How to promote my OSX10.6.8 replica server to Open Directory server

Similar Messages

• How can I get authentication and authorization through OS X open directory with the Sun ZFS STOR ZS3-2

  how can I get authentication and authorization through OS X open directory with the Sun ZFS STOR ZS3-2
  I have configure NFS, I need help configuring the share that I created in the Sun ZFS STOR ZS3-2 to connect with the OS X Open Directory

  Hi,
      You may  try checking the help page for ldap configuration :
  https://<Appliance_IP>:215/wiki/index.php/Configuration:Services:LDAP
  ZFS Storage supports LDAP, NIS, AD as directory service.
  Hope Open Directory is also based on LDAP and may work in similar fashion.
  Thanks
  Nitin

• How can integrate Steel Belted Server with iPlanet Directory Server?

   

  Have you installed the connector software on the RDS Server?
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• How to bind (if possible) Windows 8 clients to OSX Open Directory 10.8?

  I read several articles that I have to go through the magic triangle (bind the Open Directory to an Active Directory), but almost all of the articles are from 2012 and below.
  This is possible now?
  Thank you.

  Hi mbellido,
  Are you trying to bind a Windows 8 client to Open Directory (OS X 10.8)?
  Thanks
  Dan

• Directory Server Replica and Messaging Server 6

  I install Directory Server 5.2 as Master Replica in one machine (V120) and on the other machine (V240) I install the following:
  1. SunONE Directory Server 5.2 (Consumer
  Replica) or slave replica.
  2. SunONE Identity Server
  3. SunONE Messaging Server 6
  I have successfully install and configured the 3 Servers, when they are running on just one machine (one box). But when I try to run them in two separate machines as described above, the messaging server acts strangely and it's configuration fails, when i try to configure it on the directory server replica.
  In simpler words, I want to know if someone has installed Messaging Server in a Directory Server Replication scenario, where there are two machines involve. Because all works well when we install everything on one machine (one box) but I am having hard time configuring the messaging server in this split setup scenario.
  So, if someone has idea about how to run the Messaging Server 6 ( ./configure ) file successfully on a Directory Server 5.2 Replica, please suggest me in detail.
  Thanking you,
  Farhan Ahmed.
  Vision Valley, Dubai.

  Messaging Server uses LDAP in two ways. The obvious one is that user/group/domain information is stored there.
  The non-obvious way is that some configuration information is stored in LDAP, in the "o=NetscapeRoot" tree. This tree is NOT ususally replicated, so if you perform the installation against one LDAP server, and then attempt to move the configuration to point to another one, and don't make a separate replication agreement for the configuration, your server won't work correctly.
  To configure Messaging against a replica, you also need to understand how the replication and "referral" works. Without studying your scenario, I cannot tell what has failed, but indeed, there are users that have configured Messaging 6.0 against a replica LDAP system.
  You may want to open a tech support ticket, and get personal help for your issue.

• How to disable non secure port on Sun Java System Directory Server 5.2

  Hi, can someone tell me how to disable the non secure port 389 on the SJS Directory Server 5.2? I only see two options for the directory server to listen on the non secure port or both secure and non secure ports. I see that someone mentioned to change the port the loopback ip address but the gui doesn't allow that.
  Any help is appreciated.
  Thanks,
  Mike

  Yep! You can add the loopback address to the listen host attr, directly to the dse.ldif (insntace stopped of course) or ldapmodify the config entry

• How to configure Open Directory base DN

  Hi,
  I have been using OpenLDAP on a Synology NAS drive, but this has some serious shortcomings with Mac clients (eg. roaming profiles simply doesn't work).
  So I have bought a MacMini which among other things will replace my existing LDAP server with Open Directory.
  As a dry run, I enabled the Open Directory and went through the simple set up and I had a basic system up in no time.  However I have come up against an annoying issue with the base DN used by Open Directory and I hope someone will be able to help me.
  My existing LDAP has a base DN that looks like this: dc=myorg, dc=local
  So when users log in, they can use a username which conforms to the following format: [email protected]
  The problem is that Open Directory likes to set the base DN to: dc=macservername, dc=myorg, dc=local
  meaning that a fully qualified user account name now becomes: [email protected]
  This seems bonkers to me.  For example, what would happen if I introduce a second Mac server into the mix and failover to it - the servername element of the DN becomes redundant or if it changes, I need to communicate with all users.
  I must be missing something obvious - but there doesn't seem to be much in the way of configuration that I can see through the Server application.
  So, my question is, how can I configure my base dn without the servername so that my existing username context remains the same?
  Many thanks - I look forward to any responses.

  I agree with Dal78 Apple using a base DN of servername.example.com rather than just example.com is illogical. In fact originally they did seem to use just example.com as the format but in recent years now use server.example.com as the format. When I first encountered this change it was still possible to overridge the use of servername.example.com and force it to use just example.com as the format. In more recent times I have decided to leave things the way Apple do it.
  I don't know if there is an official answer as to why, but a possible guess is that you can now have multiple Open Directory servers for a single domain. This is the 'Locales' option in Server.app. It maybe that including the servername makes it possible/easier to implement this.
  I also agree Strontium90 do not use a .local root domain for Open Directory. In theory there are hacks to (sort of) get this to work, but Apple engineers will typically run screaming for the woods when they encounter this.
  PS. Briefly Apple also did the same illogical thing with DNS zones, whereby the zone name for a domain was servername.example.com instead of example.com this at least they have stopped doing.

• How can I populate the users in the Directory Server?

  Hi all,
  I'm a new of Sun ONE Directory Server 5.2, I've just install a copy of it on Win2000 server and I have a small question to ask.
  How can I populate the users (This user can be use to login in to Sun ONE install messenger) in the Directory Server using the Directory server's admin console?
  Thanks in advance,
  Tuan Anh,

  Thanks Ramnath,
  I've read your suggest, but actually, I really wanted to know how to populate user and password. I've read some thing below in Sun ONE Directory 5.2 Getting Started Guide.pdf
  � o=userRoot
  During installation, a user database is created by default. The default name of
  the user database is o=userRoot. You can choose to populate this database at
  installation, or to populate it later.
  But I don�t know the related document, I have create successful user and pass by using admin console. But can not user this user to login in to Instant messenger.
  I'm looking forward to receive your help
  Tuan Anh

• I'll like to know how to promote the 5 games i have in mind for Windows Phone

  Hi everyone,
  i love coding and would like to know how games are discovered on windows phone..
  i am about to build five games and would love to know how to promote them..so they can be downloaded..
  thanks
  seun

  Hi Seun,
  Please refer to the following links to get started.
  http://channel9.msdn.com/events/BUILD/BUILD2011/APP-791T.
  http://msdn.microsoft.com/en-us/library/windows/apps/hh452744.aspx.
  Regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate
  the survey.

• Creating Open Directory Replica fails with Server Admin Error Value 1127

  Hallo,
  I have seen a lot of similar threads here and they were helpful up to a certain point, but in the end, they did not solve my problem.
  Currently, it comes down to this. The Server Admin Error message ist really meaningless and I could not find a single for the error value on the whole wide web. As such, I switched to the command line versions of the tools involved to geht more meaningful results. It worked. Specifically, creating a replica of an openldap master means using slapconfig.
  When executing
  slapconfig -createreplica master.ourdomain.com diradmin
  as root on the prospective replica machine, I get the following error message:
  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  That makes perfect sense to me, but how is it meant to work then?
  Executing slapconfig as admin tells me that this tool is to be executed as root. On the other hand, root login via ssh is not allowed in Mac OS X by default, which seems fine to me. I even changed /etc/sshd_config on the Open Directory Master machine to "PermitRootLogin yes". However, neither reloading ssh using launchctl nor restarting the whole server made this setting operational. Trying to login from command line as root still tells me:
  root login is not permitted to this machine via public key authentication.
  While this is the current state where I need help urgently, I changed some other things before. I tell about to exclude these issues as possible reason of failure. I got this message for quite a while:
  Replica Setup failed : This machine does not have a valid computer name
  I was sure, this machine meant the target machine, the open directory master, because the domain had changed there once before I had taken over responsibility as an admin in this environment. And in fact, changeip disguised an issue there. The command proposed by changeip to fix the situation did not seem appropriate because this machine is multihomed with a public and a private IP adress. Proper name resolution is available for both interfaces including reverse lookup. I dont like this setup, but it was the only way to get mail service running smoothly. Running changeip on the machine itself using these arguments
  changeip /LDAPv3/127.0.0.1 internalIP internalIP old.ours.com current.ours.com
  reported success in updating password server, open directory, both interfaces, hostconfig (which in fact did not change) and samba. It reported an issue with kadmin which is related to Kerberos (we dont use Kerberos yet).
  Changing the hostname of the server using changeip did not solve the issue. I then found the hint to check with scutil. This showed that the Hostname was not set on the prospective replica machine. (A question aside: in how many place is the hostname stored? The traditional /etc/hostname has gone, but seems to be replaces with several other configuration files and databases. I cant see this as an advantage). Setting the hostname using scutil worked fine. However, it did not solve the problem either. At least, slapconfig now started to complain about not being able to log in as root instead of failing from the start.
  I also checked all log files on bboth machines that might have to do with openldap, as there are /var/log/slapd.log, /var/log/system.log and /Library/Log/slapconfig.log. I also checked the log of th layer on top of openldap which is /Library/Log/DirectoryService.server.log. None of them revealed anything noticeable beside a lot of of entries that I have googled in the last few hours and which all dont seem to be associated with the problem in question.
  I will take a break now, but I have to fix this until tomorrow and I hope to get the ultimate hint from you, dear reader.
  Thanks and bye, Christian Völker

  ssh command failed with status 127
  That command is not allowed with the root account via public key authentication.
  Initial OD replication takes place via 'ssh'. If you have 'sshd' configured on the OD Master to authenticate with public keys then the OD replica will not be able to communicate with the OD Master via 'ssh'. You must configure the OD Master to use 'ssh' with password authentication and root login enabled.
  Demote the replica back to standalone. Stop any services that you may have running on the primary network interface. Then stop any services that you may have running on the secondary network interface. In the 'Network' System Prefpane remove the IP number from the secondary interface then deactivate the secondary network interface.
  Assign the private IP address and hostname that you wish to use for the replica to the primary network interface. Assign the 'public' IP number to the secondary interface. Check the DNS to see that the IP address and hostname for the primary network interface resolve both forward and reverse for the hostname of the replica that you have chosen. If it does not, fix your DNS before proceeding.
  In the 'Sharing' System Prefpane, change the name of the machine to the hostname (server.domain.tld) of the replica that you have chosen. Then use 'changeip -checkhostname' to see if the IP/hostname matches. Fix it if it doesn't.
  Then configure the /etc/sshd_config file on the OD master like this:
  \# Authentication:
  PermitRootLogin yes
  PasswordAuthentication yes
  PubkeyAuthentication no
  and the /etc/ssh_config file on the OD replica like this:
  PasswordAuthentication yes
  PubkeyAuthentication no
  Then from the OD replica as the 'root' user issue:
  slapconfig -createreplica <ODMasterIPorFQDN> <diradmin user>
  Make sure that the 'diradmin' user's password contains only alpha-numeric characters -no 'option-characters' or symbols, change it first if it does. Once the process completes, reactivate the secondary interface for the 'public' IP and check the configuration of services that will be using that IP, then start your other services. Secure the 'ssh' service on both machines to disable password authentication and 'root' logins.

• Is there something wrong with my directory server replica?

  Yesterday I spun up a replica of my OD Master which I had just rebuilt clean from scratch.  Everything SEEMS fine, but the GUI reports a status I did not expect:
  As you can see, the master has its own IP listed twice, and there are 3 IP's for the replica - only the first is valid for my network.
  Is this anything to worry about?  It's not what I expected to see when replication was complete.  Here's the output from serveradmin settings dirserv
  dirserv:selfWrite = yes
  dirserv:locales = _empty_array
  dirserv:caServer = yes
  dirserv:MacOSXODPolicy:Directory Binding = yes
  dirserv:MacOSXODPolicy:Configured Security Level:Binding Required = no
  dirserv:MacOSXODPolicy:Configured Security Level:Advisory Client Caching = no
  dirserv:MacOSXODPolicy:Configured Security Level:Man In The Middle = no
  dirserv:MacOSXODPolicy:Configured Security Level:Packet Signing = no
  dirserv:MacOSXODPolicy:Configured Security Level:No ClearText Authentications = no
  dirserv:MacOSXODPolicy:Configured Security Level:Packet Encryption = no
  dirserv:kerberizedRealmList:availableRealms:_array_index:0:dirNodePath = "/LDAPv3/127.0.0.1"
  dirserv:kerberizedRealmList:availableRealms:_array_index:0:realmName = "SERVER.DOMAIN.TLD"
  dirserv:kerberizedRealmList:defaultRealm = "SERVER.DOMAIN.TLD"
  dirserv:PWPolicyInfo:requiresMixedCase = no
  dirserv:PWPolicyInfo:passwordMinLen = 0
  dirserv:PWPolicyInfo:mustChangeAtFirstLogin = no
  dirserv:PWPolicyInfo:passwordMustHaveAlpha = no
  dirserv:PWPolicyInfo:requiresSymbol = no
  dirserv:PWPolicyInfo:passwordNotAccount = no
  dirserv:PWPolicyInfo:passwordDisableFailedLogins = 0
  dirserv:PWPolicyInfo:passwordHistoryLen = 0
  dirserv:PWPolicyInfo:passwordDisableNumDaysInactive = 0
  dirserv:PWPolicyInfo:passwordDisableDate = 0.000000
  dirserv:PWPolicyInfo:passwordExpireDays = 0
  dirserv:PWPolicyInfo:passwordMustHaveNumber = no
  dirserv:PWPolicyInfo:passwordDisableNumDays = 0
  dirserv:LDAPDefaultPrefix = "dc=server,dc=domain,dc=tld"
  dirserv:defaultKerbRealmName = "SERVER.DOMAIN.TLD"
  dirserv:masterConfig:replicas = _empty_array
  dirserv:LDAPSettings:useSSL = yes
  dirserv:LDAPSettings:LDAPServerBackend = "config"
  dirserv:LDAPSettings:LDAPDataBasePath = "/var/db/openldap/openldap-data"
  dirserv:LDAPSettings:maxSearchResults = "11000 size.prtotal=unlimited"
  dirserv:LDAPSettings:LDAPSSLIdentityName = "*.domain.tld"
  dirserv:LDAPSettings:LDAPTimeoutUnits = "seconds"
  dirserv:LDAPSettings:LDAPSearchBase = "dc=server,dc=domain,dc=tld"
  dirserv:LDAPSettings:searchTimeout = 60
  dirserv:LDAPSettings:LDAPSSLSerialNumber = "2246"
  dirserv:treeConfiguration:odTree:_array_index:0:PrimaryMaster = "server.domain.tld"
  dirserv:treeConfiguration:odTree:_array_index:0:IPaddresses:_array_index:0 = "10.0.1.11"
  dirserv:treeConfiguration:odTree:_array_index:0:IPaddresses:_array_index:1 = "10.0.1.11"
  dirserv:treeConfiguration:odTree:_array_index:0:GUID = "7BACB764-6A2C-451D-BF8D-74654B4FFBB1"
  dirserv:treeConfiguration:odTree:_array_index:0:ReplicaName = "Master"
  dirserv:treeConfiguration:odTree:_array_index:0:treeSource = "PrimaryMaster"
  dirserv:treeConfiguration:odTree:_array_index:0:Replicas:_array_index:0:IPaddres ses:_array_index:0 = "10.0.1.11"
  dirserv:treeConfiguration:odTree:_array_index:0:Replicas:_array_index:0:IPaddres ses:_array_index:1 = "10.0.1.11"
  dirserv:treeConfiguration:odTree:_array_index:0:Replicas:_array_index:0:GUID = "7BACB764-6A2C-451D-BF8D-74654B4FFBB1"
  dirserv:treeConfiguration:odTree:_array_index:0:Replicas:_array_index:0:ReplicaN ame = "server.domain.tld"
  dirserv:treeConfiguration:odTree:_array_index:0:Replicas:_array_index:0:Replicas :_array_index:0:GUID = "B15C3B08-2C85-44ED-B18F-403E1B1262AF"
  dirserv:treeConfiguration:odTree:_array_index:0:Replicas:_array_index:0:Replicas :_array_index:0:ReplicaName = "server4.domain.tld"
  dirserv:treeConfiguration:odTree:_array_index:0:Replicas:_array_index:1:IPaddres ses:_array_index:0 = "10.0.1.22"
  dirserv:treeConfiguration:odTree:_array_index:0:Replicas:_array_index:1:IPaddres ses:_array_index:1 = "172.16.118.1"
  dirserv:treeConfiguration:odTree:_array_index:0:Replicas:_array_index:1:IPaddres ses:_array_index:2 = "192.168.178.1"
  dirserv:treeConfiguration:odTree:_array_index:0:Replicas:_array_index:1:GUID = "B15C3B08-2C85-44ED-B18F-403E1B1262AF"
  dirserv:treeConfiguration:odTree:_array_index:0:Replicas:_array_index:1:ReplicaN ame = "server4.domain.tld"
  dirserv:treeConfiguration:odTree:_array_index:0:Replicas:_array_index:1:Replicas :_array_index:0:GUID = "7BACB764-6A2C-451D-BF8D-74654B4FFBB1"
  dirserv:treeConfiguration:odTree:_array_index:0:Replicas:_array_index:1:Replicas :_array_index:0:ReplicaName = "server.domain.tld"
  I can see that the settings do indeed jive with what the GUI reports.  I just don't know how or why it would have been configured that way.  Is this configuration going to be problematic?  Should I attempt to address it now?  Would changing the replica array be destructive to the current OD database?  I just got done rebuilding the dang thing from the ground up because of unrecoverable corruption, I don't want this to be the beginning of a new problem.
  Thanks for looking.
  Message was edited by: MustardParty

  Using the battery level meter in this manner is comparable to using your car's fuel gauge to calculate miles per gallon. The only thing that matters is the total amount of operating time from full charge to auto-shutdown.
  Use the wall-mount charger that came with the iPad and charge overnight.  Do NOT use an iPod/iPhone charger.  Do NOT use a computer's USB port.  Then, operate it normally until auto shut-down (ignore any low level alerts that may appear).  An irony is that doing that test to determine the total operating time is also the procedure necessary to calibrate the battery level meter.
  I'm not claiming that you do not have a problem.  I am stating, however, that we don't yet know.  If the above test does, in fact, indicate a problem, read this.
  Also, according to Apple:
  Use Your iPad Regularly
  For proper reporting of the battery’s state of charge, be sure to go through at least one charge cycle per month (charging the battery to 100% and then completely running it down).
  Elsewhere, Apple elaborates and explains that two half-discharges (or four quarter-discharges, etc.) equals one full discharge.

• How to repair Open Directory Master after Changing Hostname

  Summary:
  How to repair Open Directory after Changing your Server's Hostname (see separate post)
  Problem:
  I had to change our server's hostname from a private hostname (server.name.private) to a public hostname (name.dyndns.org).
  Procedure:
  1. Precautions:
  Since I was anticipating major dramas I tested the change of hostname on a clone ( I used Super Duper, and I very strongly advise everybody to heed this warning because a change of hostname will corrupt your server services, in particular Open Directory)
  Second, I exported the network users from Server Admin and copied the archive to the Drop Folder of the server's local account (because the network accounts will be unavailable after demoting the OD Master.)
  2. Change hostname and demote OD Master
  a) I re-booted the server from the clone
  b) I changed the hostname in Server App and I noticed that the Open Directory Password and the Kerberos database were still stuck with the old hostname.
  c)  I then demoted to a standalone directory (Server Admin) and I tried to promote the server to an OD Master using the Server App (Manage Network Accounts). Server App always returned an error saying I should check my network settings.
  3. List of 'fixes'
  I tried the following fixes to no avail (which does not mean that you can skip them)
  a) I checked the DNS entries, forward and reverse were working fine (sudo checkip -changehostname)
  b) Checked with Lookup in Network Utility, all was fine
  c) I deleted all system certificates (Keychain) which showed the name of the previous hostname
  ( N.B. you need not delete email certificate and private/public keys)
  d) I tried to assign a new static IP in Networking Preferences (had no visible result)
  e) I re-booted from the working drive and I re-paired permissions on the clone; I ran disk repairs.
  Despite all this I could not re-create an OD Master.
  I then looked for this dubious folder /var/root/Library/Application Support/Certificate Authority.
  I could not find this folder when using the Finder's Go To Folder, nor did "Easy Find" see this folder.
  I was about to give up when I read the posts on this page and I entered the Terminal commands
  sudo rm -R /var/root/Library/Application\ Support/Certificate\ Authority/
  I had not much hope when I set about to re-create the OD Master from the Server App.
  But lo and behold !!! I did not trust my eyes when Server App claimed that the OD Master had been successfully created. And indeed, Server admin showed a running OD Master, LDAP, Kerberos and Password Server all running again !
  Final touch: re-import the user accounts.
  Epilogue:
  I woud not have been able to fix this issue had not so many others shared their experience and the working solution.
  (Refer : https://discussions.apple.com/thread/3219325?start=0&tstart=0 )
  Thank you all !
  Let's hope that Apple will fix this annoying issue in the next server update.
  Regards,
  Twistan

  Hi Rhyan,
  Please try clearing the security cache
  http://www.sharepointanalysthq.com/2014/05/active-directory-groups-and-sharepoint-security/
  https://sergeluca.wordpress.com/2013/07/06/sharepoint-2013-use-ag-groups-yes-butdont-forget-the-security-token-caching-logontokencacheexpirationwindow-and-windowstokenlifetime/
  http://webactivedirectory.com/active-directory/windows-active-directory-cached-user-credentials/
  Please remember to click 'Mark as Answer' on the answer if it helps you

• How to Migrate Win Server 2008 to Win Server 2012 if PDC server no longer exist?

  With this being Foundation (less than 15 users) with some problems already, it might be smarter to just start the new server fresh.

  I took over a small business company's network infratructure with Server 2008 Foundation and I would like to migrate to a new Windows Server 2012 r2.The Server 2008 Foundation is a DC with AD / DHCP / DNS / File & Print Server roles. I would like to transfer these roles to the new server with Win Server 2012 r2 std OS. My plan is to join the new server to the old DC, promote it as DC, and transfer roles to it, demote old server and power off.However, there was an older server (Windows 2003) which is no longer in the office and it was the current operations master. The server 2003 was the PDC. When I open AD Domains and Trusts I get this error:"You cannot modify domain or trust info because a PDC emulator cannot be contacted.."Maybe the FSMO roles wasn't transferred over from 2003 to 2008 properly? I don't know.How can I move forward to...
  This topic first appeared in the Spiceworks Community

• HT3801 How do I remove Open directory services from primary MDC?

  I configured my xSAN mdc as an open directory master but I don't need to manage users from the MDC. How do I turn off Open directory on my master mdc and replicas?
  Thanks,
  Tom

  Hi
  Launch Server Admin on your Replica. Select the server's name in the sidebar on the left. Select the Open Directory Service. Click on Settings and change the Role to Standalone.
  Treat any other Replica you may have the same way.
  Launch Server Admin on your Master. Select the server's name in the sidebar on the left. Select the Open Directory Service. Click on Settings and change the Role to Standalone.
  Once you've demoted your OD Master to Standalone you will delete everything to do with the LDAP Database - users, groups, passwords etc but not home folders. If you have local users these won't be affected.
  If for some reason you may want to revert back to users etc that were stored in the LDAP Database then back them up first using the usual methods available on the platform.
  HTH?
  Tony

• Open Directory: "Unable to load replica list"

  I'm currently running Mavericks Server 3.1 on my Mac Mini at the home network. I had some issues with the client logins and went for local accounts on the clients instead. Today I finally wanted to fix the problem and go all Open Directory. But the Open Directory service was shut off when I opened the server software. I tried to turn it on but got a message saying "Unable to load replica list". I updated the software to the latest 3.1 but are still having the same issue. I never had any replica list, I only had a standard one from the start, but it seems I can't do anyhing there now.
  LDAP log:
  Mar 21 22:48:38 xxYY.com slapd[172]: @(#) $OpenLDAP: slapd 2.4.28 (Nov 12 2013 12:02:47) $
  [email protected]:/private/var/tmp/OpenLDAP/OpenLDAP-491.1~1/servers/slapd
  Mar 21 22:48:38 xxYY.com.com slapd[172]: daemon: SLAP_SOCK_INIT: dtblsize=8192
  Mar 21 22:48:39 xxYY.com.com slapd[172]: TLS: found identity in keychain using identity preference.
  Mar 21 22:48:42 xxYY.com.com slapd[172]: slap_add_listener: opened additional listener 'ldaps:///'
  Mar 21 22:48:42 xxYY.com.com slapd[172]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
  Mar 21 22:48:44 xxYY.com.com slapd[172]: slapd starting
  Mar 21 22:48:44 xxYY.com.com slapd[172]: daemon: posting com.apple.slapd.startup notification
  Mar 21 22:48:54 xxYY.com.com slapd[172]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
  Mar 21 22:48:54 xxYY.com.com slapd[172]: conn=1022 op=3: attribute "entryCSN" index delete failure
  Mar 21 22:50:02 xxYY.com.com slapd[172]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
  Mar 21 22:50:02 xxYY.com.com slapd[172]: conn=1042 op=3: attribute "entryCSN" index delete failure
  I don't understand any of this other than the obvious failure words. Can anyone understand this and help me here?

  This procedure is a diagnostic test. It makes no changes to your data. If you have more than one user account, you must be logged in as an administrator to carry out these instructions.
  Please triple-click anywhere in the line below on this page to select it:
  sudo /usr/libexec/slapd -Tt | pbcopy
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  Launch the built-in Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Paste into the Terminal window by pressing the key combination command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. You'll be prompted for your login password. Nothing will be displayed when you type it. If you don’t have a login password, you’ll need to set one before you can run the command. You may get a one-time warning to be careful. Confirm. You don't need to post the warning.
  If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator. Log in as one and start over.
  Wait for a new line ending in a dollar sign ($) to appear below what you entered.
  The output of the command will be automatically copied to the Clipboard. If the command produced no output, the Clipboard will be empty. Paste into a reply to this message.
  The Terminal window doesn't show the output. Please don't copy anything from there.