Brand new Open Directory server not authenticating 10.9, 3.3.2

Similar Messages

• Open Directory Server "not responding"

  This is strange, and I'm not sure what if anything is wrong...
  My server is an OD Master. LDAP, Password Server, and Kerberos all report running. AFP authentication is set to Kerberos (only). Authenticated directory binding is enabled. Client computers are bound to the directory server. They connect via AFP, a ticket is created (viewable in Ticket Viewer), everything works fine (apparently).
  However... in System Preferences/Accounts/Login Options, there's a red dot (not Leica) next to the directory server IP, and if I click on Edit it says "The server is not responding". This is the case for all client computers, not just one. Not sure when it started; when I set it up they were all green of course.
  So, what does this "server is not responding" mean? Given that clients can do everything they need to do, can/should I consider this a non-issue?

  Thanks Classic and Chris. Good questions.
  The server isn't behaving as expected. Following Classic's suggestion, I tried binding without SSL. I didn't expect it to work, I thought SSL was required. (Under OD Settings/Policies/Binding, "Encrypt all packets (requires SSL or Kerberos)" is checked.) But with SSL unchecked, I was prompted for diradmin username/password. I entered the correct credentials, but they were rejected. So I tried leaving the credentials blank. That bound the client to the directory successfully (green dot). But "Enable authenticated directory binding" is checked.
  With the green dot, I tried connecting to the server over AFP, but could not. Only when I manually copied in the Kerberos file was I able to successfully connect to AFP. (Shouldn't the Kerberos file be created automatically at some point?)
  So, clearly something is wrong with SSL, and also perhaps with my settings. (The server should only allow binding with authentication and over SSL, but it does not, and it does allow unauthenticated binding without SSL.)
  OD Overview confirms that Kerberos is running. Not connected to an AD domain (nor should be).
  Running the kadmin.local command gives me a very long list of items that look like e.g. service/[email protected] or service/LKDC:[email protected] One of the services listed is "afpserver". (There are also listings for a number of services that aren't run on the server.)
  AFP is restricted to two groups; the username I'm using for AFP connections is a member of one of those groups.

• 10.7.5 client shows open directory server not responding

  Hello,
  I am just starting to learn to use OS X Server.  I have created an Open Directory Master and want to connect my various Mac's around the home to.  My iMac is currently running 10.7.5 client and have tried to add the server as a Network Account Server  - re: below, but it shows it is not responding.
  As I am a real novice, have I missed something and how do I get this to work?
  Thanks,
  Nick

  You are likely having issues because you are not using DNS correctly.  The name "CowShed.local" is a bonjour name.  In order to properly use Open Directory you need DNS set up internally.  The reason is that the Kerberos component of Open Directory is very dependent on DNS.
  Generally, I would discourage the use of bogus top level domain.  However, since you say this is for home use, you can likely get away with the use of one (mac.leedern.int, mac.leederm.private, etc).  However, if you do, then you will not be able to use hosted services (mail, calendar, contacts, etc) transparently between the home and external networks (names will not route).
  If you own a domain name, you can use it internally and setup your DNS on the server.  Then distribute the servers's LAN IP address to all clients as the first DNS server.  This way, all your client devices can resolve the server's host name while on the LAN.
  Your journey starts at DNS.
  R-
  Apple Consultants Network
  Apple Professional Services
  Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

• Brand new T410 shows battery not authentic message?

  Hi everyone,
  I just received a T410 that I ordered from the Lenovo website and noticed that the Lenovo Power Manager is showing the following error message on the taskbar:
  "The battery installed in this computer is not a genuine Lenovo battery and may not meet Lenovo's safety and quality standards. Double click to learn abut genuine Lenovo batteries."
  The alert for this message is always being displayed on the taskbar right beside the battery meter making it quite annoying. I just received my laptop from Lenovo so am confused as to why I would be having this issue.
  Has anyone else gotten this message before and if yes, do you know how to fix it? Also is it possible that I could have received a defective or else non-authentic battery from Lenovo that would be causing this issue?
  The battery model # that power manager shows is : 42T4801
  It should be the 9cell, LI Battery TWSL battery.
  I didn't see it listed in the list of batteries that double-clicking the message takes me to.
  My computer model is ThinkPad T410 2516-CTO with Integrated graphics and the i7 620M processor.
  Any ideas in regards to resolving this problem would be greatly appreciated.

  Your new T410 may not have the latest BIOS that fixes this issue:
  http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-74268
  Version 1.09-1.04
  BIOS: 1.09 / ECP: 1.04
  (Fix) Fixed an issue where battery authentication might be failed.

• Ubuntu Karmic authentication against Snow leopard open directory server

  Hi,
  I'm looking for help. I've tried to configure an installation of Karmic to authenticate against our office's open directory server running on an osx snow leopard server. Currently `getent password` show all users including those from the open directory server when running the command as both root and normal users. However authentication against the open directry users fails with the following messages in the /var/log/auth.log:-
  Dec 7 22:42:05 [hostname] getent: nss_ldap: failed to bind to LDAP server ldap://server.domain.com: Invalid credentials
  Dec 7 22:42:05 [hostname] getent: nss_ldap: could not search LDAP server - Server is unavailable
  (I've changed the hostname and ldap url)
  /etc/ldap.conf has:-
  base dc=server,dc=domain,dc=com
  ldap_version 3
  rootbinddn cn=diradmin,dc=server,dc=domain,dc=com
  bind_policy soft
  pam_password md5
  /etc/ldap.secret is set to the password of the diradmin user and has a permission mask of 600
  /etc/pam.d/common-passwd :-
  password sufficient pam_ldap.so md5
  password required pam_unix.so nullok obscure md5
  password optional pam_smbpass.so nullok use_authtok tryfirstpass missingok
  /etc/pam.d/common-auth:-
  auth [success=2 default=ignore] pam_unix.so nullok_secure
  auth [success=1 default=ignore] pam_ldap.so usefirstpass
  auth requisite pam_deny.so
  auth required pam_permit.so
  /etc/pam.d/common-account:-
  account [success=2 newauthtokreqd=done default=ignore] pam_unix.so
  account [success=1 default=ignore] pam_ldap.so
  account requisite pam_deny.so
  account required pam_permit.so
  /etc/pam.d/common-session
  session [default=1] pam_permit.so
  session requisite pam_deny.so
  session required pam_permit.so
  session required pam_unix.so
  session optional pam_ldap.so
  session optional pamckconnector.so nox11
  Does anyone have any ideas where to go from here?
  Message was edited by: zebardy

  Hi
  It's easy enough to 'connect' any version of OS X Server to any other version of OS X Server. Use the Join button in the Users & Groups Preferences Pane. Alternatively use the Directory Utility itself.
  You seem to be misunderstanding what an Open Directory Master and Replica are? They are not what I think you think they are. They are not a 'back-up' of each other if you're providing more than the shared Directory Service.
  An OD Replica maintains a read-only copy of the LDAP Database (Usernames, Passwords and Policies etc) that's stored on the OD Master and nothing more. If the Master was to go offline for any reason the Replica can be quickly promoted to a Master Role and continue to provide information for the shared directory. This assumes it has easy and quick access to the Volume storing networked home folders? The LDAP Database in that case would then become writable. Later on and whenever you've fixed the problem with the old Master it can quickly be demoted and made a Replica of the now new Master.
  Although this is for 10.6 Server (it is nevertheless still applicable) everything you need to know about Master and Replica relationships is here:
  http://manuals.info.apple.com/en_US/OpenDirAdmin_v10.6.pdf
  Page 55 onwards.
  From Page 64:
  "The Open Directory master and its replicas must use the same version of Mac OS X Server. . ."
  If your OD Master is also providing Mail, Calendar and Contact Services then none of these will be replicated. You will have to maintain a backup of these databases yourself using whatever method you deem fit for your needs.
  HTH?
  Tony

• Three new groups in Open Directory Server

  I noticed that my Open Directory server has three new groups in WGM,OD Users, OD Administators and com.apple.limited_admin. Should I treat these as I treated the other groups by assigning them members and group folders? I also noticed that now I have a System Administrator and a Directory Adminstrator, does that sound right? Should I keep both? Thanks

  Ok, thanks, I had forgoten the "show system records" trick.
  For the guest user, I don't see it in dscl.
  So I suppose it's not a user, just an "anonymous" authentication option in the sharing preferences.
  It's a bit like "others" in the posix rights permissions : User, group, other. User and group are existing and named, other are not named, it's just anybody that is not the named user and not a member of the named group.
  To keep things understandable, you should use an other name if you wish to configure a "guest user"
  You can manage the "enable guest account" option from WGM if you select a computergroup, in the preferences pane / login / options.
  Hope it helps
  Nicolas

• 10.3.9 clients not working with 10.4.9 open directory server

  I have a 10.4.9 server running open directory and managing about 20 10.4.9 clients. I am trying to have it manage our remaining 10.3.9 clients, but for whatever reason, I cannot seem to get the 10.3 clients to "attach" to the server.
  I have the 10.3 clients set up in a computer list on the server, and in directory access I have it set to "get ldap mappings from server". At one point, it was suggested to me that I have the clients "get ldap mappings from open directory server". I tried this, and manually set the search base suffix. My search base suffix was "dc=example,dc=local". I even tried doing "cn=config,dc=example,dc=local" (where in both cases example.local was replaced with my real DNS name). Any suggestions on what else I could try to get this to work?

  That's the odd thing though. I've done this with 10.4 no problem. Settings always worked. For some reason though, even though the clients are able to login using a network user, none of the preference settings sync.
  For example - I always put a loginwindow message on as a sort of "test" to see if preferences are being set. If that works, then I rarely have a problem. No matter what I do, though, I cannot get the loginwindow message to display on the 10.3 clients. It works really well on 10.4, but not at all on 10.3. I've tried this on multiple 10.3 machines, as well, (and they're both based on different system images) but it still doesn't work. When I get back to work on Friday, I'll have to see if preferences will work for network users; that's the one thing I haven't tried.
  Other than dumping the directoryaccess preferences, is there another preference setting that could be dumped on the client that may make it grab prefs from the server?

• Unable To Create New Open Directory Master

  I have a brand new installation of MacOS X Mountain Lion Server, latest version, in a brand new Mac Mini. This Mac Mini is being co-located in a data centre, and I am setting it up via remote access (screen sharing). The data centre has setup DNS zone records for my domain, including a reverse DNS PTR record, and everything in the DNS is working fine.
  During the installation of Server, when the installer asked for the type of 'Host Name', I selected 'Host name for Internet'. The installer was able to use the IP address of the Mac Mini to automatically find the correct host name, and configure it. Once the installation was complete, no services were turned on - not even DNS, as the installer probably figured out that DNS services were being handled externally.
  The first thing I went to try and do was to turn on Open Directory. I turn the service on, and a sheet comes down, where I select to "Create a new Open Directory Domain". I click 'next', and on the next sheet I enter the OD Administrator's details, and password. Click 'next' again, and then I get the following message:
  "This computer's host name is invalid.
  The host name does not resolve to any configured address of this computer. Please ensure the host name is correct."
  Opening Terminal app, and typing "hostname", I get the correct hostname, as showing in Server app itself.
  Entering "sudo changeip -checkhostname" in Terminal app, I get all correct details for the IP address and host name of the machine, and the message: "The names match. There is nothing to change. dirserv:success = 'success'"
  I finally tried getting Server app to change the host name itself - going into the Server pane, select the 'Network' tab, and in the 'Names' section, next to the host name, click on the "Edit..." button. Again, went through the wizard, and the wizard again was able to find the hostname automatically from the machine's IP address. Once the 'changing' process was completed, I went to try and initialise Open Directory, and again, got the same message.
  Can anyone shed any light? Any suggestion would be welcome at this stage...

  MrHoffman, thank you for your guidance. You have, however, given me a bit of a headache.
  MrHoffman wrote:
  127.0.0.1 is likely going to be incorrect here.  Please reference the DC DNS servers, and not a local server.  If you're in a DC and particularly with a public-facing host without an outboard firewall to block DNS traffic, you likely do not want to be running your own local DNS services.
  As described previously, the server was referencing the DC DNS servers. The server was not running its own DNS service. Open Directory was not able to detect that the ip address and the hostname were correct with this setup - even though the command line on the server as well as externally showed that all DNS records were setup correctly, and that the IP address and hostname matched. The server's own installation wizard and 'Change Host Name' wizard automatically detected the hostname from the machine's ip address - by consulting the reverse DNS PTR record in the DC DNS servers.
  Starting the server's own DNS server - and adding '127.0.0.1' to the top of the DNS list in Preferences - allowed me to create the Open Directory master, finally. Of course, the internal DNS server was setup so that only the server itself could access it - it was closed to any other machines - and even then, I had it running only momentarily: once Open Directory created its master domain, I switched DNS service off, and removed '127.0.0.1' from the DNS list in Prefences.
  With that setup, everything seemed to work fine. All users were able to login, access their share points and their mail.
  MrHoffman wrote:
  For the host name, the host name would usually be the FQDN fully-qualified domain name, and "example.com" isn't usually a host name.  You'd usually find somehostname.example.com here
  That is the only machine in the domain. All public sub-domains - like 'mail', 'www' or 'calendar' - point to the same machine. The reverse DNS PTR record points to the higher-level domain "example.com".
  Your warning, however, made me worried:
  MrHoffman wrote:
  I'd probably rebuild the OD configuration, as I'd wonder of OD now had a bogus host name.  Once bad DNS gets involved, the entanglements can be quite pernicious..
  So I decided to heed your advice, and rebuild OD. I deleted the Open Directory master, and tried rebuilding it with DNS service turned off. As before, OD insists that "the host name does not resolve to any configured address of this computer", and refuses to create the new Master. I ended up following the procedure above again - switching DNS service on temporarily to get OD to work.
  The problem is, that now no user can connect to the server anymore. Everyone keeps getting a message stating that their password is wrong - including users on their iPhones and iPads.
  I suspect that when I created the new OD Master, it created a new certificate, and that is what is causing problems. While I could try to get the desktop users to delete the old certificates from their keychain, this is not really an option for iPhone/iPad users.
  Where do I go from here? After almost 24 hours straight dealing with this, I'm at the end of my rope...

• Changing the Name of an Open Directory Server while preserving users, etc.

  Hi Everyone,
  Not an emergency - but I have been wrestling with this dilemma for almost a year now.
  The good news is nothing has to be done right away. But I will ultimately need a solution.
  We have inherited a server system at a traditional elementary school from a previous IT person who was immature to say the least.
  When he set up the server system, he named the open directory server something that, while innocuous is inappropriate for a school setting.  I am sure he thought it was clever and cheeky at the time. But a few years later it is simply unprofessional. And we are being expected to ultimately be able to change it so something like "XXXdirectory.domainname.edu" The more it hangs around - the longer it looks like we did this and it makes us look unprofessional.
  So here is my dilemma. 
  This is an OD Master with iCal and network homes attached to it. It also runs DNS.
  I would like to set up a new server and name it "xxxdirectory.schooldomainname.edu"
  Setting up the new server is easy and getting all the client machines to bind to it - no problem.
  The problem is how to migrate all the users to the new server.  It seems a restore wont work because if the new server is named differently, the restore will fail. I also can't do a server migration because the stupid name migrates to the new server.
  My old server is 10.5.8 Server.  The new one is 10.7.1 Server . But could be 10.6.8 Server if need be. 
  The main problem is how do I get all the accounts onto a new server with a new OD master name?
  I don't mind command line stuff. So throw whatever you got at me.
  Thanks in advance for your help everyone.  Don't worry - I won't be a pain in the butt or argue.  I just need some good solid guidance, even if it is a "Not possible" answer - at least I have something to tell the administration when they want to know why we can't change the OD Master name from mcnugget.schoolname.edu.
  Please let me know if you need more details.  I am happy to provide.
  Thanks again.
  Tony

  If you don't mind resetting everybodies password then you can export the users and groups and wipe the server for a clean install or turn it into a standalone server then back into od master  then import the users and groups.

• Can't login to new open directory users

  I have a Mac Mini Server running 10.8.2 Server. I have existing users, most with no home directory and a couple with network home directories.
  However, any NEW users I add (in LDAPv3), they aren't able to login. When I create the user, the "access account" option is checked and stays checked after the user is configured & saved, and stays that way when I relauch Workgroup Manager.
  However, when I attempt to login to this user from a network comptuer, the "access account" checkbox gets unchecked. I can check it again and save the account, but when I reopen Workgroup Manager, it's unchecked.
  Help???

  Good tip from Francis.
  Last night I finaly was able to get things back to semi normal to summarise here are some tips that worked for me.
  Things first went wrong when I tried to add a new user in work group manager. After doing this I got some quite strange behaviour.
  The server appeared to hang when loggin on with the new user. but ssh to the server was working.  Finally after about 10 minutes I hit the reset button on the server it appeared to go into sleep mode then automagically it logged in the user. Wow did it work .... no,   Bad news other users could no longer ssh to the server... Arrrr.  Cause tracked down to Kerberous reported as no longer running... Clients (my family )  startign to report cant access services like email ... help... 
  Rather than all the pain of tryig to fix that this is what I did.
  1) Back up OD in Server Admin ( not Server.app) OD dosent show up there dont know why ??
  2) Make sure the DNS is working
  nslookup, dig, hostname commands ... all reported correctly  forward and reverse MYSERVER.MYDOMAIN.COM. domain and IP address.  I even re-ordered the DNS name so that the local address 192.168.10.X was reported first  on my local netwrok before the external ip of the server.
  3) Create a completly new OD by deleatign the old one by setting is as a stand alone then re-creating is as a new  master ( use Server Admin tool )
  Finally Kerbrous all reported as runnig ... Try again to add a user...
  4) Add new user in Workgroup manager open on server not remotly this didnt work.
  5) set home account with apf://fqd.name/Users/ 
  6) make sure home account is accessable on network.
  6) set shell
  7) in Server Admin give all permissions to services new user will need. such as ssh login as required.
  8) in Server.app ( not Server Admin or workgroup manager )
  check that new user appears.  The local OD must be in the Directory Exployer search path for this to happen
  and the server must be binded to this path.
  I added both /Ldap3/127.0.0.1  but also importantly /ldap3/MYSERVER.MYDOMAIN.COM
  9) in Server app click on the user then select the Advanced settings. Make sure user has home dir selectd as the correct /Users folder on the server
  ( this was not set at first and had the value of 99  no idea why ) there are also other important settings here.
  10) Finally restore OD with perevious backup to add back the rest of the users.
  Apparantly this actually does a merge not a overwrite.
  End state every thign finaly working .....
  except the iChat/jabber server for some reasion wont accept authanicate users.... rrrr.
  Bonjour works on the local network but well the point of havign a jabber server was for family in countary A to talk to grandparents  and have private secure video phone with country B so would have been nice if that worked
  Good luck
  Hope that helps 

• Strange Permissions problem when creating new Open Directory user

  I just set up a mac lab to authenticate to an Open Directory server which also stores home folders. All of the initial users I created work fine, there were about 50 users that I set up. When I added a new user this morning though, it would not allow him to access anything within his home folder (i.e. nothing worked)
  I went back to the server and took a look at the Users share and noticed that when his accound was created, instead of setting the owner of the folder to his username (xxx123) it was set to his userid number (1024). I did a chown on his directory to his username and he was then able to access his home directory from the clients.
  I realize I found a fix, but I would prefer to not have to do this every time I create a new user. Why is this happening?

  Have you used the "Role" drop-down to "SYSDBA"? - if not, you get the ORA-01017 error.

• Error creating new Open Directory domain

  The wizard for creating a new Open Directory domain in Server.app on Mountain Lion responds with the following error message:
       "An error occurred while configuring My Server as a directory server.  Please check your network configuration and try again."
  Not very helpful.  How do find out what the actual error is?
  Thanks.

  Can anyone translate these log messages?
  Aug 12 05:22:26 myhost.mydomain.com kdc[60240]: label: default
  Aug 12 05:22:26 myhost.mydomain.com kdc[60240]:         dbname: od:/Local/Default
  Aug 12 05:22:26 myhost.mydomain.com kdc[60240]:         mkey_file: /var/db/krb5kdc/m-key
  Aug 12 05:22:26 myhost.mydomain.com kdc[60240]:         acl_file: /var/db/krb5kdc/kadmind.acl
  Aug 12 05:22:26 myhost com.apple.launchd[1] (com.apple.Kerberos.kpasswdd[60241]): Exited: Killed: 9
  Aug 12 05:22:26 myhost com.apple.launchd[1] (com.apple.Kerberos.kpasswdd): Throttling respawn: Will start in 10 seconds
  Aug 12 05:22:26 myhost com.apple.launchd[1] (com.apple.Kerberos.kadmind[60242]): Exited: Killed: 9
  Aug 12 05:22:26 myhost com.apple.launchd[1] (com.apple.Kerberos.kadmind): Throttling respawn: Will start in 10 seconds
  Aug 12 05:22:26 myhost.mydomain.com kdc[60240]: WARNING Found KDC certificate (O=System Identity,CN=com.apple.kerberos.kdc)is missing the PK-INIT KDC EKU, this is bad for interoperability.
  Aug 12 05:22:26 myhost.mydomain.com kdc[60240]: KDC started
  Aug 12 05:22:26 myhost.mydomain.com Server[46707]: An error occurred while configuring My Mac Mini Server as a directory server:
          Error Domain=XSActionErrorDomain Code=-1 "A child action failed" UserInfo=0x7fb854a2ad90 {XSActionErrorActionsKey=(
              "Creating Open Directory master"
          ), NSLocalizedDescription=A child action failed}

• How to promote my OSX10.6.8 replica server to Open Directory server

  My Open Directory Server crash and i would like to promote my replica Server to Open Directory.  can you tell me how to do this.

  Hello Dave,
  Check out the steps quoted below to promote your replica to the Open Directory master.
  Provide Open Directory service
  https://help.apple.com/advancedserveradmin/mac/3.1/#apdD1F7D8CA-CF07-40CE-B2D4-8 E3ACF4BCA40
  Promote a replica to Open Directory master
  If an Open Directory master fails and you can’t recover it from a backup, you can promote a replica to be a master. The new master (promoted replica) uses the directory and authentication databases of the replica.
  Select Open Directory in the sidebar.
  Click Servers.
  Select a replica to promote, then choose Promote Replica to Master from the Action pop-up menu (looks like a gear).
  Enter the directory administrator name and password.
  If you archived Open Directory data with certificate authority keys, you can restore them by entering the Open Directory archive location or clicking choose to locate the archive.
  Click Next.
  Enter the user name and password for the replica that’s being promoted, then click Connect.
  Regards,
  -Norm G.

• Wrong UID from open directory server

  I have a problem with a mac OSX server
  I have an open directory server A, that shares all users to every other server i have.
  I then have 2 mac OSX servers B and C, that it set up to allow network users. I can easily login with a open directory user, on both servers, but I have a problem. on server B it says the users user id is 1050, which is correct. On server C it says that the same users user id is 1000, which is wrong. Both server set ups are identical, as far as I know. On the Open Directory server A the users id for the user is also 1050, in case that is relevant.
  I have checked if server C has a local user with the same name, but htat is not the case.
  Any idea what might have caused this problem?

  bump

• Open directory server crashing every 30 days / clients unable to connect to calendar, contacts server

  Hello everyone,
  I am running an up to date Mavericks Server which serves exclusively as a calendar and contacts server for about two dozens devices. The server is reachable via DynDNS, however, the public IP hardly ever changes (only once or twice a year maybe). Tried setting the OS X DNS Server to serve "all clients" and "some clients".
  For about 6 months (i.e. also under Mountain Lion), I am having a very strange problem. Roughly every 20-30 days, clients will not be able to connect to the server, instead getting a "wrong password" dialog. Restarting the open directory server will help for the next 30 days.
  I have tried repairing the database as detailed here, however, the issue persists.
  Any help would be highly appreciated!
  I would have tried setting up a clean server installation, migrating calendars/contacts manually and re-adding all users by hand, however, I am not aware of an easy way to do so. The terminal command for calendar backup is broken under mavericks (might work with this workaround) and re-adding users manually would apparently involve correcting user UUIDs afterwards in order to match the migrated calendar data. Do you know of a better approach?
  Thanks a lot!
  DPSG-Scout

  Hi Linc,
  This looks the most relevant to me:
  opendirectory.log
  2014-03-11 11:13:09.460675 CET - 333.2628758.2628759 - Client: Python, UID: 93, EUID: 93, GID: 93, EGID: 93
  2014-03-11 11:13:09.460675 CET - 333.2628758.2628759, Node: /Local/Default, Module: PlistFile - predicates with 'AND' are not supported
  2014-03-11 12:09:00.296514 CET - State information (some requests have been active for extended period):
            Sessions: {
                28 -- opendirectoryd:
                            Session ID: 7BFBA6FE-A968-4399-A129-E3A5945E2A81
                            Refs: singleton
                            Type: Default
                            Target: localhost
            Nodes: {
                43 -- authd:
                            Node ID: 6D0E236D-6DBD-4E8C-BC01-B3F50C2C2D8E
                            Nodename: /LDAPv3/127.0.0.1
                            Session ID: <Default>
                            Refs: 1
                            Internal Use: X
  an many more similar ones…
  Thanks for your effort!