Leopard and panther open directory server hate each other

So I got Leopard the first day but didn't install it till a week later 'coz I was working on a Final Cut project. When I was ready to install I saw all these problems people are having and decided to backup all my user files before I do it which I've never done before (what can you say, I trust Apple engineers!) Anyway, after an upgrade install I found that my PowerMac Dual 2.7GHz G5 with 3.5GB of RAM was slow, very slow, crawling slow. Every button I pressed, every app I tried to open, every response seemed it'd take at least 5 mins and Activity Monitor showed that those apps I was trying to interact with were not responding but if I was patient enough to wait, most of them would eventually come around.
After a whole night searching the Apple forum and googling, I couldn't find any solution. So I decided to wipe the hard disk clean and do a clean installation. Amazingly everything worked just as they should and installation only took like 15 mins or so. After I finished installing all my usual apps back into my PowerMac I was, again, busy working on another Final Cut project. And finally that project was concluded so I can look at my new Leopard installation and see if I've missed anything after the clean installation. I found out that I forgot to add my office LDAP server information into the Directory Access and I went ahead and added it.
I was distracted by something else after I added the LDAP info and an hour or so later when I restart my PowerMac, it started to act weird and crawling slow again, just like when I first did the upgrade installation. I totally forgot what I did to make it slow and I was super worry. After like 2 hours of ghost hunting in my PowerMac, I decided to let it sleep for the night and try to figure it out in the morning. On my way home I finally remembered what I did to make it slow! It's the LDAP info!!!! That's the only system related thing I added since before I did the last Final Cut project.
I searched the Apple forum again last night to see if anyone has the same or related problem but I couldn't find anything close. I came to work this morning and decided to test my finding. The PowerMac was still super slow and I figured if it's directory access related, then if I unplug the network cable, my Mac should be smart enough to understand that there is no point in searching for a directory and simply gives up. I unplug the cable and my Mac is up and running smoothly again. I opened the Directory Access app and delete the LDAP entry, restart the Mac, plug the network cable back in and everything is fine now!
I believe the problem is more on my Panther (10.3.9) server (ok fine! we are cheap, we didn't think a Tiger server was worth it! was I wrong!) than on the Leopard itself and that's why I couldn't find anything related on the forum. Is the Panther server LDAP module faulty to begin with that caused the problem? I don't know. I just know that Leopard does not play well with Panther's Open Directory service.

I've convinced myself that all the problems which I'm experiencing with failures to mount, disappearing CD/DVD drives are nothing to do with Windows XP because all my problems are occurring under Windows 2000 (on different computers). Looks like Apple have taken a leaf out of Microsoft's rule book (put the product out in the market before it's ready and let the punters do all the hard work finding and fixing the bugs).

Similar Messages

  • Ubuntu Karmic authentication against Snow leopard open directory server

    Hi,
    I'm looking for help. I've tried to configure an installation of Karmic to authenticate against our office's open directory server running on an osx snow leopard server. Currently `getent password` show all users including those from the open directory server when running the command as both root and normal users. However authentication against the open directry users fails with the following messages in the /var/log/auth.log:-
    Dec 7 22:42:05 [hostname] getent: nss_ldap: failed to bind to LDAP server ldap://server.domain.com: Invalid credentials
    Dec 7 22:42:05 [hostname] getent: nss_ldap: could not search LDAP server - Server is unavailable
    (I've changed the hostname and ldap url)
    /etc/ldap.conf has:-
    base dc=server,dc=domain,dc=com
    ldap_version 3
    rootbinddn cn=diradmin,dc=server,dc=domain,dc=com
    bind_policy soft
    pam_password md5
    /etc/ldap.secret is set to the password of the diradmin user and has a permission mask of 600
    /etc/pam.d/common-passwd :-
    password sufficient pam_ldap.so md5
    password required pam_unix.so nullok obscure md5
    password optional pam_smbpass.so nullok use_authtok tryfirstpass missingok
    /etc/pam.d/common-auth:-
    auth [success=2 default=ignore] pam_unix.so nullok_secure
    auth [success=1 default=ignore] pam_ldap.so usefirstpass
    auth requisite pam_deny.so
    auth required pam_permit.so
    /etc/pam.d/common-account:-
    account [success=2 newauthtokreqd=done default=ignore] pam_unix.so
    account [success=1 default=ignore] pam_ldap.so
    account requisite pam_deny.so
    account required pam_permit.so
    /etc/pam.d/common-session
    session [default=1] pam_permit.so
    session requisite pam_deny.so
    session required pam_permit.so
    session required pam_unix.so
    session optional pam_ldap.so
    session optional pamckconnector.so nox11
    Does anyone have any ideas where to go from here?
    Message was edited by: zebardy

    Hi
    It's easy enough to 'connect' any version of OS X Server to any other version of OS X Server. Use the Join button in the Users & Groups Preferences Pane. Alternatively use the Directory Utility itself.
    You seem to be misunderstanding what an Open Directory Master and Replica are? They are not what I think you think they are. They are not a 'back-up' of each other if you're providing more than the shared Directory Service.
    An OD Replica maintains a read-only copy of the LDAP Database (Usernames, Passwords and Policies etc) that's stored on the OD Master and nothing more. If the Master was to go offline for any reason the Replica can be quickly promoted to a Master Role and continue to provide information for the shared directory. This assumes it has easy and quick access to the Volume storing networked home folders? The LDAP Database in that case would then become writable. Later on and whenever you've fixed the problem with the old Master it can quickly be demoted and made a Replica of the now new Master.
    Although this is for 10.6 Server (it is nevertheless still applicable) everything you need to know about Master and Replica relationships is here:
    http://manuals.info.apple.com/en_US/OpenDirAdmin_v10.6.pdf
    Page 55 onwards.
    From Page 64:
    "The Open Directory master and its replicas must use the same version of Mac OS X Server. . ."
    If your OD Master is also providing Mail, Calendar and Contact Services then none of these will be replicated. You will have to maintain a backup of these databases yourself using whatever method you deem fit for your needs.
    HTH?
    Tony

  • Changing the Name of an Open Directory Server while preserving users, etc.

    Hi Everyone,
    Not an emergency - but I have been wrestling with this dilemma for almost a year now.
    The good news is nothing has to be done right away. But I will ultimately need a solution.
    We have inherited a server system at a traditional elementary school from a previous IT person who was immature to say the least.
    When he set up the server system, he named the open directory server something that, while innocuous is inappropriate for a school setting.  I am sure he thought it was clever and cheeky at the time. But a few years later it is simply unprofessional. And we are being expected to ultimately be able to change it so something like "XXXdirectory.domainname.edu" The more it hangs around - the longer it looks like we did this and it makes us look unprofessional.
    So here is my dilemma. 
    This is an OD Master with iCal and network homes attached to it. It also runs DNS.
    I would like to set up a new server and name it "xxxdirectory.schooldomainname.edu"
    Setting up the new server is easy and getting all the client machines to bind to it - no problem.
    The problem is how to migrate all the users to the new server.  It seems a restore wont work because if the new server is named differently, the restore will fail. I also can't do a server migration because the stupid name migrates to the new server.
    My old server is 10.5.8 Server.  The new one is 10.7.1 Server . But could be 10.6.8 Server if need be. 
    The main problem is how do I get all the accounts onto a new server with a new OD master name?
    I don't mind command line stuff. So throw whatever you got at me.
    Thanks in advance for your help everyone.  Don't worry - I won't be a pain in the butt or argue.  I just need some good solid guidance, even if it is a "Not possible" answer - at least I have something to tell the administration when they want to know why we can't change the OD Master name from mcnugget.schoolname.edu.
    Please let me know if you need more details.  I am happy to provide.
    Thanks again.
    Tony

    If you don't mind resetting everybodies password then you can export the users and groups and wipe the server for a clean install or turn it into a standalone server then back into od master  then import the users and groups.

  • Wrong UID from open directory server

    I have a problem with a mac OSX server
    I have an open directory server A, that shares all users to every other server i have.
    I then have 2 mac OSX servers B and C, that it set up to allow network users. I can easily login with a open directory user, on both servers, but I have a problem. on server B it says the users user id is 1050, which is correct. On server C it says that the same users user id is 1000, which is wrong. Both server set ups are identical, as far as I know. On the Open Directory server A the users id for the user is also 1050, in case that is relevant.
    I have checked if server C has a local user with the same name, but htat is not the case.
    Any idea what might have caused this problem?

    bump

  • Open Directory server on two Private IP addresses - acting slow

    We have an OS X Open Directory server that has two non-routable IP addresses.
    Primary - 10.0.0.x (LAN) with 10.0.0.x gateway
    Secondary - 172.16.0.x (SAN) with no gateway
    When it is plugged in to both networks, Server Admin responds very slowly. If the server is just on the primary interface, Server Admin responds normally.
    We also have a replica that is on the two private networks.
    Primary - 10.0.0.x (LAN) with 10.0.0.x gateway
    Secondary - 172.16.0.x (SAN) with no gateway
    When we launch Server Admin on the replica, Server Admin says there's no server found at this address, even when it is looking for server.local, as opposed to server.domain.com.
    Again, if you put this server on the primary 10. network, it works fine.
    What's going on?

    For anyone else interested, I eventually decided that a fully-qualified domain name seems to be necessary for some services, and that OS X Server doesn't seem to know exactly when that is the cause of problems, and the documentation doesn't really specify exactly what it is necessary for. So I had my organization set up a FQDN for the server, even though it's only meant to be used internally, and that seems to fix things.
    Greg

  • Open directory server crashing every 30 days / clients unable to connect to calendar, contacts server

    Hello everyone,
    I am running an up to date Mavericks Server which serves exclusively as a calendar and contacts server for about two dozens devices. The server is reachable via DynDNS, however, the public IP hardly ever changes (only once or twice a year maybe). Tried setting the OS X DNS Server to serve "all clients" and "some clients".
    For about 6 months (i.e. also under Mountain Lion), I am having a very strange problem. Roughly every 20-30 days, clients will not be able to connect to the server, instead getting a "wrong password" dialog. Restarting the open directory server will help for the next 30 days.
    I have tried repairing the database as detailed here, however, the issue persists.
    Any help would be highly appreciated!
    I would have tried setting up a clean server installation, migrating calendars/contacts manually and re-adding all users by hand, however, I am not aware of an easy way to do so. The terminal command for calendar backup is broken under mavericks (might work with this workaround) and re-adding users manually would apparently involve correcting user UUIDs afterwards in order to match the migrated calendar data. Do you know of a better approach?
    Thanks a lot!
    DPSG-Scout

    Hi Linc,
    This looks the most relevant to me:
    opendirectory.log
    2014-03-11 11:13:09.460675 CET - 333.2628758.2628759 - Client: Python, UID: 93, EUID: 93, GID: 93, EGID: 93
    2014-03-11 11:13:09.460675 CET - 333.2628758.2628759, Node: /Local/Default, Module: PlistFile - predicates with 'AND' are not supported
    2014-03-11 12:09:00.296514 CET - State information (some requests have been active for extended period):
              Sessions: {
                  28 -- opendirectoryd:
                              Session ID: 7BFBA6FE-A968-4399-A129-E3A5945E2A81
                              Refs: singleton
                              Type: Default
                              Target: localhost
              Nodes: {
                  43 -- authd:
                              Node ID: 6D0E236D-6DBD-4E8C-BC01-B3F50C2C2D8E
                              Nodename: /LDAPv3/127.0.0.1
                              Session ID: <Default>
                              Refs: 1
                              Internal Use: X
    an many more similar ones…
    Thanks for your effort!

  • 10.3.9 clients not working with 10.4.9 open directory server

    I have a 10.4.9 server running open directory and managing about 20 10.4.9 clients. I am trying to have it manage our remaining 10.3.9 clients, but for whatever reason, I cannot seem to get the 10.3 clients to "attach" to the server.
    I have the 10.3 clients set up in a computer list on the server, and in directory access I have it set to "get ldap mappings from server". At one point, it was suggested to me that I have the clients "get ldap mappings from open directory server". I tried this, and manually set the search base suffix. My search base suffix was "dc=example,dc=local". I even tried doing "cn=config,dc=example,dc=local" (where in both cases example.local was replaced with my real DNS name). Any suggestions on what else I could try to get this to work?

    That's the odd thing though. I've done this with 10.4 no problem. Settings always worked. For some reason though, even though the clients are able to login using a network user, none of the preference settings sync.
    For example - I always put a loginwindow message on as a sort of "test" to see if preferences are being set. If that works, then I rarely have a problem. No matter what I do, though, I cannot get the loginwindow message to display on the 10.3 clients. It works really well on 10.4, but not at all on 10.3. I've tried this on multiple 10.3 machines, as well, (and they're both based on different system images) but it still doesn't work. When I get back to work on Friday, I'll have to see if preferences will work for network users; that's the one thing I haven't tried.
    Other than dumping the directoryaccess preferences, is there another preference setting that could be dumped on the client that may make it grab prefs from the server?

  • How to promote my OSX10.6.8 replica server to Open Directory server

    My Open Directory Server crash and i would like to promote my replica Server to Open Directory.  can you tell me how to do this.

    Hello Dave,
    Check out the steps quoted below to promote your replica to the Open Directory master.
    Provide Open Directory service
    https://help.apple.com/advancedserveradmin/mac/3.1/#apdD1F7D8CA-CF07-40CE-B2D4-8 E3ACF4BCA40
    Promote a replica to Open Directory master
    If an Open Directory master fails and you can’t recover it from a backup, you can promote a replica to be a master. The new master (promoted replica) uses the directory and authentication databases of the replica.
    Select Open Directory in the sidebar.
    Click Servers.
    Select a replica to promote, then choose Promote Replica to Master from the Action pop-up menu (looks like a gear).
    Enter the directory administrator name and password.
    If you archived Open Directory data with certificate authority keys, you can restore them by entering the Open Directory archive location or clicking choose to locate the archive.
    Click Next.
    Enter the user name and password for the replica that’s being promoted, then click Connect.
    Regards,
    -Norm G.

  • Command-Line Remove Open Directory Server

    What is the terminal command to remove an Open Directory server?

    On LDAP server open the Terminal and run this:
    +sudo slapconfig -destroyldapserver+
    *man slapconfig* will give you more interesting options

  • Three new groups in Open Directory Server

    I noticed that my Open Directory server has three new groups in WGM,OD Users, OD Administators and com.apple.limited_admin. Should I treat these as I treated the other groups by assigning them members and group folders? I also noticed that now I have a System Administrator and a Directory Adminstrator, does that sound right? Should I keep both? Thanks

    Ok, thanks, I had forgoten the "show system records" trick.
    For the guest user, I don't see it in dscl.
    So I suppose it's not a user, just an "anonymous" authentication option in the sharing preferences.
    It's a bit like "others" in the posix rights permissions : User, group, other. User and group are existing and named, other are not named, it's just anybody that is not the named user and not a member of the named group.
    To keep things understandable, you should use an other name if you wish to configure a "guest user"
    You can manage the "enable guest account" option from WGM if you select a computergroup, in the preferences pane / login / options.
    Hope it helps
    Nicolas

  • User base Synchronization between SAP and MS Active Directory Server

    Dear all!
    I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
    i successfully implemented the synchronization of user data between SAP and the ADS.
    My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
    Currently I don't have a clue how to do this.
    Regards,
    Christoph

    Have you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
    The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
    Regards,
    Marc g

  • Synchronization between AD and Sun Java Directory Server

    I would like to build an environment as below, kindly let me know whether it is possible or not.
    My Enterprise Directory is Active Directory and i have Policy Server which directs the sso users to get authenticated with that server. I would like to synchronize the user data from Active Directory to Sun Java Directory Server (existing version is 5.2 Service Pack 4) including the passwords and i would like to know with which hashing algorithm these passwords are stored in the sun directory server. Because i want to synchronize the same attributes from sun java directory server to Oracle Internet Directory and is it possible to get my sso users to get authenticated at OID even?
    Kindly let me know whether this approach is feasible or not?
    Any suggestion to this approach is greatly appreciated...
    Thanks in advance...
    Regards,
    Kishore Repakula.

    i would like to know with which hashing algorithm these
    passwords are stored in the sun directory server.Like most other directory servers, SunDS offers a few choices here.
    The most secure is SSHA, which you'd probably want to use unless you have apps with dependencies on other hashes (e.g., CRYPT for backward compatibility with UNIX password field).
    I would like to synchronize the user data from Active Directory
    to Sun Java Directory Server (existing version is 5.2
    Service Pack 4) including the passwords...Sun has a "Identity Synchronization for Windows" product which might work for you.
    http://www.sun.com/software/products/directory_srvr_ee/identity_synch/
    Unfortunately, the big trick with AD passwords is that they are stored in a proprietary one-way hash, so you can't just sync them directly over to another directory. Likewise, you can't import password hashes from other sources into AD and expect them to work.

  • New windows don't open on top of each other in Firefox. How can I make that happen?

    New windows don't open on top of each other in Firefox. How can I make that happen? That is, every time I open a new window, it won't open on top of the old window, and instead is positioned to the right of it. I'm on a mac. Please help.
    == This happened ==
    Every time Firefox opened
    == Today

    I see. I'm not aware of how to fix this in Firefox. Usually you want to tweak your Winow Manager preferences for opening new windows.
    Example: sawfish preferences for Linux.
    Since Mac OS X doesn't have any preferences, you have to use Applescript or another technique. I found [http://amitp.blogspot.com/2006/08/mac-os-x-window-management-spooky.html Spooky], maybe there are others. I haven't tried it, but here is the [http://www.doernte.net/spooky.html Spooky Download and Description].

  • HT204053 Our family uses one Apple ID for all of our iPhones.  We installed the update and now we are all getting each others photos and texts.  How do we stop this?

    Our family uses one Apple ID for all of our iPhone 5's.  We installed the update and now we are all receiving each other's pictures and texts.  How do we stop this? 

    Have a look here...
    http://macmost.com/setting-up-multiple-ios-devices-for-messages-and-facetime.htm l

  • We have 3 kids with ipods, all on one apple id and they complain that they get each others messages, apps etc.  what can I do to change this?

    We have 3 kids with an ipod touch each.  All are on one apple id (mine, so they have to come to me to authorise purchases) and they complain that they get each others messages, apps etc.  What can I do to set this up differently, so they can each manage their own content etc but not make purchases?

    Go onto all iPods, and turn on "Restrictions" and disable installing apps. The apps do auto download, and the only way around the messages problem is to make 3 Apple IDs. When installing apps, it will ask for a "restrictions" password, and you can enter that.

Maybe you are looking for

  • Final Cut Pro X exports video clip as black

    Hi Everyone, I have a big problem, I'm trying to export a project with many HD clips, the first of which is the only one being shot as AVCHD on a Sony DSLR and converted to .mov by Voltaic HD because otherwise I can't import it in Final Cut Pro X. Th

  • Deserialization of a custom class

    Hello, everybody! My situation. I'm developing a program with help of well-known JGraph library (www.jgraph.com). This program will use serialization/deserialization for saving/opening results of work. The JGraph library contains JGraph class that im

  • Acrobat X Forms not working

    No matter what I do formamker will not work, create from exisitng, tiff , jpg image. I tried repairing installation etc

  • Can ichat act as a softphone?

    I'm thinking of adding a VoIP service to my small business. Can ichat be setup to be a VoIP softphone? I looked at Skype and GIZmo project but they dont offer an inbound calling number for my area code .. Ottawa Canada. I found a VoIP provider that w

  • Execute function module from Custom Table Value?

    Hi, I have custom table with following field FUNNAME        CHAR    1000 That contains records like the following CALL FUNCTION 'ZMATF' EXPORTING MATNR = P_MATNR IMPORTING MATDESCRIPTION = V_MATERIALDESC. CALL FUNCTION 'Y_CHECK_EXIT' EXPORTING USEREX