-24 21:39:19 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b dc=servermaster,dc=domain,dc=ca uid=_ldap_replicator dn
2014-09-24 21:39:19 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID
2014-09-24 21:39:19 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config objectClass=olcSyncProvConfig dn
2014-09-24 21:39:20 +0000 default realm: servermaster.domain.CA
2014-09-24 21:39:20 +0000 Configuring multimaster
2014-09-24 21:39:20 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID
2014-09-24 21:39:20 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-09-24 21:39:20 +0000 modifying entry "cn=config"
modifying entry "olcDatabase={1}bdb,cn=config"
modifying entry "olcDatabase={1}bdb,cn=config"
modifying entry "olcDatabase={2}bdb,cn=config"
modifying entry "olcDatabase={2}bdb,cn=config"
2014-09-24 21:39:20 +0000 Stopping LDAP server (slapd)
2014-09-24 21:39:21 +0000 Starting LDAP server (slapd)
2014-09-24 21:39:21 +0000 slapd started
2014-09-24 21:39:21 +0000 Updating ldapreplicas on servermaster.domain.ca as diradmin
2014-09-24 21:39:21 +0000 Updating ldapreplicas record
2014-09-24 21:39:22 +0000 Updating ldapreplicas plist.
2014-09-24 21:39:22 +0000 Binding to 127.0.0.1
2014-09-24 21:39:27 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2014-09-24 21:39:33 +0000 Could not find root CA certificate in system keychain
2014-09-24 21:39:39 +0000 IntermediateCA not configured as CA admin email not found.
2014-09-24 21:39:39 +0000 Replica Creation successfully completed
2014-09-24 22:20:49 +0000 slapconfig -destroyldapserver
2014-09-24 22:20:49 +0000 Deleting Cert Authority related data
2014-09-24 22:20:49 +0000 No intCAIdentity, not removing int CA from keychain
2014-09-24 22:20:49 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2014-09-24 22:20:49 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2014-09-24 22:20:49 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2014-09-24 22:20:49 +0000 Updating ldapreplicas on primary master
2014-09-24 22:20:52 +0000 Removing self from the database
2014-09-24 22:20:54 +0000 Stopping LDAP server (slapd)
2014-09-24 22:21:24 +0000 Stopping password server
2014-09-24 22:21:29 +0000 Removed all service principals from keytab for realm servermaster.domain.CA
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/apple-computers.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/apple-hwuuid.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/apple-locale-subnets.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/apple-realname.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/apple-serviceslocator.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/c.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/l.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000002.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000003.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000004.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000005.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000006.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000007.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000008.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/mail.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/postalCode.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/st.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/street.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/telephoneNumber.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/__db.001.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/__db.002.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/__db.003.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/__db.004.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/__db.005.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/__db.006.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/alock.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/authdata.ldif.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.
2014-09-24 22:21:29 +0000 Removed directory at path /var/db/openldap/authdata.
2014-09-24 22:21:29 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.
2014-09-24 22:21:29 +0000 Removed file at path /etc/openldap/slapd.conf.
2014-09-24 22:21:29 +0000 Removed file at path /etc/openldap/rootDSE.ldif.
2014-09-24 22:21:29 +0000 Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist.
2014-09-24 22:21:29 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.
2014-09-24 22:21:29 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2014-09-24 22:21:29 +0000 Removed directory at path /etc/openldap/slapd.d.
2014-09-24 22:21:29 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2014-09-24 22:21:29 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2014-09-24 22:21:29 +0000 Removed directory at path /etc/openldap/slapd.d.backup.
2014-09-24 22:21:29 +0000 Stopping password server
2014-09-24 22:21:29 +0000 Removed file at path /etc/ntp_opendirectory.conf.
2014-09-24 22:21:29 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.
2014-09-24 22:21:29 +0000 Attempting to remove principal [email protected]
2014-09-24 22:21:29 +0000 command: /usr/bin/kdestroy [email protected]
2014-09-24 22:21:29 +0000 Notifying peer servermaster.domain.ca we have been destroyed -
How to bulk add group members in Open Directory
So the workgroup manager interface is ghey. The + sign to add group members drag&drops users one at a time. I need to bulk add group members.
I tried ldapadd to add all the users quickly and that doesn't seem to work. The ldap group record now has all the users populated, under the multivalued attribute memberUid), but workgroup manager doesn't see the bulk group members.
Any idea how to do this?Use tcsh SHELL builtin command 'foreach' to accomplish this:
$ tcsh
$ which foreach
foreach: shell built-in command.
$ foreach user (`cat users.txt`)
foreach? echo adding $user to group
foreach? /usr/bin/dscl -u diradmin -P [passwd] /LDAPv3/127.0.0.1 append /Groups/yourgroup GroupMembership $user
foreach? end -
WLC 5508: 802.1 AAA override; Authenication success no dynamic vlan assignment
WLC 5508: software version 7.0.98.0
Windows 7 Client
Radius Server: Fedora Core 13 / Freeradius with LDAP storage backend
I have followed the guide at http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076317c.shtml with respective to building the LDAP and free radius server. 802.1x authorization and authenication correctly work. The session keys are returned from the radius server and the wlc send the appropriate information for the client to generate the WEP key.
However, the WLC does not override the VLAN assignment, even though I was to believe I set everything up correctly. From the packet capture, you can see that verfication of client is authorized to use the WLAN returns the needed attributes:
AVP: l=4 t=Tunnel-Private-Group-Id(81): 10
AVP: l=6 t=Tunnel-Medium-Type(65): IEEE-802(6)
AVP: l=6 t=Tunnel-Type(64): VLAN(13)
I attached a packet capture and wlc config, any guidance toward the attributes that may be missing or not set correctly in the config would be most appreciated.Yes good catch, so I had one setting left off in freeradius that allowed the inner reply attributes back to the outer tunneled accept. I wrote up a medium high level config for any future viewers of this thread:
The following was tested and verified on a fedora 13 installation. This is a minimal setup; not meant for a "live" network (security issues with cleartext passwords, ldap not indexed properly for performance)
Install Packages
1. Install needed packages.
yum install openldap*
yum install freeradius*
2. Set the services to automatically start of system startup
chkconfig --level 2345 slapd on
chkconfig --level 2345 radiusd on
Configure and start LDAP
1. Copy the needed ladp schemas for radius. Your path may vary a bit
cp /usr/share/doc/freeradius*/examples/openldap.schema /etc/openldap/schema/radius.schema
2. Create a admin password for slapd. Record this password for later use when configuring the slapd.conf file
slappasswd
3. Add the ldap user and group; if it doesn't exisit. Depending on the install rpm, it may have been created
useradd ldap
groupadd ldap
4. Create the directory and assign permissions for the database files
mkdir /var/lib/ldap
chmod 700 /var/lib/ldap
chown ldap:ldap /var/lib/ldap
5. Edit the slapd.conf file.
cd /etc/openldap
vi slapd.conf
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#Default needed schemas
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
#Radius include
include /etc/openldap/schema/radius.schema
#Samba include
#include /etc/openldap/schema/samba.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# ldbm and/or bdb database definitions
#Use the berkely database
database bdb
#dn suffix, domain components read in order
suffix "dc=cisco,dc=com"
checkpoint 1024 15
#root container node defined
rootdn "cn=Manager,dc=cisco,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
rootpw
{SSHA}
cVV/4zKquR4IraFEU7NTG/PIESw8l4JI
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools. (chown ldap:ldap)
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index uid,memberUid eq,pres,sub
# enable monitoring
database monitor
# allow onlu rootdn to read the monitor
access to *
by dn.exact="cn=Manager,dc=cisco,dc=com" read
by * none
6. Remove the slapd.d directory
cd /etc/openldap
rm -rf slapd.d
7. Hopefully if everything is correct, should be able to start up slapd with no problem
service slapd start
8. Create the initial database in a text file called /tmp/initial.ldif
dn: dc=cisco,dc=com
objectClass: dcobject
objectClass: organization
o: cisco
dc: cisco
dn: ou=people,dc=cisco,dc=com
objectClass: organizationalunit
ou: people
description: people
dn: uid=jonatstr,ou=people,dc=cisco,dc=com
objectClass: top
objectClass: radiusprofile
objectClass: inetOrgPerson
cn: jonatstr
sn: jonatstr
uid: jonatstr
description: user Jonathan Strickland
radiusTunnelType: VLAN
radiusTunnelMediumType: 802
radiusTunnelPrivateGroupId: 10
userPassword: ggsg
9. Add the file to the database
ldapadd -h localhost -W -D "cn=Manager, dc=cisco,dc=com" -f /tmp/initial.ldif
10. Issue a basic query to the ldap db, makes sure that we can request and receive results back
ldapsearch -h localhost -W -D cn=Manager,dc=cisco,dc=com -b dc=cisco,dc=com -s sub "objectClass=*"
Configure and Start FreeRadius
1. Configure ldap.attrmap, if needed. This step is only needed if we need to map and pass attributes back to the authenicator (dynamic vlan assignments as an example). Below is an example for dynamic vlan addresses
cd /etc/raddb
vi ldap.attrmap
For dynamic vlan assignments, verify the follow lines exist:
replyItem Tunnel-Type radiusTunnelType
replyItem Tunnel-Medium-Type radiusTunnelMediumType
replyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupId
Since we are planning to use the userpassword, we will let the mschap module perform the NT translations for us. Add the follow line to check ldap object for userpassword and store as Cleartext-Password:
checkItem Cleartext-Password userPassword
2. Configure eap.conf. The following sections attributes below should be verified. You may change other attributes as needed, they are just not covered in this document.
eap
{ default_eap_type = peap ..... }
tls {
#I will not go into details here as this is beyond scope of setting up freeradisu. The defaults will work, as freeradius comes with generated self signed certificates.
peap {
default_eap_type = mschapv2
#you will have to set this to allowed the inner tls tunnel attributes into the final accept message
use_tunneled_reply = yes
3. Change the authenication and authorization modules and order.
cd /etc/raddb/sites-enabled
vi default
For the authorize section, uncomment the ldap module.
For the authenicate section, uncomment the ldap module
vi inner-tunnel
Very importants, for the authorize section, ensure the ldap module is first, before mschap. Thus authorize will look like:
authorize
{ ldap mschap ...... }
4. Configure ldap module
cd /etc/raddb/modules
ldap
{ server=localhost identify = "cn=Manager,dc=cisco,dc=com" password=admin basedn="dc=cisco,dc=com" base_filter = "(objectclass=radiusprofile)" access_attr="uid" ............ }
5. Start up radius in debug mode on another console
radiusd -X
6. radtest localhost 12 testing123
You should get a Access-Accept back
7. Now to perform an EAP-PEAP test. This will require a wpa_supplicant test libarary called eapol_test
First install openssl support libraries, required to compile
yum install openssl*
yum install gcc
wget http://hostap.epitest.fi/releases/wpa_supplicant-0.6.10.tar.gz
tar xvf wpa_supplicant-0.6.10.tar.gz
cd wpa_supplicant-0.6.10/wpa_supplicant
vi defconfig
Uncomment CONFIG_EAPOL_TEST = y and save/exit
cp defconfig .config
make eapol_test
cp eapol_test /usr/local/bin
chmod 755 /usr/local/bin/eapol_test
8. Create a test config file named eapol_test.conf.peap
network=
{ eap=PEAP eapol_flags=0 key_mgmt=IEEE8021X identity="jonatstr" password="ggsg" \#If you want to verify the Server certificate the below would be needed \#ca_cert="/root/ca.pem" phase2="auth=MSCAHPV2" }
9. Run the test
eapol_test -c ~/eapol_test.conf.peap -a 127.0.0.1 -p 1812 -s testing123 -
Open Directory Master creation failure.
I am running into consistent Failures while attempting to setup Open Directory Master on 10.8 server. It seems to fail in creating an Intermidiary CA and suggests there is already one. I have combed Keychain for, and removed any entires that refer to the suggested cert. Yet I am still unable to get this OD Master up and running. Here's the log files:
2012-09-10 18:49:05 +0000 Success. Master creation is possible.
2012-09-10 18:49:12 +0000 Success. Master creation is possible.
2012-09-10 18:49:13 +0000 slapconfig -createldapmasterandadmin
2012-09-10 18:49:13 +0000 command: /usr/bin/sntp -s time.apple.com.
2012-09-10 18:49:29 +0000 Success. Master creation is possible.
2012-09-10 18:49:29 +0000 Starting LDAP server (slapd)
2012-09-10 18:49:29 +0000 Waiting for slapd to start
2012-09-10 18:49:31 +0000 slapd started
2012-09-10 18:49:31 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:49:46 +0000 command: /usr/sbin/slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
2012-09-10 18:49:46 +0000 Stopping LDAP server (slapd)
2012-09-10 18:49:54 +0000 Starting LDAP server (slapd)
2012-09-10 18:49:54 +0000 Waiting for slapd to start
2012-09-10 18:49:54 +0000 slapd started
2012-09-10 18:49:54 +0000 Save of LDAP configuration failed with error 2100
2012-09-10 18:49:54 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:49:54 +0000 adding new entry "olcOverlay=unique,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=nestedgroup,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay={0}odusers,olcDatabase={-1}frontend,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config"
2012-09-10 18:49:54 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:49:54 +0000 adding new entry "cn={9}customSchema,cn=schema,cn=config"
2012-09-10 18:49:54 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:49:55 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID
2012-09-10 18:49:55 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:49:55 +0000 Setting SASL realm to <DANDYBOX.NET>
2012-09-10 18:49:55 +0000 command: /usr/sbin/mkpassdb -setrealm DANDYBOX.NET
2012-09-10 18:49:55 +0000 command: /usr/sbin/mkpassdb -o -u diradmin -p -q
2012-09-10 18:49:56 +0000
2012-09-10 18:49:56 +0000 command: /usr/sbin/mkpassdb -setadmin 0x4fff1e36fb7811e1bd063c07545a924d 0
2012-09-10 18:49:57 +0000 Admin's entry UUID is: 77bfb2d2-4884-4303-a9b6-c1d39758ab9b
2012-09-10 18:49:57 +0000 Starting password server
2012-09-10 18:49:58 +0000 Stopping LDAP server (slapd)
2012-09-10 18:50:01 +0000 Starting LDAP server (slapd)
2012-09-10 18:50:01 +0000 Waiting for slapd to start
2012-09-10 18:50:01 +0000 slapd started
2012-09-10 18:50:01 +0000 Configuring Kerberos server, realm is DANDYBOX.NET
2012-09-10 18:50:01 +0000 command: /usr/sbin/kdcsetup -a diradmin -p **** -v 1 DANDYBOX.NET
2012-09-10 18:50:06 +0000 Opening ldapi connection to the LDAP user data
Opening ldapi connection to the LDAP auth data
Creating KDC for OD Master
Creating Kerberos directory
Creating KDC Config File
Creating Kerberos ACL file
Adding KDC config data to the KerberosKDC config record
Adding KDC config data to the KerberosClient config record
Creating KDC database
Using existing master key file
Creating Kerberos principal for 'diradmin'
Creating Kerberos auth authority for 'diradmin'
Creating Kerberos alt security identity for 'diradmin'
Successfully created KDC for OD Master
2012-09-10 18:50:06 +0000 command: /usr/sbin/sso_util configure -x -r DANDYBOX.NET -f /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -a diradmin -p **** -v 1 all
2012-09-10 18:50:06 +0000 command: /usr/sbin/mkpassdb -kerberize
2012-09-10 18:50:08 +0000 Updating user records and principals
2012-09-10 18:50:25 +0000 Asking OpenDirectoryConfig to bind to server: 127.0.0.1
2012-09-10 18:50:27 +0000 Attempting to open /LDAPv3/127.0.0.1 node
2012-09-10 18:50:27 +0000 Verified /LDAPv3/127.0.0.1 node is available
2012-09-10 18:50:29 +0000 command: /usr/sbin/sso_util info -r /LDAPv3/127.0.0.1 -p
2012-09-10 18:50:30 +0000 Creating root CA with DandyBox Open Directory Certification Authority
2012-09-10 18:50:32 +0000 Creating intermediate CA with IntermediateCA_DANDYBOX.NET_1
2012-09-10 18:50:32 +0000 ***Error creating intermediate CA. Error - The specified item already exists in the keychain.
2012-09-10 18:50:32 +0000 Intermediate CA creation failed with error - -25299
2012-09-10 18:50:32 +0000 Destroying OD master as CA creation failed with error 75
2012-09-10 18:50:32 +0000 Logging slapd container data to /var/run/slapconfig_error_1347303032
2012-09-10 18:50:32 +0000 Stopping LDAP server (slapd)
2012-09-10 18:50:34 +0000 command: /usr/sbin/slapcat -l /var/run/slapconfig_error_1347303032/user.ldif
2012-09-10 18:50:34 +0000 command: /usr/sbin/slapcat -b cn=authdata -l /var/run/slapconfig_error_1347303032/authdata.ldif
2012-09-10 18:50:34 +0000 Error retrieving kerberos realm
2012-09-10 18:50:34 +0000 CopyReplicaArray: ldap_search_ext_s failed
2012-09-10 18:50:34 +0000 Error retrieving replica array
2012-09-10 18:50:34 +0000 Deleting Cert Authority related data
2012-09-10 18:50:34 +0000 Removed directory at path /var/root/Library/Application Support/Certificate Authority/DandyBox Open Directory Certification Authority.
2012-09-10 18:50:35 +0000 No intCAIdentity, not removing int CA from keychain
2012-09-10 18:50:35 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2012-09-10 18:50:35 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2012-09-10 18:50:35 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2012-09-10 18:50:35 +0000 void _destroyLDAPServer(const char *): Failed to find computer record named dandybox.net$: 2100 Connection failed to the directory server.
2012-09-10 18:50:35 +0000 Updating ldapreplicas on primary master
2012-09-10 18:50:35 +0000 CopyPrimaryMaster: CopyLdapReplicas failed
2012-09-10 18:50:35 +0000 Unable to locate primary master
2012-09-10 18:50:35 +0000 Primary master node is nil!
2012-09-10 18:50:35 +0000 Unable to locate ldapreplicas record: 0 (null)
2012-09-10 18:50:35 +0000 Error setting read ldap replicas array: 0 (null)
2012-09-10 18:50:35 +0000 Error setting write ldap replicas array: 0 (null)
2012-09-10 18:50:35 +0000 ODRecord *_getODRecord(ODNode *, NSString *, NSString *, NSArray *): ODNodeRef parameter error
2012-09-10 18:50:35 +0000 int _removeReplicaFromConfigRecord(ODNode *, NSString *): ODRecord not found
2012-09-10 18:50:35 +0000 Error synchronizing ldapreplicas: 0 (null)
2012-09-10 18:50:35 +0000 Removing self from the database
2012-09-10 18:50:35 +0000 Warning: An error occurred while re-enabling GSSAPI.
2012-09-10 18:50:35 +0000 Stopping LDAP server (slapd)
2012-09-10 18:50:35 +0000 Stopping password server
2012-09-10 18:50:36 +0000 cleanKeytab: unable to retrieve default realm
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/__db.001.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/__db.002.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/__db.003.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/__db.004.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/__db.005.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/__db.006.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/alock.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.
2012-09-10 18:50:36 +0000 Removed directory at path /var/db/openldap/authdata.
2012-09-10 18:50:36 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.
2012-09-10 18:50:36 +0000 Removed file at path /etc/openldap/slapd.conf.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist.
2012-09-10 18:50:36 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.
2012-09-10 18:50:36 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2012-09-10 18:50:36 +0000 Removed directory at path /etc/openldap/slapd.d.
2012-09-10 18:50:36 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2012-09-10 18:50:36 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2012-09-10 18:50:36 +0000 Removed directory at path /etc/openldap/slapd.d.backup.
2012-09-10 18:50:36 +0000 Stopping password server
2012-09-10 18:50:36 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.
2012-09-10 18:50:36 +0000 Removed file at path /var/run/slapconfig.lock.
2012-09-10 18:53:43 +0000 Success. Master creation is possible.
2012-09-10 18:53:49 +0000 Success. Master creation is possible.
2012-09-10 18:53:51 +0000 slapconfig -createldapmasterandadmin
2012-09-10 18:53:51 +0000 command: /usr/bin/sntp -s time.apple.com.
2012-09-10 18:53:51 +0000 Success. Master creation is possible.
2012-09-10 18:53:51 +0000 Starting LDAP server (slapd)
2012-09-10 18:53:51 +0000 Waiting for slapd to start
2012-09-10 18:53:53 +0000 slapd started
2012-09-10 18:53:53 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:54:06 +0000 command: /usr/sbin/slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
2012-09-10 18:54:07 +0000 Stopping LDAP server (slapd)
2012-09-10 18:54:16 +0000 Starting LDAP server (slapd)
2012-09-10 18:54:16 +0000 Waiting for slapd to start
2012-09-10 18:54:16 +0000 slapd started
2012-09-10 18:54:16 +0000 Save of LDAP configuration failed with error 2100
2012-09-10 18:54:16 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:54:16 +0000 adding new entry "olcOverlay=unique,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=nestedgroup,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay={0}odusers,olcDatabase={-1}frontend,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config"
2012-09-10 18:54:16 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:54:16 +0000 adding new entry "cn={9}customSchema,cn=schema,cn=config"
2012-09-10 18:54:16 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:54:16 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID
2012-09-10 18:54:16 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:54:16 +0000 Setting SASL realm to <DANDYBOX.NET>
2012-09-10 18:54:16 +0000 command: /usr/sbin/mkpassdb -setrealm DANDYBOX.NET
2012-09-10 18:54:17 +0000 command: /usr/sbin/mkpassdb -o -u diradmin -p -q
2012-09-10 18:54:18 +0000
2012-09-10 18:54:18 +0000 command: /usr/sbin/mkpassdb -setadmin 0xebf131c6fb7811e188913c07545a924d 0
2012-09-10 18:54:18 +0000 Admin's entry UUID is: dd9b2d61-725e-4e55-9692-844e7d923f90
2012-09-10 18:54:18 +0000 Starting password server
2012-09-10 18:54:19 +0000 Stopping LDAP server (slapd)
2012-09-10 18:54:22 +0000 Starting LDAP server (slapd)
2012-09-10 18:54:22 +0000 Waiting for slapd to start
2012-09-10 18:54:22 +0000 slapd started
2012-09-10 18:54:22 +0000 Configuring Kerberos server, realm is DANDYBOX.NET
2012-09-10 18:54:22 +0000 command: /usr/sbin/kdcsetup -a diradmin -p **** -v 1 DANDYBOX.NET
2012-09-10 18:54:27 +0000 Opening ldapi connection to the LDAP user data
Opening ldapi connection to the LDAP auth data
Creating KDC for OD Master
Creating Kerberos directory
Creating KDC Config File
Creating Kerberos ACL file
Adding KDC config data to the KerberosKDC config record
Adding KDC config data to the KerberosClient config record
Creating KDC database
Using existing master key file
Creating Kerberos principal for 'diradmin'
Creating Kerberos auth authority for 'diradmin'
Creating Kerberos alt security identity for 'diradmin'
Successfully created KDC for OD Master
2012-09-10 18:54:27 +0000 command: /usr/sbin/sso_util configure -x -r DANDYBOX.NET -f /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -a diradmin -p **** -v 1 all
2012-09-10 18:54:27 +0000 command: /usr/sbin/mkpassdb -kerberize
2012-09-10 18:54:29 +0000 Updating user records and principals
2012-09-10 18:54:52 +0000 Asking OpenDirectoryConfig to bind to server: 127.0.0.1
2012-09-10 18:54:55 +0000 Attempting to open /LDAPv3/127.0.0.1 node
2012-09-10 18:54:55 +0000 Verified /LDAPv3/127.0.0.1 node is available
2012-09-10 18:54:57 +0000 command: /usr/sbin/sso_util info -r /LDAPv3/127.0.0.1 -p
2012-09-10 18:54:58 +0000 Creating root CA with DandyBox Open Directory Certification Authority
2012-09-10 18:55:00 +0000 Creating intermediate CA with IntermediateCA_DANDYBOX.NET_1
2012-09-10 18:55:00 +0000 ***Error creating intermediate CA. Error - The specified item already exists in the keychain.
2012-09-10 18:55:00 +0000 Intermediate CA creation failed with error - -25299
2012-09-10 18:55:00 +0000 Destroying OD master as CA creation failed with error 75
2012-09-10 18:55:00 +0000 Logging slapd container data to /var/run/slapconfig_error_1347303300
2012-09-10 18:55:00 +0000 Stopping LDAP server (slapd)
2012-09-10 18:55:03 +0000 command: /usr/sbin/slapcat -l /var/run/slapconfig_error_1347303300/user.ldif
2012-09-10 18:55:03 +0000 command: /usr/sbin/slapcat -b cn=authdata -l /var/run/slapconfig_error_1347303300/authdata.ldif
2012-09-10 18:55:03 +0000 Error retrieving kerberos realm
2012-09-10 18:55:03 +0000 CopyReplicaArray: ldap_search_ext_s failed
2012-09-10 18:55:03 +0000 Error retrieving replica array
2012-09-10 18:55:03 +0000 Deleting Cert Authority related data
2012-09-10 18:55:03 +0000 Removed directory at path /var/root/Library/Application Support/Certificate Authority/DandyBox Open Directory Certification Authority.
2012-09-10 18:55:03 +0000 No intCAIdentity, not removing int CA from keychain
2012-09-10 18:55:03 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2012-09-10 18:55:03 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2012-09-10 18:55:03 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2012-09-10 18:55:03 +0000 void _destroyLDAPServer(const char *): Failed to find computer record named dandybox.net$: 2100 Connection failed to the directory server.
2012-09-10 18:55:03 +0000 Updating ldapreplicas on primary master
2012-09-10 18:55:03 +0000 CopyPrimaryMaster: CopyLdapReplicas failed
2012-09-10 18:55:03 +0000 Unable to locate primary master
2012-09-10 18:55:03 +0000 Primary master node is nil!
2012-09-10 18:55:03 +0000 Unable to locate ldapreplicas record: 0 (null)
2012-09-10 18:55:03 +0000 Error setting read ldap replicas array: 0 (null)
2012-09-10 18:55:03 +0000 Error setting write ldap replicas array: 0 (null)
2012-09-10 18:55:03 +0000 ODRecord *_getODRecord(ODNode *, NSString *, NSString *, NSArray *): ODNodeRef parameter error
2012-09-10 18:55:03 +0000 int _removeReplicaFromConfigRecord(ODNode *, NSString *): ODRecord not found
2012-09-10 18:55:03 +0000 Error synchronizing ldapreplicas: 0 (null)
2012-09-10 18:55:03 +0000 Removing self from the database
2012-09-10 18:55:03 +0000 Warning: An error occurred while re-enabling GSSAPI.
2012-09-10 18:55:03 +0000 Stopping LDAP server (slapd)
2012-09-10 18:55:03 +0000 Stopping password server
2012-09-10 18:55:04 +0000 cleanKeytab: unable to retrieve default realm
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/__db.001.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/__db.002.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/__db.003.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/__db.004.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/__db.005.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/__db.006.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/alock.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.
2012-09-10 18:55:04 +0000 Removed directory at path /var/db/openldap/authdata.
2012-09-10 18:55:04 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.
2012-09-10 18:55:04 +0000 Removed file at path /etc/openldap/slapd.conf.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist.
2012-09-10 18:55:04 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.
2012-09-10 18:55:04 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2012-09-10 18:55:04 +0000 Removed directory at path /etc/openldap/slapd.d.
2012-09-10 18:55:04 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2012-09-10 18:55:04 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2012-09-10 18:55:04 +0000 Removed directory at path /etc/openldap/slapd.d.backup.
2012-09-10 18:55:05 +0000 Stopping password server
2012-09-10 18:55:05 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.
2012-09-10 18:55:05 +0000 Removed file at path /var/run/slapconfig.lock.
Any help would be much apreciated!new problem. here's the output of the config log:
2012-09-11 00:21:04 +0000 slapconfig -backupdb
2012-09-11 00:21:04 +0000 command: /usr/sbin/sso_util info -r /LDAPv3/127.0.0.1 -p
2012-09-11 00:21:04 +0000 1 Backing up LDAP database
2012-09-11 00:21:04 +0000 popen: /usr/sbin/slapcat -l /tmp/slapconfig_backup_stage17861ihVwZK/backup.ldif, "r"
2012-09-11 00:21:04 +0000 popen: /usr/sbin/slapcat -b cn=authdata -l /tmp/slapconfig_backup_stage17861ihVwZK/authdata.ldif, "r"
2012-09-11 00:21:04 +0000 popen: /bin/cp /var/db/openldap/openldap-data/DB_CONFIG /tmp/slapconfig_backup_stage17861ihVwZK/DB_CONFIG, "r"
2012-09-11 00:21:04 +0000 popen: /bin/cp /var/db/openldap/authdata//DB_CONFIG /tmp/slapconfig_backup_stage17861ihVwZK/authdata_DB_CONFIG, "r"
2012-09-11 00:21:04 +0000 popen: /bin/cp -r /etc/openldap /tmp/slapconfig_backup_stage17861ihVwZK/, "r"
2012-09-11 00:21:04 +0000 popen: /usr/sbin/mkpassdb -list > /tmp/slapconfig_backup_stage17861ihVwZK/sasl-plugin-list, "r"
2012-09-11 00:21:05 +0000 popen: /bin/hostname > /tmp/slapconfig_backup_stage17861ihVwZK/hostname, "r"
2012-09-11 00:21:05 +0000 popen: /usr/sbin/sso_util info -pr /LDAPv3/127.0.0.1 > /tmp/slapconfig_backup_stage17861ihVwZK/local_odkrb5realm, "r"
2012-09-11 00:21:05 +0000 2 Backing up Kerberos database
2012-09-11 00:21:05 +0000 popen: /usr/bin/tar czpf /tmp/slapconfig_backup_stage17861ihVwZK/krb5backup.tar.gz /var/db/krb5kdc/kdc.conf /var/db/krb5kdc/acl_file.* /var/db/krb5kdc/m_key.* /etc/krb5.keytab , "r"
2012-09-11 00:21:05 +0000 popen: /bin/cp /var/db/dslocal/nodes/Default/config/KerberosKDC.plist /tmp/slapconfig_backup_stage17861ihVwZK/KerberosKDC.plist, "r"
2012-09-11 00:21:05 +0000 3 Backing up configuration files
2012-09-11 00:21:05 +0000 popen: /bin/cp /Library/Preferences/com.apple.openldap.plist /tmp/slapconfig_backup_stage17861ihVwZK/, "r"
2012-09-11 00:21:05 +0000 popen: /usr/bin/sw_vers > /tmp/slapconfig_backup_stage17861ihVwZK/version.txt, "r"
2012-09-11 00:21:05 +0000 popen: /bin/cp -r /var/db/dslocal /tmp/slapconfig_backup_stage17861ihVwZK/, "r"
2012-09-11 00:21:05 +0000 Backed Up Keychain
2012-09-11 00:21:05 +0000 4 Backing up CA certificates
2012-09-11 00:21:05 +0000 Failed to backup CA data as Root/ Intermediate CA were not found
2012-09-11 00:21:05 +0000 5 Creating archive
2012-09-11 00:21:05 +0000 command: /usr/bin/hdiutil create -ov -plist -puppetstrings -layout UNIVERSAL CD -fs HFS+ -volname ldap_bk -srcfolder /tmp/slapconfig_backup_stage17861ihVwZK -format SPARSE /var/backups/ServerBackup_OpenDirectoryMaster
2012-09-11 00:21:14 +0000 Removed directory at path /tmp/slapconfig_backup_stage17861ihVwZK.
2012-09-11 00:21:14 +0000 Removed file at path /var/run/slapconfig.lock.
2012-09-11 00:26:03 +0000 slapconfig -updateaddresses
2012-09-11 00:26:04 +0000 _updateaddresses: successfully completed
2012-09-11 00:26:54 +0000 slapconfig -updateaddresses
2012-09-11 00:26:55 +0000 _updateaddresses: successfully completed
2012-09-11 00:27:34 +0000 slapconfig -updateaddresses
2012-09-11 00:27:35 +0000 _updateaddresses: successfully completed
2012-09-11 00:29:33 +0000 slapconfig -updateaddresses
2012-09-11 00:29:34 +0000 _updateaddresses: successfully completed
2012-09-11 01:40:20 +0000 Migrating OD master
2012-09-11 01:40:20 +0000 Removed file at path /Volumes/Server HD/var/db/openldap/openldap-data/DB_CONFIG.example.
2012-09-11 01:40:20 +0000 /private/var/db/openldap not preserved from previous system. Nothing to upgrade.
2012-09-11 01:40:20 +0000 Removed file at path /Volumes/Server HD/Library/Preferences/com.apple.openldap.plist.
2012-09-11 16:25:30 +0000 Success. Master creation is possible.
2012-09-11 16:25:36 +0000 Success. Master creation is possible.
2012-09-11 16:25:38 +0000 slapconfig -createldapmasterandadmin
2012-09-11 16:25:38 +0000 command: /usr/bin/sntp -s time.apple.com.
2012-09-11 16:25:38 +0000 Success. Master creation is possible.
2012-09-11 16:25:38 +0000 Starting LDAP server (slapd)
2012-09-11 16:25:38 +0000 Waiting for slapd to start
2012-09-11 16:25:41 +0000 slapd started
2012-09-11 16:25:41 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-11 16:25:58 +0000 command: /usr/sbin/slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
2012-09-11 16:25:58 +0000 Stopping LDAP server (slapd)
2012-09-11 16:26:06 +0000 Starting LDAP server (slapd)
2012-09-11 16:26:06 +0000 Waiting for slapd to start
2012-09-11 16:26:06 +0000 slapd started
2012-09-11 16:26:06 +0000 Save of LDAP configuration failed with error 2100
2012-09-11 16:26:06 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-11 16:26:06 +0000 adding new entry "olcOverlay=unique,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=nestedgroup,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay={0}odusers,olcDatabase={-1}frontend,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config"
2012-09-11 16:26:06 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-11 16:26:06 +0000 adding new entry "cn={9}customSchema,cn=schema,cn=config"
2012-09-11 16:26:06 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-11 16:26:06 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID
2012-09-11 16:26:07 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-11 16:26:07 +0000 Setting SASL realm to <SERVIN.DANDYBOX.NET>
2012-09-11 16:26:07 +0000 command: /usr/sbin/mkpassdb -setrealm SERVIN.DANDYBOX.NET
2012-09-11 16:26:07 +0000 command: /usr/sbin/mkpassdb -o -u diradmin -p -q
2012-09-11 16:26:08 +0000
2012-09-11 16:26:09 +0000 command: /usr/sbin/mkpassdb -setadmin 0x63c3d88efc2d11e1b45a3c07545a924d 0
2012-09-11 16:26:09 +0000 Admin's entry UUID is: d407cf7d-b3df-43bf-bc65-f6a3321fb30f
2012-09-11 16:26:09 +0000 Starting password server
2012-09-11 16:26:10 +0000 Stopping LDAP server (slapd)
2012-09-11 16:26:13 +0000 Starting LDAP server (slapd)
2012-09-11 16:26:13 +0000 Waiting for slapd to start
2012-09-11 16:26:13 +0000 slapd started
2012-09-11 16:26:13 +0000 dsproxy group already exists, reusing
2012-09-11 16:26:13 +0000 Configuring Kerberos server, realm is SERVIN.DANDYBOX.NET
2012-09-11 16:26:13 +0000 command: /usr/sbin/kdcsetup -a diradmin -p **** -v 1 SERVIN.DANDYBOX.NET
2012-09-11 16:26:19 +0000 Opening ldapi connection to the LDAP user data
Opening ldapi connection to the LDAP auth data
Creating KDC for OD Master
Creating Kerberos directory
Creating KDC Config File
Creating Kerberos ACL file
Adding KDC config data to the KerberosKDC config record
Adding KDC config data to the KerberosClient config record
Creating KDC database
Creating new random master key
Creating Kerberos principal for 'diradmin'
Creating Kerberos auth authority for 'diradmin'
Creating Kerberos alt security identity for 'diradmin'
Successfully created KDC for OD Master
2012-09-11 16:26:19 +0000 command: /usr/sbin/sso_util configure -x -r SERVIN.DANDYBOX.NET -f /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -a diradmin -p **** -v 1 all
2012-09-11 16:26:20 +0000 command: /usr/sbin/mkpassdb -kerberize
2012-09-11 16:26:22 +0000 Updating user records and principals
2012-09-11 16:26:42 +0000 Asking OpenDirectoryConfig to bind to server: 127.0.0.1
2012-09-11 16:26:42 +0000 Could not bind - The operation couldn\u2019t be completed. (com.apple.OpenDirectory error 4102.)
2012-09-11 16:26:42 +0000 Logging slapd container data to /var/run/slapconfig_error_1347380802
2012-09-11 16:26:42 +0000 Stopping LDAP server (slapd)
2012-09-11 16:26:46 +0000 command: /usr/sbin/slapcat -l /var/run/slapconfig_error_1347380802/user.ldif
2012-09-11 16:26:46 +0000 command: /usr/sbin/slapcat -b cn=authdata -l /var/run/slapconfig_error_1347380802/authdata.ldif
2012-09-11 16:26:46 +0000 Error retrieving kerberos realm
2012-09-11 16:26:46 +0000 CopyReplicaArray: ldap_search_ext_s failed
2012-09-11 16:26:46 +0000 Error retrieving replica array
2012-09-11 16:26:46 +0000 Deleting Cert Authority related data
2012-09-11 16:26:46 +0000 No intCAIdentity, not removing int CA from keychain
2012-09-11 16:26:46 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2012-09-11 16:26:46 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2012-09-11 16:26:46 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2012-09-11 16:26:46 +0000 void _destroyLDAPServer(const char *): Failed to find computer record named servin.dandybox.net$: 2100 Connection failed to the directory server.
2012-09-11 16:26:46 +0000 Updating ldapreplicas on primary master
2012-09-11 16:26:46 +0000 CopyPrimaryMaster: CopyLdapReplicas failed
2012-09-11 16:26:46 +0000 Unable to locate primary master
2012-09-11 16:26:46 +0000 Primary master node is nil!
2012-09-11 16:26:46 +0000 Unable to locate ldapreplicas record: 0 (null)
2012-09-11 16:26:46 +0000 Error setting read ldap replicas array: 0 (null)
2012-09-11 16:26:46 +0000 Error setting write ldap replicas array: 0 (null)
2012-09-11 16:26:46 +0000 ODRecord *_getODRecord(ODNode *, NSString *, NSString *, NSArray *): ODNodeRef parameter error
2012-09-11 16:26:46 +0000 int _removeReplicaFromConfigRecord(ODNode *, NSString *): ODRecord not found
2012-09-11 16:26:46 +0000 Error synchronizing ldapreplicas: 0 (null)
2012-09-11 16:26:46 +0000 Removing self from the database
2012-09-11 16:26:46 +0000 Stopping LDAP server (slapd)
2012-09-11 16:26:46 +0000 Stopping password server
2012-09-11 16:26:47 +0000 cleanKeytab: unable to retrieve default realm
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/__db.001.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/__db.002.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/__db.003.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/__db.004.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/__db.005.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/__db.006.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/alock.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.
2012-09-11 16:26:47 +0000 Removed directory at path /var/db/openldap/authdata.
2012-09-11 16:26:47 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.
2012-09-11 16:26:47 +0000 Removed file at path /etc/openldap/slapd.conf.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist.
2012-09-11 16:26:47 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.
2012-09-11 16:26:47 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2012-09-11 16:26:47 +0000 Removed directory at path /etc/openldap/slapd.d.
2012-09-11 16:26:47 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2012-09-11 16:26:47 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2012-09-11 16:26:47 +0000 Removed directory at path /etc/openldap/slapd.d.backup.
2012-09-11 16:26:47 +0000 Stopping password server
2012-09-11 16:26:48 +0000 Removed file at path /etc/ntp_opendirectory.conf.
2012-09-11 16:26:48 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.
2012-09-11 16:26:48 +0000 Removed file at path /var/run/slapconfig.lock.
Thanks again for any help. DNS is correct, certs are not present, using FQDN. -
Is it possible to create a copy of entire database, not the data, but just database structure?
Greetings community,
This question is related to EXPRESS edition.
Let’s say that I have MyDatabase2014 and I’ve been populating it with some data during the year 2014. Before the end of the year, I want to prepare another database named MyDatabase2015, which should be empty, but of course it should have
all tables, relations, indexes and stored procedures just like MyDatabase2014. The idea is just to change a connection string and to continue using the same app for the same job.
So in SSMS, I right-clicked the database, choose script database as / create to / new query, but I didn’t get what I wanted. In query window I’ve got just create database statement, and below that few dozen of alter database set ansi this
or that statements, and set many other things. However, no table creation was scripted. Also, no stored procedures have been created, and about users, and other security objects better not to start to talk about.
I could have achieved that simply by right-clicking databases node and select new database. So what’s the point of “script database as”?
Does this work in SQL server editions other than EXPRESS?
When it comes to express edition, what’s the best practice to get the empty copy of a database?
Thanks for any help.For scripting out the users and their permissions you can use this script
-- Capture permissions for all users in a DB
SET NOCOUNT ON
DECLARE @Database varchar(max)
SET @Database = '<Db_Name>'-- set the database name here
IF EXISTS (SELECT * FROM SYS.SYSDATABASES WHERE name = @Database)
EXEC('USE ' + @Database + ';
DECLARE @temp table(Extract Varchar(MAX))
INSERT INTO @temp (Extract)
SELECT ''EXEC( ''''USE ' + @Database + '; IF NOT EXISTS (SELECT * FROM sys.schemas WHERE name = N'''''''''' + name + '''''''''')IF EXISTS (SELECT *
FROM sys.database_principals WHERE name = N'''''''''' + name + '''''''''') DROP USER ['' + name + '']''''); ''
FROM sys.sysusers WHERE islogin = 1 AND hasdbaccess = 1 AND name NOT IN (''dbo'')
INSERT INTO @temp (Extract)
SELECT ''EXEC( ''''USE ' + @Database + '; IF NOT EXISTS
(SELECT * FROM sys.database_principals WHERE name = N'''''''''' + dp.name + '''''''''')
CREATE USER ['' + dp.name + ''] FOR LOGIN ['' + sp.name + '']''''); ''
FROM sys.server_principals sp
JOIN sys.database_principals dp ON (sp.sid = dp.sid)
AND dp.name NOT IN (''dbo'')
INSERT INTO @temp (Extract)
SELECT ''EXEC( ''''USE ' + @Database + '; IF NOT EXISTS
(SELECT * FROM sys.database_principals WHERE name = N'''''''''' + dp.name + '''''''''')
CREATE USER ['' + dp.name + ''] WITHOUT LOGIN ''''); ''
FROM sys.database_principals dp left
JOIN sys.server_principals sp ON (sp.sid = dp.sid)
where dp.principal_id between 5 and 16383
INSERT INTO @temp (Extract)
SELECT ''EXEC( ''''USE ' + @Database + '; EXEC sp_addrolemember '''''''''' + User_Name([groupuid]) + '''''''''', '''''''''' + User_Name([memberuid]) +
FROM sys.sysmembers WHERE User_Name([memberuid]) NOT IN (''dbo'')
INSERT INTO @temp (Extract)
SELECT ''EXEC( ''''USE ' + @Database + '; ''
+ CASE [a].[state_desc] WHEN ''GRANT_WITH_GRANT_OPTION'' THEN ''GRANT '' ELSE [a].[state_desc] END
+ '' ''
+ [a].[permission_name] + CASE class WHEN 1 THEN '' ON [''
+ [c].[name]
+ ''].[''
+ Object_Name([a].[major_id]) + ''] '' ELSE '''' END + '' TO [''
+ User_Name([a].[grantee_principal_id])
+ ''] '' + CASE [a].[state_desc] WHEN ''GRANT_WITH_GRANT_OPTION'' THEN '' WITH GRANT OPTION'' ELSE '''' END
+ ''''''); '' COLLATE Latin1_General_CI_AS AS [SQL]
FROM sys.database_permissions a
inner join [sys].[all_objects] b
ON [a].[major_id] = [b].[object_id]
inner join [sys].[schemas] c
ON [b].[schema_id] = [c].[schema_id]
INSERT INTO @temp (Extract)
SELECT ''EXEC( ''''USE ' + @Database + '; ''
+ [a].[state_desc]
+ '' ''
+ [a].[permission_name]
+ '' TO [''
+ USER_NAME([a].[grantee_principal_id])
+ ''] '''');''
from sys.database_permissions a
where a.class=0
INSERT INTO @temp (Extract)
SELECT ''EXEC( ''''USE ' + @Database + '; ''
+ [a].[state_desc]
+ '' ''
+ [a].[permission_name]
+ '' ON SCHEMA ::''
+ '' [''
+ SCHEMA_NAME([a].[major_id]) +
+ ''] TO [''
+ USER_NAME([a].[grantee_principal_id])
+ ''] '''');''
from sys.database_permissions a
where a.class=3
SELECT Extract AS [Extract] FROM @temp
GO
ELSE
SELECT '--NO'
GO
-
Which clients are using my Sun One server for authentication?
We use Sun One ver. 5.2 .
Our LDAP clients use it for authentication.
How can I list which clients recently used the Sun One server to authenticate?
The reason I need that is because I want to upgrade the Sun One server and I want to notify the clients that I'm about to do it.
Thanks.https://www.redhat.com/archives/fedora-directory-users/2005-September/msg00010.html
Useful script to extract LDAP based user posixGroup memberships information
===
Assuming you are using posixGroup objectclass and memberUid attribute to
store your membership information, you may find my shell script useful
and handy.
It works on Solaris LDAP Client with "ldapaddent" and "ldaplist"
commands, and works against FDS, SUN DS or OpenLDAP.
===
Gary -
Defining webtops for LDAP with DSI doesn't work
Hi,
I'm using LDAP successfully as my login authority.
I'm trying to define custom webtop for certain groups in my organization with no success although I follow the instructions exactly :
http://docs.sun.com/source/819-4309-10/en-us/base/standard/using_dsi.html
Any idea how to debug this issue ?
Also I would like to understand the right way to add persons from LDAP to global administrators group.
Thanks a lot,
ZeevHi,
I've realized what's the problem but I don't know how to solve it.
When Secure Global Desktop searches for members of LDAP groups it searches for users in the uniquemember, member, and uniqueMember attributes on group objects.
On our LDAP server , the members are in different object ( memberUid ) then those mentioned above.
Here is the list of relevant attributes :
tarantella config list --com.sco.jndi.toolkit.utils.LDAPUserCollection.properties
cacheLifeTime: 600000
directAttributes: { uniquemember, member, uniqueMember, memberUid }
flushCacheTimeoutMs: 43200000
groupAttributes: { uniquemember, member }
groupMatches: { !uid=* }
maximumGroupDepth: 0
nameConverter: 0
reverseAttributes: { nsroledn, memberOf }
searchAttributes: { memberurl }
userShortAttributes: { <No elements in the array> }
As you can see , I've added the memberUid to the directAttributes but it's still doesn't help.
Please help :)
Thanks
Zeev -
How do i query a sun one server for a member of a group
Hi Folks
I would like to know if any one know how to query a sun one directory server to list all members of the group.
currenty i have this
LDAP://SERVERNAME.test.com:5221/ou=people,dc=testrelsec,dc=com>;(&(objectclass = person)& adsPath;subTree"
this query gives me all users in the directory ,
Now I have created a static group called GROUPONE using sunone console GUI and made 2 people member of that group
I need the ldap query which can list the members of GROUPONE
thanks
g4hbk
thanks in advance
g4hbkhttps://www.redhat.com/archives/fedora-directory-users/2005-September/msg00010.html
Useful script to extract LDAP based user posixGroup memberships information
===
Assuming you are using posixGroup objectclass and memberUid attribute to
store your membership information, you may find my shell script useful
and handy.
It works on Solaris LDAP Client with "ldapaddent" and "ldaplist"
commands, and works against FDS, SUN DS or OpenLDAP.
===
Gary -
LDAP gurus
I'm having problems to setup LDAP client to use TLS:SIMPLE. SIMPLE and SASL/DIGEST-MD5 are working fine (with or without Proxy).
For some reason, a self-certified certification is not acceptable by the client (TLS certificate verification: Error, self signed certificate).
Certificate is located at /var/ldap/cert8.db
Client is Sun LDAP Native.
[SunOS 5.10/bash] root@wgls01:/root
# /usr/local/bin/ldapsearch -Z -H ldaps://wgtsinf01:1636 -v -d 65535
ldap_initialize( ldaps://wgtsinf01:1636 )
ldap_create
ldap_url_parse_ext(ldaps://wgtsinf01:1636)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP wgtsinf01:1636
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 10.64.47.50:1636
ldap_connect_timeout: fd: 4 tm: -1 async: 0
TLS trace: SSL_connect:before/connect initialization
tls_write: want=124, written=124
0000: 80 7a 01 03 01 00 51 00 00 00 20 00 00 39 00 00 .z....Q... ..9..
0010: 38 00 00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 8..5............
0020: 00 00 33 00 00 32 00 00 2f 00 00 07 05 00 80 03 ..3..2../.......
0030: 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00 ................
0040: 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08 ......@.........
0050: 00 00 06 04 00 80 00 00 03 02 00 80 5b ca 46 06 ............[.F.
0060: 60 e0 bc 9e a2 af 25 a2 55 0a 53 e7 f0 1a fc 6e `.....%.U.S....n
0070: c6 7b de f1 79 7e b1 ce 15 14 1a 8e .{..y~......
TLS trace: SSL_connect:SSLv2/v3 write client hello A
tls_read: want=7, got=7
0000: 16 03 01 03 b3 02 00 .......
tls_read: want=945, got=945
0000: 00 46 03 01 46 b2 73 ba 42 d1 b3 35 54 a1 26 f8 .F..F.s.B..5T.&.
0010: 76 87 77 90 c1 92 c3 e4 88 a0 47 bc cc 52 01 bb v.w.......G..R..
0020: 34 85 b1 2d 20 46 b2 73 ba cd 16 16 a6 e6 9a a3 4..- F.s........
0030: c2 af 1b 60 ed e7 0d ad 32 69 0d c3 41 64 31 4e ...`....2i..Ad1N
0040: 3e ff bd c4 0a 00 16 00 0b 00 01 ae 00 01 ab 00 >...............
0050: 01 a8 30 82 01 a4 30 82 01 0d 02 04 46 ad 48 df ..0...0.....F.H.
0060: 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 0...*.H........0
0070: 19 31 17 30 15 06 03 55 04 03 13 0e 77 67 74 73 .1.0...U....wgts
0080: 69 6e 66 30 31 3a 31 33 38 39 30 1e 17 0d 30 37 inf01:13890...07
0090: 30 37 33 30 30 32 31 31 34 33 5a 17 0d 30 39 30 0730021143Z..090
00a0: 37 32 39 30 32 31 31 34 33 5a 30 19 31 17 30 15 729021143Z0.1.0.
00b0: 06 03 55 04 03 13 0e 77 67 74 73 69 6e 66 30 31 ..U....wgtsinf01
00c0: 3a 31 33 38 39 30 81 9f 30 0d 06 09 2a 86 48 86 :13890..0...*.H.
00d0: f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 ...........0....
00e0: 81 00 a9 f7 de 93 85 50 13 6b a1 18 96 3d 00 2d .......P.k...=.-
00f0: 64 5d a9 65 72 33 c3 44 b6 1e 0e 6b b8 4b e0 a4 d].er3.D...k.K..
0100: 0a 6b 7f 4f 1a ae f3 d7 8e ed 8e fd c7 d0 48 b1 .k.O..........H.
0110: f0 45 2d 74 52 a9 d1 fd d4 89 ad 64 d9 82 6b e9 .E-tR......d..k.
0120: 73 b1 55 cb 38 20 06 e6 4f a3 d3 f2 0b a1 5b 2e s.U.8 ..O.....[.
0130: b4 43 bc 9a 93 e6 b7 47 dd 58 f2 cb 59 17 8a c0 .C.....G.X..Y...
0140: 13 aa 8a 5f ef 11 33 c7 02 53 d8 b1 20 e3 5b 6d ..._..3..S.. .[m
0150: 4f ea 4f a6 9d 02 d2 39 69 ed e0 b9 70 d9 51 50 O.O....9i...p.QP
0160: 4e 2b 02 03 01 00 01 30 0d 06 09 2a 86 48 86 f7 N+.....0...*.H..
0170: 0d 01 01 04 05 00 03 81 81 00 02 d6 e1 3d f7 41 .............=.A
0180: 64 69 c5 f3 b7 77 93 99 10 80 4d aa b9 1f 7a 28 di...w....M...z(
0190: c2 33 4e 42 d2 47 7c 53 00 6e 7d 13 3b e3 56 19 .3NB.G|S.n}.;.V.
01a0: 35 93 4b 6d cd 4c 52 57 aa ba e2 f6 e0 46 a4 f2 5.Km.LRW.....F..
01b0: 5c a7 be be b2 40 6f 9a 33 f0 dc b5 de 55 3c 8e \[email protected]<.
01c0: 2a 19 15 eb 6c 6f 03 ef a5 c1 01 e3 d6 10 b7 64 *...lo.........d
01d0: 7d dd 24 87 60 a7 e3 5f 24 a1 ea 0a 66 fa d4 49 }.$.`.._$...f..I
01e0: 71 65 21 53 94 ad be 0c b9 52 b6 78 67 87 b8 38 qe!S.....R.xg..8
01f0: 11 59 b2 47 b6 c9 23 f8 d8 cc 0c 00 01 89 00 80 .Y.G..#.........
0200: f4 88 fd 58 4e 49 db cd 20 b4 9d e4 91 07 36 6b ...XNI.. .....6k
0210: 33 6c 38 0d 45 1d 0f 7c 88 b3 1c 7c 5b 2d 8e f6 3l8.E..|...|[-..
0220: f3 c9 23 c0 43 f0 a5 5b 18 8d 8e bb 55 8c b8 5d ..#.C..[....U..]
0230: 38 d3 34 fd 7c 17 57 43 a3 1d 18 6c de 33 21 2c 8.4.|.WC...l.3!,
0240: b5 2a ff 3c e1 b1 29 40 18 11 8d 7c 84 a7 0a 72 .*.<..)@...|...r
0250: d6 86 c4 03 19 c8 07 29 7a ca 95 0c d9 96 9f ab .......)z.......
0260: d0 0a 50 9b 02 46 d3 08 3d 66 a4 5d 41 9f 9c 7c ..P..F..=f.]A..|
0270: bd 89 4b 22 19 26 ba ab a2 5e c3 55 e9 2f 78 c7 ..K".&...^.U./x.
0280: 00 01 02 00 80 7c 11 c6 db 8a 23 1b 2d a3 e3 5d .....|....#.-..]
0290: f0 30 4c 20 35 c1 95 fc 71 eb c2 92 00 02 a9 05 .0L 5...q.......
02a0: c5 10 4e 75 ef ca 35 aa bb 38 14 fa 38 c3 71 e4 ..Nu..5..8..8.q.
02b0: 16 a4 87 d5 2f e7 a5 7c b4 b8 a0 ee cf 53 ab c2 ..../..|.....S..
02c0: 6b f4 79 59 d5 f9 07 70 77 97 89 eb b6 c6 74 df k.yY...pw.....t.
02d0: 26 57 5c 42 1a 95 13 e3 c5 28 b7 6c c2 6f 2e 65 &W\B.....(.l.o.e
02e0: 5d c3 c8 a9 cf 8e 09 cc aa 42 eb f7 a7 3b c3 5d ]........B...;.]
02f0: be cd e3 71 2b 46 a2 80 72 a3 48 ae 52 b4 ce c2 ...q+F..r.H.R...
0300: 69 1f 40 e7 94 00 80 03 b2 a4 66 2f 34 c1 60 46 [email protected]/4.`F
0310: 05 9d 83 7f f9 75 29 07 36 60 8b b0 ae 1c ce e8 .....u).6`......
0320: 5f b4 0e 26 54 1c 31 b7 94 e2 58 6e 33 76 ce 19 _..&T.1...Xn3v..
0330: e0 07 f5 ca cc a9 d3 53 d5 22 4a 3a 31 15 f4 7e .......S."J:1..~
0340: 34 ba 3b 92 c0 ec 75 8e 0f d8 e4 44 23 91 70 cb 4.;...u....D#.p.
0350: d9 f9 40 ac 7c 0e 97 27 1d 24 b5 ff f2 13 bd 64 ..@.|..'.$.....d
0360: aa 10 40 1c 68 6f b2 87 14 c2 ef 88 bb 9c 88 24 [email protected].........$
0370: 5f 6b 9e c5 2b fb c2 d1 b3 ce 6e 8d b7 57 bf 88 _k..+.....n..W..
0380: ee b9 fd d6 f3 a0 f3 0d 00 00 22 02 01 02 00 1d ..........".....
0390: 00 1b 30 19 31 17 30 15 06 03 55 04 03 13 0e 77 ..0.1.0...U....w
03a0: 67 74 73 69 6e 66 30 31 3a 31 33 38 39 0e 00 00 gtsinf01:1389...
03b0: 00 .
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, err: 18, subject: /CN=wgtsinf01:1389, issuer: /CN=wgtsinf01:1389
TLS certificate verification: Error, self signed certificate
tls_write: want=7, written=7
0000: 15 03 01 00 02 02 30 ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_start_tls: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_build_search_req ATTRS:
supportedSASLMechanisms
ldap_send_initial_request
ldap_send_server_request
ldap_perror
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failedAny ideas?
AndreasHello David,
Let's follow your suggestion and try to put Solaris 10 use TLS:SIMPLE now. Sorry for the extreme long log entries but I tried to capture everything during the authentication process.
My client has an IP address of 10.64.47.11 and the DS server is using the IP address of 10.64.47.50.
a) Sun native LDAP configurations:
[SunOS 5.10/bash] root@wgls01:/var/ldap
# ls -la *db
-rw-r--r-- 1 root root 65536 Aug 8 14:46 cert8.db
-rw-r--r-- 1 root root 32768 Aug 8 14:46 key3.db
-rw------- 1 root root 32768 Aug 2 16:56 secmod.db
[SunOS 5.10/bash] root@wgls01:/var/ldap
# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=nz,dc=thenational,dc=com
NS_LDAP_BINDPASSWD= {NS1}41fa88f3a945c411
NS_LDAP_SERVERS= wgtsinf01.nz.thenational.com
NS_LDAP_SEARCH_BASEDN= dc=nz,dc=thenational,dc=com
NS_LDAP_AUTH= tls:simple
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SERVER_PREF= wgtsinf01.nz.thenational.com
NS_LDAP_CACHETTL= 0
NS_LDAP_CREDENTIAL_LEVEL= anonymous
NS_LDAP_SERVICE_SEARCH_DESC= netgroup:ou=netgroup,dc=nz,dc=thenational,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=nz,dc=thenational,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=nz,dc=thenational,dc=com?one
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=group,dc=nz,dc=thenational,dc=com?one
NS_LDAP_BIND_TIME= 30
b) Output from DSEE6.1 error log file:
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=Hosts,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=ipHost)(ipHostNumber=10.64.47.58))" attrs="cn ipHostNumber"
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0xb
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2002
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=Hosts,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=ipHost)(ipHostNumber=10.64.47.58))" attrs="cn ipHostNumber"
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0xb
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2002
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=group,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixGroup)(memberUid=p642929))" attrs="cn gidNumber userPassword memberUid"
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x1000
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2002
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="" scope=0 deref=0 sizelimit=0 timelimit=5 attrsonly=0 filter="(|(objectClass=*)(objectClass=ldapSubEntry))" attrs="1.1"
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : frontend-internal
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : frontend-internal
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=shadowAccount)(uid=p642929))" attrs="uid userPassword shadowFlag"
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:52 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : frontend-internal
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : frontend-internal
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:52 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=shadowAccount)(uid=p642929))" attrs="uid userPassword shadowFlag"
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=shadowAccount)(uid=p642929))" attrs="uid userPassword shadowFlag"
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs=ALL
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:54 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - cos_cache_vattr_types: failed to get class of service reference
[13/Aug/2007:12:00:54 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:54 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="" scope=0 deref=0 sizelimit=0 timelimit=30 attrsonly=0 filter="(objectClass=*)" attrs="supportedControl supportedSASLMechanisms"
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : frontend-internal
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : frontend-internal
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : frontend-internal
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : frontend-internal
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=shadowAccount)(uid=p642929))" attrs="uid userPassword shadowFlag"
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs="cn uid uidNumber gidNumber gecos description homeDirectory loginShell"
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=shadowAccount)(uid=p642929))" attrs="uid userPassword shadowFlag"
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="ou=People,dc=nz,dc=thenational,dc=com" scope=1 deref=3 sizelimit=0 timelimit=30 attrsonly=0 filter="(&(objectClass=posixAccount)(uid=p642929))" attrs=ALL
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - be: 'dc=nz,dc=thenational,dc=com' indextype: "eq" indexmask: 0x2042
[13/Aug/2007:12:00:55 +1200] - DEBUG - conn=-1 op=-1 msgId=-1 - cos_cache_vattr_types: failed to get class of service reference
[13/Aug/2007:12:00:55 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : nz
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:55 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:56 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - SRCH base="" scope=0 deref=0 sizelimit=0 timelimit=30 attrsonly=0 filter="(objectClass=*)" attrs="supportedControl supportedSASLMechanisms"
[13/Aug/2007:12:00:56 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : frontend-internal
[13/Aug/2007:12:00:56 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:56 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:56 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree selected backend : frontend-internal
[13/Aug/2007:12:00:56 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter
[13/Aug/2007:12:00:56 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter(-1)
[13/Aug/2007:12:00:56 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : frontend-internal
[13/Aug/2007:12:00:56 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:56 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - <= roles_filter_rewriter_cleanup
[13/Aug/2007:12:00:56 +1200] - INFORMATION - conn=-1 op=-1 msgId=-1 - mapping tree release backend : frontend-internal
[13/Aug/2007:12:00:56 +1200] - INFORMATION - roles-plugin - conn=-1 op=-1 msgId=-1 - => roles_filter_rewriter_cleanup
[13
Maybe you are looking for
-
Last night I tried syncing my 2nd generation iPod Nano like I normally do but I got -48 Error message on iTunes. I tried unplugging and re-plugging my iPod, and once iTunes said my music was synced, all the music in my iPod was erased. I've tried eve
-
Confused as to how to connect network.
Hi, Having successfully set up my server for the first time, (thanks to a lot of you!) my thoughts now are turning to a permanent installation here at our small school. Next to my server I have two network points. One for direct Internet - the other
-
File is picked by XI but not placed in Receiver
Hi All, Im working on file to file scenario, i hav done with the design and configuration.The problem is the file is been picked up by the server but it is not placing in the receiver folder.Im using NFS but no content conversion is been done. I have
-
HT4906 I just upgraded to the new iPhoto and all of my old pictures are missing.
As the title says. If I right click the library and open 'Packages', all of my old photos are in a folder called 'Originals' but do not appear when I open iPhoto. When I try to add them into iPhoto, I get an error telling me that they already exist.
-
What is a trusted site for downloading games on macbook pro
I was wondering what if any good sites are trusted for downloading games for the mac. Any thoughts?