Mac os x server 3.0.2 open directory master disappear from list
Hi, There is a very funny Mac OS X Server 3.0.2 issue.
After I updated my mac os X server from 3.0.0 to 3.0.2. as my host name is conflict with other Mac mini, I changed X server's Mac mini's host name, computer name and localhost name. When I restart my x server. My defined "Open Directory Master" disappear from my server list.
Actually, I need to change some setting from UI, as it disppeared from UI, I can't do any about it. Is there any way to delete it from command line? or How I can enable it appear again?
As can't find the defined open directory server master, have to delete it from terminal command line as:
sudo slapconfig -destroyldapserver
and then add a new open directory master.
Similar Messages
-
Unable to set Open Directory master on brand new server
I have a brand new Mac Mini server running 10.6.2 which I am unable to set as an OD master, receiving the error "There was a configuration error when configuring your server as an Open Directory Master. See the Configuration Log for more information about the failure."
The log reads as follows...
2010-01-10 10:34:31 +1100 - slapconfig -createldapmasterandadmin
2010-01-10 10:34:31 +1100 - Creating password server slot
2010-01-10 10:34:31 +1100 - command: /usr/sbin/mkpassdb -a -u diradmin -p -q
2010-01-10 10:34:32 +1100 - command: /usr/sbin/mkpassdb -a -u root -p -q
2010-01-10 10:34:32 +1100 - command: /usr/sbin/mkpassdb -a -u paisleypark.local$ -p -q
2010-01-10 10:34:32 +1100 - command: /usr/sbin/mkpassdb -setcomputeraccount 0x4b4912886b8b45670000001b0000001b
2010-01-10 10:34:32 +1100 - Setting SASL realm to <OpenDirectory.pIxrV9>
2010-01-10 10:34:32 +1100 - command: /usr/sbin/mkpassdb -setrealm OpenDirectory.pIxrV9
2010-01-10 10:34:32 +1100 - Copied file from /etc/openldap/slapd.conf to /etc/openldap/slapd.conf.backup.
2010-01-10 10:34:34 +1100 - command: /usr/bin/net getlocalsid
2010-01-10 10:34:34 +1100 - Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2010-01-10 10:34:34 +1100 - Starting LDAP server (slapd)
2010-01-10 10:34:54 +1100 - Error: The slapd process did not start.
2010-01-10 10:34:54 +1100 - Stopping LDAP server (slapd)
2010-01-10 10:34:54 +1100 - Removed file at path /var/run/slapconfig.lock.
... but I am unable to locate any reference to the specific error in these forums or via my friendly neighbourhood Google.
Any ideas greatly appreciated.Well, like I mentioned, if DNS is not properly configured, all bets are off. And again, if you start services before making it an OD master, you could be asking for trouble. You may be able to fix the installation, but I'd seriously consider starting over.
You might be able to fix what you have well enough to make it work, but what happens in 6 months when it gets flaky about something. You may end up wondering of there was something wrong to begin with.
So yes, I'd start over. -
Trouble binding 10.5 Server to 10.6 Open Directory
After a recent power outage one of my 10.5 Servers lost its connection to the OD Master. I am unable to get this system to re-bind to an Open Directory Master (10.6 Server). I had to force un-bind the 10.5 machine (via Directory Utility) because it could not contact the OD Master. After force unbinding the 10.5 Server system I checked Open Directory settings in Server Admin and the role was "Standalone Server".
Steps to reproduce problem:
1) Change role of 10.5 Server to "Connects to a Directory System" and rebooted the system.
2) Launch Directory Utility, click add server and enter the FQDN for my OD Master. SSL option is not checked.
3) Directory Utility tries to communicate with the OD Master for a few moments...displaying "verifying server address", then comes back with the error "there was no response from SERVER. Please check that the address you entered is correct".
(where SERVER = the FQDN for the OD Master)
I Checked that DNS was working and that the system (10.5 Server) could resolve the FQDN of the OD Master. When the above steps did not solve the problem I went to the OD Master and (from Workgroup Manager) deleted the previous entry for the 10.5 Server. This had no effect on the problem. Not sure what to try next?Hi,
Welcome to the Discussions
10.5 Server and specifically iChat Server has it's own forum
http://discussions.apple.com/forum.jspa?forumID=1235 (for Export)
10.6 Server has Forum called Collaboration Services for iChat Server (And a few other bits)
The Forums are within Categories.
Technically each is within it's own OS Category but Tiger, Leopard and Snow Leopard are all shown in this "Master Category" here
The reason I am posting these links is that I don't know enough about the Server version of iChat.
The chances are that someone in the 10.6 Server > Collaboration Services forum knows how to Export the list from 10.5 Server and input it in to 10.6 Server.
Hope this helps.
7:53 PM Monday; July 19, 2010
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat" -
Exception in servermgr_accounts when creating open directory master...
Just to give you some background, I'm new to Mac Os X Server. And I'm trying to get a mail/ical/web-server with "open directory" setup. The server is placed in a remote location, behind a NAT-firewall.
I thought I hade everything setup, took a while to figure out the DNS-configs. But I managed to get everything working, and apply the server through a NetworkAccountServer on a client.
When I wanted to setup some e-mail aliases for my e-mail accounts, I remembered I hade seen that in "Server Preferences".
But when opening "Server Preferences" i got the following message:
"Multiple errors occurred on the server while processing commands. Use the Console application to view the error messages.", I could access everything accept Users and Groups, when clicking these it tried to create a new open directory.
The Console App shows this Message:
2/4/11 1:15:31 AM servermgrd[3725] servermgr_accounts: noteDirectoryNodeAdded (reopening nodes)
2/4/11 1:15:31 AM servermgrd[3725] * Terminating app due to uncaught exception 'NSUnknownKeyException', reason: '[<NSCFDictionary 0x102021680> valueForUndefinedKey:]: this class is not key value coding-compliant for the key VR.'
* Call stack at first throw:
0 CoreFoundation 0x00007fff878fc7b4 __exceptionPreprocess + 180
1 libobjc.A.dylib 0x00007fff890ce0f3 objcexceptionthrow + 45
2 CoreFoundation 0x00007fff87954969 -[NSException raise] + 9
3 Foundation 0x00007fff87e61c92 -[NSObject(NSKeyValueCoding) valueForUndefinedKey:] + 245
4 Foundation 0x00007fff87d915a8 -[NSObject(NSKeyValueCoding) valueForKey:] + 420
5 Foundation 0x00007fff87d8d0f6 -[NSDictionary(NSKeyValueCoding) valueForKey:] + 173
6 servermgr_accounts 0x00000001005799c1 scDynamicStoreNotificationCallback + 25876
7 servermgr_accounts 0x0000000100579948 scDynamicStoreNotificationCallback + 25755
8 servermgr_accounts 0x0000000100577648 scDynamicStoreNotificationCallback + 16795
9 servermgr_accounts 0x0000000100573521 scDynamicStoreNotificationCallback + 116
10 SystemConfiguration 0x00007fff82273dad rlsPerform + 115
11 CoreFoundation 0x00007fff87899401 __CFRunLoopDoSources0 + 1361
12 CoreFoundation 0x00007fff878975f9 __CFRunLoopRun + 873
13 CoreFoundation 0x00007fff87896dbf CFRunLoopRunSpecific + 575
14 Foundation 0x00007fff87dc08e4 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 270
15 Foundation 0x00007fff87dc07c3 -[NSRunLoop(NSRunLoop) run] + 77
16 servermgrd 0x0000000100003f13 0x0 + 4294983443
17 servermgrd 0x0000000100001388 0x0 + 4294972296
18 ??? 0x0000000000000002 0x0 + 2
2/4/11 1:15:31 AM com.apple.launchd[1] (com.apple.servermgrd[3725]) Job appears to have crashed: Abort trap
2/4/11 1:15:31 AM com.apple.ReportCrash.Root[3831] 2011-02-04 01:15:31.997 ReportCrash[3831:2a03] Saved crash report for servermgrd[3725] version ??? (???) to /Library/Logs/DiagnosticReports/servermgrd2011-02-04-011531localhost.crash
2/4/11 1:15:32 AM edu.mit.Kerberos.kadmind[3848] kadmind: starting...
2/4/11 1:15:33 AM Server Admin[1931] Error '-1' when applying directory role change
2/4/11 1:15:34 AM com.apple.launchd[1] (edu.mit.Kerberos.kadmind[3848]) Exited with exit code: 2
2/4/11 1:15:34 AM com.apple.launchd[1] (edu.mit.Kerberos.kadmind) Throttling respawn: Will start in 9 seconds
2/4/11 1:15:34 AM com.apple.launchd[1] (edu.mit.Kerberos.krb5kdc) Throttling respawn: Will start in 9 seconds
2/4/11 1:15:43 AM edu.mit.Kerberos.kadmind[3951] kadmind: starting...
2/4/11 1:15:51 AM com.apple.launchd[1] (com.apple.suhelperd[4009]) Exited with exit code: 2
I tried reseting the "Open Directory Service" in "Server Admin", by setting it to "standalone directory".
It did stop the "Open directory", but the console was again showing the message above.
With the server in stand-alone mode, I could access "Server Preferences" again, but as soon as I create an "Open Directory again", it fails with the above error, and I cant access the Open Directory from Server Preferences.
To summarize, the message shows when:
1. Creating an Open Directory Master.
2. Removing a Open Directory Master.
3. Entering Server Preferences with Open Directory Master running.
A wierd thing is that the "Open directory" seems to be fine. I can manage it in "Workgroup manager", login to webmail, calenders, VPN etc. I just can't manage it from "Server Preferences".
I did make som misstakes in the beginning (primarly not setting a proper host-name before creating the first "Open Directory", and also having a local-user with the same short-name as a user in the "Open Directory") But that should all solved now.
Any Idea's on what could be wrong?
Where else can I set e-mail aliases for my "Open Directory" users? Is it possible for them to administer aliases themselves?
Thanks in advance!
PS. Anyone have any tips on mail-forwarding to multiple external accounts? Do I really need to edit this manually in /etc/postfix/aliases? Is there anyway I can let my users administer forwarding?If anyone else has similar issues, I didn't find a solution. Re-installed the server from scratch...
-
Unable To Create New Open Directory Master
I have a brand new installation of MacOS X Mountain Lion Server, latest version, in a brand new Mac Mini. This Mac Mini is being co-located in a data centre, and I am setting it up via remote access (screen sharing). The data centre has setup DNS zone records for my domain, including a reverse DNS PTR record, and everything in the DNS is working fine.
During the installation of Server, when the installer asked for the type of 'Host Name', I selected 'Host name for Internet'. The installer was able to use the IP address of the Mac Mini to automatically find the correct host name, and configure it. Once the installation was complete, no services were turned on - not even DNS, as the installer probably figured out that DNS services were being handled externally.
The first thing I went to try and do was to turn on Open Directory. I turn the service on, and a sheet comes down, where I select to "Create a new Open Directory Domain". I click 'next', and on the next sheet I enter the OD Administrator's details, and password. Click 'next' again, and then I get the following message:
"This computer's host name is invalid.
The host name does not resolve to any configured address of this computer. Please ensure the host name is correct."
Opening Terminal app, and typing "hostname", I get the correct hostname, as showing in Server app itself.
Entering "sudo changeip -checkhostname" in Terminal app, I get all correct details for the IP address and host name of the machine, and the message: "The names match. There is nothing to change. dirserv:success = 'success'"
I finally tried getting Server app to change the host name itself - going into the Server pane, select the 'Network' tab, and in the 'Names' section, next to the host name, click on the "Edit..." button. Again, went through the wizard, and the wizard again was able to find the hostname automatically from the machine's IP address. Once the 'changing' process was completed, I went to try and initialise Open Directory, and again, got the same message.
Can anyone shed any light? Any suggestion would be welcome at this stage...MrHoffman, thank you for your guidance. You have, however, given me a bit of a headache.
MrHoffman wrote:
127.0.0.1 is likely going to be incorrect here. Please reference the DC DNS servers, and not a local server. If you're in a DC and particularly with a public-facing host without an outboard firewall to block DNS traffic, you likely do not want to be running your own local DNS services.
As described previously, the server was referencing the DC DNS servers. The server was not running its own DNS service. Open Directory was not able to detect that the ip address and the hostname were correct with this setup - even though the command line on the server as well as externally showed that all DNS records were setup correctly, and that the IP address and hostname matched. The server's own installation wizard and 'Change Host Name' wizard automatically detected the hostname from the machine's ip address - by consulting the reverse DNS PTR record in the DC DNS servers.
Starting the server's own DNS server - and adding '127.0.0.1' to the top of the DNS list in Preferences - allowed me to create the Open Directory master, finally. Of course, the internal DNS server was setup so that only the server itself could access it - it was closed to any other machines - and even then, I had it running only momentarily: once Open Directory created its master domain, I switched DNS service off, and removed '127.0.0.1' from the DNS list in Prefences.
With that setup, everything seemed to work fine. All users were able to login, access their share points and their mail.
MrHoffman wrote:
For the host name, the host name would usually be the FQDN fully-qualified domain name, and "example.com" isn't usually a host name. You'd usually find somehostname.example.com here
That is the only machine in the domain. All public sub-domains - like 'mail', 'www' or 'calendar' - point to the same machine. The reverse DNS PTR record points to the higher-level domain "example.com".
Your warning, however, made me worried:
MrHoffman wrote:
I'd probably rebuild the OD configuration, as I'd wonder of OD now had a bogus host name. Once bad DNS gets involved, the entanglements can be quite pernicious..
So I decided to heed your advice, and rebuild OD. I deleted the Open Directory master, and tried rebuilding it with DNS service turned off. As before, OD insists that "the host name does not resolve to any configured address of this computer", and refuses to create the new Master. I ended up following the procedure above again - switching DNS service on temporarily to get OD to work.
The problem is, that now no user can connect to the server anymore. Everyone keeps getting a message stating that their password is wrong - including users on their iPhones and iPads.
I suspect that when I created the new OD Master, it created a new certificate, and that is what is causing problems. While I could try to get the desktop users to delete the old certificates from their keychain, this is not really an option for iPhone/iPad users.
Where do I go from here? After almost 24 hours straight dealing with this, I'm at the end of my rope... -
DNS conflict when running Open Directory Master inside of WIndows network..
We installed Snow Leopard Server as an Open Directory Master in a building that already has a Windows Primary Domain Controller. The intent was to create a Mac network inside of the building with their own services. The Mac server does not pull LDAP/Kerberos/etc. from the Windows server and the Mac clients do not use the WIndows server for any other services.
Everything (Final Cut Server, Open Directory, DNS, File Sharing) worked fine for a day. The next day, all of the windows machines were getting DNS conflict messages on their screens every 15 minutes. After shutting down the Snow Leopard Server, the Windows machines are back to normal.
Ideas?
Thanks!Hi
Is it possible the Window's Administrators have added your server as a DNS Server in their DHCP Service for some reason unknown to you? Or possibly you've chosen an IP address that is listed as a DNS Server in their DHCP Service?
If you launch terminal from a client mac and issue the host command for the server's IP address what's the result?
+"we understood the Mac server has to be hosting DNS in order for Open Directory to function"+
DNS does not have to be running on the Server itself for any of the Services in OSX Server to function. Just as long as it can resolve itself on both pointers is all that matters. If it was the only server on the network then yes configure the Service. If there already is an existing and mature DNS Service then it makes sense to use it.
Tony -
Disabling Kerberos After Setting Up an Open Directory Master - Mavericks
I am attempting to setup the "magic triangle" and one of the steps is to follow KB: Mac OS X 10.6 Server Admin: Disabling Kerberos After Setting Up an Open Directory Master
However, the command mentioned to disable Kerberos does not work on Mavericks as I get remove parameter not found. What is proper way to disable kerberos on a mavericks open directory master server so that Active Directory takes over for kerberos properly?
The article for the magic triangle configuration that I am following is: https://it.uoregon.edu/Magic-Triangle-setup
Also, is Apple's best practice in a "magic triangle" situation to join the client computers to OD and AD?Mavericks server seems to be smart enough to disable its Kerberos for you if you bind the server to AD before you create your OD Master.
if you want to use Workgroup Manager in Mavericks to manage preferences then yes you need to bind clients to AD and OD. We are doing this with Mavericks. it works.
however, Apple has now deprecated Workgroup Manager in favor of Profile Manager. If you switch to Profile Manager then you enroll clients to the server instead of binding them to OD.
pick yer poison. :-) -
Unable to create Open Directory master
Hi,
I just setup an iMac with Mac OS X Server 10.6. During setup, I set the domain name to "hodge.local". Now I can't create an Open Directory master, and the error message gives me no clue as to how to fix the problem... I was wondering if I had done something wrong, or if there was a way to solve the problem.
Thanks in advance.the .local is usually a bad idea for a domain in OS X. OS X uses .local for bonjour/rendezvous stuff and that can cause conflicts.
The basics when setting up an OD master - install OS X Server and run setup (which is automatic) but son;t start any services except DNS. Configure DNS, then make your server an OD master. Once that works, start other services.
For more helpful details, try this.
http://www.wazmac.com/serversnetwork/fileservers/osxserversetupnotes.htm
and post back if you try all that and still have questions.
Jeff -
What is the impact of destroying and re-creating from scratch the Open Directory Master?
In order to try and solve some nasty issues hat I have since upgrading to OS X Server 3,0 I am considering completely destroying my OD Master and re-creating the users and groups from scratch. Before doing so (of course I will have multiple backups) I would like to understand:
1. When re-creating the users and groups is it sufficient to use the same ‘Unix’ groupid and userid numbers or do I also need to use the original GeneratedUIDs (is that even possible)? Are there any other aspects of the users/groups that I need to be sure to preserve?
2. Will there be any impact to services and their data from doing this? Specifically, I have users with data in Mail, Calendar, Contacts and the WiKi. Will they still be able to access their data after the OD destroy/re-create or is that data somehow tied to more than just the username (e.g. does it use the user/group UUID or indeed any other UUID from OD)?
3. Will there be any impact to OS X clients bound to the OD? Should I unbind them before destroying and re-bind them afterwards? Will there be any negative impact on the network users who log in via these systems (they all have ‘mobile’ accounts which do *not* sync to the server - all their data is local to the client)?
Thanks in advance for any advice especially from anyone who has gone through this process.
ChrisHi Rob,
I have solevd my issue and I did not need to destroy / re-create the Open Directory. See my post here https://discussions.apple.com/thread/5785838 for all the gory details. The long and the short of it was that my problems all came from a point in the past when I changed the hostname of my server after I had created the Open Directory master. Seems like that is a very bad idea! Based on what I found it seems liek any small flaw in DNS forward and reverse name resolution can also cause similar issues. I don't knwo if either of thsoe may apply to your situation?
As part of troubleshooting my issue I actually created a 'replica' of my server setup on another machine includingthe OD and associated users and groups. What I found was that many services (certainly mail, calendar and contacts) depend completely on the OD users and groups UUIDS. So if you wish to preserve user's data across an OD destroy and re-create it is vital that you carefully note for each group its Unix GID and its OD UUID and for each user their Unix uid, primary group id and UUID. When you are re-creating your OD master, as you create each group, use Directory editor to change its UUID to the original value. Similarly for Users. If you don't then users will no longer have access to any existign Mail, Contacts or Calendar data afterwards!
HTH,
Chris -
Open Directory Master creation failure.
I am running into consistent Failures while attempting to setup Open Directory Master on 10.8 server. It seems to fail in creating an Intermidiary CA and suggests there is already one. I have combed Keychain for, and removed any entires that refer to the suggested cert. Yet I am still unable to get this OD Master up and running. Here's the log files:
2012-09-10 18:49:05 +0000 Success. Master creation is possible.
2012-09-10 18:49:12 +0000 Success. Master creation is possible.
2012-09-10 18:49:13 +0000 slapconfig -createldapmasterandadmin
2012-09-10 18:49:13 +0000 command: /usr/bin/sntp -s time.apple.com.
2012-09-10 18:49:29 +0000 Success. Master creation is possible.
2012-09-10 18:49:29 +0000 Starting LDAP server (slapd)
2012-09-10 18:49:29 +0000 Waiting for slapd to start
2012-09-10 18:49:31 +0000 slapd started
2012-09-10 18:49:31 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:49:46 +0000 command: /usr/sbin/slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
2012-09-10 18:49:46 +0000 Stopping LDAP server (slapd)
2012-09-10 18:49:54 +0000 Starting LDAP server (slapd)
2012-09-10 18:49:54 +0000 Waiting for slapd to start
2012-09-10 18:49:54 +0000 slapd started
2012-09-10 18:49:54 +0000 Save of LDAP configuration failed with error 2100
2012-09-10 18:49:54 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:49:54 +0000 adding new entry "olcOverlay=unique,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=nestedgroup,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay={0}odusers,olcDatabase={-1}frontend,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config"
2012-09-10 18:49:54 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:49:54 +0000 adding new entry "cn={9}customSchema,cn=schema,cn=config"
2012-09-10 18:49:54 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:49:55 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID
2012-09-10 18:49:55 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:49:55 +0000 Setting SASL realm to <DANDYBOX.NET>
2012-09-10 18:49:55 +0000 command: /usr/sbin/mkpassdb -setrealm DANDYBOX.NET
2012-09-10 18:49:55 +0000 command: /usr/sbin/mkpassdb -o -u diradmin -p -q
2012-09-10 18:49:56 +0000
2012-09-10 18:49:56 +0000 command: /usr/sbin/mkpassdb -setadmin 0x4fff1e36fb7811e1bd063c07545a924d 0
2012-09-10 18:49:57 +0000 Admin's entry UUID is: 77bfb2d2-4884-4303-a9b6-c1d39758ab9b
2012-09-10 18:49:57 +0000 Starting password server
2012-09-10 18:49:58 +0000 Stopping LDAP server (slapd)
2012-09-10 18:50:01 +0000 Starting LDAP server (slapd)
2012-09-10 18:50:01 +0000 Waiting for slapd to start
2012-09-10 18:50:01 +0000 slapd started
2012-09-10 18:50:01 +0000 Configuring Kerberos server, realm is DANDYBOX.NET
2012-09-10 18:50:01 +0000 command: /usr/sbin/kdcsetup -a diradmin -p **** -v 1 DANDYBOX.NET
2012-09-10 18:50:06 +0000 Opening ldapi connection to the LDAP user data
Opening ldapi connection to the LDAP auth data
Creating KDC for OD Master
Creating Kerberos directory
Creating KDC Config File
Creating Kerberos ACL file
Adding KDC config data to the KerberosKDC config record
Adding KDC config data to the KerberosClient config record
Creating KDC database
Using existing master key file
Creating Kerberos principal for 'diradmin'
Creating Kerberos auth authority for 'diradmin'
Creating Kerberos alt security identity for 'diradmin'
Successfully created KDC for OD Master
2012-09-10 18:50:06 +0000 command: /usr/sbin/sso_util configure -x -r DANDYBOX.NET -f /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -a diradmin -p **** -v 1 all
2012-09-10 18:50:06 +0000 command: /usr/sbin/mkpassdb -kerberize
2012-09-10 18:50:08 +0000 Updating user records and principals
2012-09-10 18:50:25 +0000 Asking OpenDirectoryConfig to bind to server: 127.0.0.1
2012-09-10 18:50:27 +0000 Attempting to open /LDAPv3/127.0.0.1 node
2012-09-10 18:50:27 +0000 Verified /LDAPv3/127.0.0.1 node is available
2012-09-10 18:50:29 +0000 command: /usr/sbin/sso_util info -r /LDAPv3/127.0.0.1 -p
2012-09-10 18:50:30 +0000 Creating root CA with DandyBox Open Directory Certification Authority
2012-09-10 18:50:32 +0000 Creating intermediate CA with IntermediateCA_DANDYBOX.NET_1
2012-09-10 18:50:32 +0000 ***Error creating intermediate CA. Error - The specified item already exists in the keychain.
2012-09-10 18:50:32 +0000 Intermediate CA creation failed with error - -25299
2012-09-10 18:50:32 +0000 Destroying OD master as CA creation failed with error 75
2012-09-10 18:50:32 +0000 Logging slapd container data to /var/run/slapconfig_error_1347303032
2012-09-10 18:50:32 +0000 Stopping LDAP server (slapd)
2012-09-10 18:50:34 +0000 command: /usr/sbin/slapcat -l /var/run/slapconfig_error_1347303032/user.ldif
2012-09-10 18:50:34 +0000 command: /usr/sbin/slapcat -b cn=authdata -l /var/run/slapconfig_error_1347303032/authdata.ldif
2012-09-10 18:50:34 +0000 Error retrieving kerberos realm
2012-09-10 18:50:34 +0000 CopyReplicaArray: ldap_search_ext_s failed
2012-09-10 18:50:34 +0000 Error retrieving replica array
2012-09-10 18:50:34 +0000 Deleting Cert Authority related data
2012-09-10 18:50:34 +0000 Removed directory at path /var/root/Library/Application Support/Certificate Authority/DandyBox Open Directory Certification Authority.
2012-09-10 18:50:35 +0000 No intCAIdentity, not removing int CA from keychain
2012-09-10 18:50:35 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2012-09-10 18:50:35 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2012-09-10 18:50:35 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2012-09-10 18:50:35 +0000 void _destroyLDAPServer(const char *): Failed to find computer record named dandybox.net$: 2100 Connection failed to the directory server.
2012-09-10 18:50:35 +0000 Updating ldapreplicas on primary master
2012-09-10 18:50:35 +0000 CopyPrimaryMaster: CopyLdapReplicas failed
2012-09-10 18:50:35 +0000 Unable to locate primary master
2012-09-10 18:50:35 +0000 Primary master node is nil!
2012-09-10 18:50:35 +0000 Unable to locate ldapreplicas record: 0 (null)
2012-09-10 18:50:35 +0000 Error setting read ldap replicas array: 0 (null)
2012-09-10 18:50:35 +0000 Error setting write ldap replicas array: 0 (null)
2012-09-10 18:50:35 +0000 ODRecord *_getODRecord(ODNode *, NSString *, NSString *, NSArray *): ODNodeRef parameter error
2012-09-10 18:50:35 +0000 int _removeReplicaFromConfigRecord(ODNode *, NSString *): ODRecord not found
2012-09-10 18:50:35 +0000 Error synchronizing ldapreplicas: 0 (null)
2012-09-10 18:50:35 +0000 Removing self from the database
2012-09-10 18:50:35 +0000 Warning: An error occurred while re-enabling GSSAPI.
2012-09-10 18:50:35 +0000 Stopping LDAP server (slapd)
2012-09-10 18:50:35 +0000 Stopping password server
2012-09-10 18:50:36 +0000 cleanKeytab: unable to retrieve default realm
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/__db.001.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/__db.002.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/__db.003.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/__db.004.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/__db.005.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/__db.006.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/alock.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.
2012-09-10 18:50:36 +0000 Removed directory at path /var/db/openldap/authdata.
2012-09-10 18:50:36 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.
2012-09-10 18:50:36 +0000 Removed file at path /etc/openldap/slapd.conf.
2012-09-10 18:50:36 +0000 Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist.
2012-09-10 18:50:36 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.
2012-09-10 18:50:36 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2012-09-10 18:50:36 +0000 Removed directory at path /etc/openldap/slapd.d.
2012-09-10 18:50:36 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2012-09-10 18:50:36 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2012-09-10 18:50:36 +0000 Removed directory at path /etc/openldap/slapd.d.backup.
2012-09-10 18:50:36 +0000 Stopping password server
2012-09-10 18:50:36 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.
2012-09-10 18:50:36 +0000 Removed file at path /var/run/slapconfig.lock.
2012-09-10 18:53:43 +0000 Success. Master creation is possible.
2012-09-10 18:53:49 +0000 Success. Master creation is possible.
2012-09-10 18:53:51 +0000 slapconfig -createldapmasterandadmin
2012-09-10 18:53:51 +0000 command: /usr/bin/sntp -s time.apple.com.
2012-09-10 18:53:51 +0000 Success. Master creation is possible.
2012-09-10 18:53:51 +0000 Starting LDAP server (slapd)
2012-09-10 18:53:51 +0000 Waiting for slapd to start
2012-09-10 18:53:53 +0000 slapd started
2012-09-10 18:53:53 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:54:06 +0000 command: /usr/sbin/slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
2012-09-10 18:54:07 +0000 Stopping LDAP server (slapd)
2012-09-10 18:54:16 +0000 Starting LDAP server (slapd)
2012-09-10 18:54:16 +0000 Waiting for slapd to start
2012-09-10 18:54:16 +0000 slapd started
2012-09-10 18:54:16 +0000 Save of LDAP configuration failed with error 2100
2012-09-10 18:54:16 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:54:16 +0000 adding new entry "olcOverlay=unique,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=nestedgroup,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay={0}odusers,olcDatabase={-1}frontend,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config"
2012-09-10 18:54:16 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:54:16 +0000 adding new entry "cn={9}customSchema,cn=schema,cn=config"
2012-09-10 18:54:16 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:54:16 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID
2012-09-10 18:54:16 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-10 18:54:16 +0000 Setting SASL realm to <DANDYBOX.NET>
2012-09-10 18:54:16 +0000 command: /usr/sbin/mkpassdb -setrealm DANDYBOX.NET
2012-09-10 18:54:17 +0000 command: /usr/sbin/mkpassdb -o -u diradmin -p -q
2012-09-10 18:54:18 +0000
2012-09-10 18:54:18 +0000 command: /usr/sbin/mkpassdb -setadmin 0xebf131c6fb7811e188913c07545a924d 0
2012-09-10 18:54:18 +0000 Admin's entry UUID is: dd9b2d61-725e-4e55-9692-844e7d923f90
2012-09-10 18:54:18 +0000 Starting password server
2012-09-10 18:54:19 +0000 Stopping LDAP server (slapd)
2012-09-10 18:54:22 +0000 Starting LDAP server (slapd)
2012-09-10 18:54:22 +0000 Waiting for slapd to start
2012-09-10 18:54:22 +0000 slapd started
2012-09-10 18:54:22 +0000 Configuring Kerberos server, realm is DANDYBOX.NET
2012-09-10 18:54:22 +0000 command: /usr/sbin/kdcsetup -a diradmin -p **** -v 1 DANDYBOX.NET
2012-09-10 18:54:27 +0000 Opening ldapi connection to the LDAP user data
Opening ldapi connection to the LDAP auth data
Creating KDC for OD Master
Creating Kerberos directory
Creating KDC Config File
Creating Kerberos ACL file
Adding KDC config data to the KerberosKDC config record
Adding KDC config data to the KerberosClient config record
Creating KDC database
Using existing master key file
Creating Kerberos principal for 'diradmin'
Creating Kerberos auth authority for 'diradmin'
Creating Kerberos alt security identity for 'diradmin'
Successfully created KDC for OD Master
2012-09-10 18:54:27 +0000 command: /usr/sbin/sso_util configure -x -r DANDYBOX.NET -f /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -a diradmin -p **** -v 1 all
2012-09-10 18:54:27 +0000 command: /usr/sbin/mkpassdb -kerberize
2012-09-10 18:54:29 +0000 Updating user records and principals
2012-09-10 18:54:52 +0000 Asking OpenDirectoryConfig to bind to server: 127.0.0.1
2012-09-10 18:54:55 +0000 Attempting to open /LDAPv3/127.0.0.1 node
2012-09-10 18:54:55 +0000 Verified /LDAPv3/127.0.0.1 node is available
2012-09-10 18:54:57 +0000 command: /usr/sbin/sso_util info -r /LDAPv3/127.0.0.1 -p
2012-09-10 18:54:58 +0000 Creating root CA with DandyBox Open Directory Certification Authority
2012-09-10 18:55:00 +0000 Creating intermediate CA with IntermediateCA_DANDYBOX.NET_1
2012-09-10 18:55:00 +0000 ***Error creating intermediate CA. Error - The specified item already exists in the keychain.
2012-09-10 18:55:00 +0000 Intermediate CA creation failed with error - -25299
2012-09-10 18:55:00 +0000 Destroying OD master as CA creation failed with error 75
2012-09-10 18:55:00 +0000 Logging slapd container data to /var/run/slapconfig_error_1347303300
2012-09-10 18:55:00 +0000 Stopping LDAP server (slapd)
2012-09-10 18:55:03 +0000 command: /usr/sbin/slapcat -l /var/run/slapconfig_error_1347303300/user.ldif
2012-09-10 18:55:03 +0000 command: /usr/sbin/slapcat -b cn=authdata -l /var/run/slapconfig_error_1347303300/authdata.ldif
2012-09-10 18:55:03 +0000 Error retrieving kerberos realm
2012-09-10 18:55:03 +0000 CopyReplicaArray: ldap_search_ext_s failed
2012-09-10 18:55:03 +0000 Error retrieving replica array
2012-09-10 18:55:03 +0000 Deleting Cert Authority related data
2012-09-10 18:55:03 +0000 Removed directory at path /var/root/Library/Application Support/Certificate Authority/DandyBox Open Directory Certification Authority.
2012-09-10 18:55:03 +0000 No intCAIdentity, not removing int CA from keychain
2012-09-10 18:55:03 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2012-09-10 18:55:03 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2012-09-10 18:55:03 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2012-09-10 18:55:03 +0000 void _destroyLDAPServer(const char *): Failed to find computer record named dandybox.net$: 2100 Connection failed to the directory server.
2012-09-10 18:55:03 +0000 Updating ldapreplicas on primary master
2012-09-10 18:55:03 +0000 CopyPrimaryMaster: CopyLdapReplicas failed
2012-09-10 18:55:03 +0000 Unable to locate primary master
2012-09-10 18:55:03 +0000 Primary master node is nil!
2012-09-10 18:55:03 +0000 Unable to locate ldapreplicas record: 0 (null)
2012-09-10 18:55:03 +0000 Error setting read ldap replicas array: 0 (null)
2012-09-10 18:55:03 +0000 Error setting write ldap replicas array: 0 (null)
2012-09-10 18:55:03 +0000 ODRecord *_getODRecord(ODNode *, NSString *, NSString *, NSArray *): ODNodeRef parameter error
2012-09-10 18:55:03 +0000 int _removeReplicaFromConfigRecord(ODNode *, NSString *): ODRecord not found
2012-09-10 18:55:03 +0000 Error synchronizing ldapreplicas: 0 (null)
2012-09-10 18:55:03 +0000 Removing self from the database
2012-09-10 18:55:03 +0000 Warning: An error occurred while re-enabling GSSAPI.
2012-09-10 18:55:03 +0000 Stopping LDAP server (slapd)
2012-09-10 18:55:03 +0000 Stopping password server
2012-09-10 18:55:04 +0000 cleanKeytab: unable to retrieve default realm
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/__db.001.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/__db.002.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/__db.003.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/__db.004.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/__db.005.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/__db.006.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/alock.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.
2012-09-10 18:55:04 +0000 Removed directory at path /var/db/openldap/authdata.
2012-09-10 18:55:04 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.
2012-09-10 18:55:04 +0000 Removed file at path /etc/openldap/slapd.conf.
2012-09-10 18:55:04 +0000 Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist.
2012-09-10 18:55:04 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.
2012-09-10 18:55:04 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2012-09-10 18:55:04 +0000 Removed directory at path /etc/openldap/slapd.d.
2012-09-10 18:55:04 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2012-09-10 18:55:04 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2012-09-10 18:55:04 +0000 Removed directory at path /etc/openldap/slapd.d.backup.
2012-09-10 18:55:05 +0000 Stopping password server
2012-09-10 18:55:05 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.
2012-09-10 18:55:05 +0000 Removed file at path /var/run/slapconfig.lock.
Any help would be much apreciated!new problem. here's the output of the config log:
2012-09-11 00:21:04 +0000 slapconfig -backupdb
2012-09-11 00:21:04 +0000 command: /usr/sbin/sso_util info -r /LDAPv3/127.0.0.1 -p
2012-09-11 00:21:04 +0000 1 Backing up LDAP database
2012-09-11 00:21:04 +0000 popen: /usr/sbin/slapcat -l /tmp/slapconfig_backup_stage17861ihVwZK/backup.ldif, "r"
2012-09-11 00:21:04 +0000 popen: /usr/sbin/slapcat -b cn=authdata -l /tmp/slapconfig_backup_stage17861ihVwZK/authdata.ldif, "r"
2012-09-11 00:21:04 +0000 popen: /bin/cp /var/db/openldap/openldap-data/DB_CONFIG /tmp/slapconfig_backup_stage17861ihVwZK/DB_CONFIG, "r"
2012-09-11 00:21:04 +0000 popen: /bin/cp /var/db/openldap/authdata//DB_CONFIG /tmp/slapconfig_backup_stage17861ihVwZK/authdata_DB_CONFIG, "r"
2012-09-11 00:21:04 +0000 popen: /bin/cp -r /etc/openldap /tmp/slapconfig_backup_stage17861ihVwZK/, "r"
2012-09-11 00:21:04 +0000 popen: /usr/sbin/mkpassdb -list > /tmp/slapconfig_backup_stage17861ihVwZK/sasl-plugin-list, "r"
2012-09-11 00:21:05 +0000 popen: /bin/hostname > /tmp/slapconfig_backup_stage17861ihVwZK/hostname, "r"
2012-09-11 00:21:05 +0000 popen: /usr/sbin/sso_util info -pr /LDAPv3/127.0.0.1 > /tmp/slapconfig_backup_stage17861ihVwZK/local_odkrb5realm, "r"
2012-09-11 00:21:05 +0000 2 Backing up Kerberos database
2012-09-11 00:21:05 +0000 popen: /usr/bin/tar czpf /tmp/slapconfig_backup_stage17861ihVwZK/krb5backup.tar.gz /var/db/krb5kdc/kdc.conf /var/db/krb5kdc/acl_file.* /var/db/krb5kdc/m_key.* /etc/krb5.keytab , "r"
2012-09-11 00:21:05 +0000 popen: /bin/cp /var/db/dslocal/nodes/Default/config/KerberosKDC.plist /tmp/slapconfig_backup_stage17861ihVwZK/KerberosKDC.plist, "r"
2012-09-11 00:21:05 +0000 3 Backing up configuration files
2012-09-11 00:21:05 +0000 popen: /bin/cp /Library/Preferences/com.apple.openldap.plist /tmp/slapconfig_backup_stage17861ihVwZK/, "r"
2012-09-11 00:21:05 +0000 popen: /usr/bin/sw_vers > /tmp/slapconfig_backup_stage17861ihVwZK/version.txt, "r"
2012-09-11 00:21:05 +0000 popen: /bin/cp -r /var/db/dslocal /tmp/slapconfig_backup_stage17861ihVwZK/, "r"
2012-09-11 00:21:05 +0000 Backed Up Keychain
2012-09-11 00:21:05 +0000 4 Backing up CA certificates
2012-09-11 00:21:05 +0000 Failed to backup CA data as Root/ Intermediate CA were not found
2012-09-11 00:21:05 +0000 5 Creating archive
2012-09-11 00:21:05 +0000 command: /usr/bin/hdiutil create -ov -plist -puppetstrings -layout UNIVERSAL CD -fs HFS+ -volname ldap_bk -srcfolder /tmp/slapconfig_backup_stage17861ihVwZK -format SPARSE /var/backups/ServerBackup_OpenDirectoryMaster
2012-09-11 00:21:14 +0000 Removed directory at path /tmp/slapconfig_backup_stage17861ihVwZK.
2012-09-11 00:21:14 +0000 Removed file at path /var/run/slapconfig.lock.
2012-09-11 00:26:03 +0000 slapconfig -updateaddresses
2012-09-11 00:26:04 +0000 _updateaddresses: successfully completed
2012-09-11 00:26:54 +0000 slapconfig -updateaddresses
2012-09-11 00:26:55 +0000 _updateaddresses: successfully completed
2012-09-11 00:27:34 +0000 slapconfig -updateaddresses
2012-09-11 00:27:35 +0000 _updateaddresses: successfully completed
2012-09-11 00:29:33 +0000 slapconfig -updateaddresses
2012-09-11 00:29:34 +0000 _updateaddresses: successfully completed
2012-09-11 01:40:20 +0000 Migrating OD master
2012-09-11 01:40:20 +0000 Removed file at path /Volumes/Server HD/var/db/openldap/openldap-data/DB_CONFIG.example.
2012-09-11 01:40:20 +0000 /private/var/db/openldap not preserved from previous system. Nothing to upgrade.
2012-09-11 01:40:20 +0000 Removed file at path /Volumes/Server HD/Library/Preferences/com.apple.openldap.plist.
2012-09-11 16:25:30 +0000 Success. Master creation is possible.
2012-09-11 16:25:36 +0000 Success. Master creation is possible.
2012-09-11 16:25:38 +0000 slapconfig -createldapmasterandadmin
2012-09-11 16:25:38 +0000 command: /usr/bin/sntp -s time.apple.com.
2012-09-11 16:25:38 +0000 Success. Master creation is possible.
2012-09-11 16:25:38 +0000 Starting LDAP server (slapd)
2012-09-11 16:25:38 +0000 Waiting for slapd to start
2012-09-11 16:25:41 +0000 slapd started
2012-09-11 16:25:41 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-11 16:25:58 +0000 command: /usr/sbin/slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
2012-09-11 16:25:58 +0000 Stopping LDAP server (slapd)
2012-09-11 16:26:06 +0000 Starting LDAP server (slapd)
2012-09-11 16:26:06 +0000 Waiting for slapd to start
2012-09-11 16:26:06 +0000 slapd started
2012-09-11 16:26:06 +0000 Save of LDAP configuration failed with error 2100
2012-09-11 16:26:06 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-11 16:26:06 +0000 adding new entry "olcOverlay=unique,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=nestedgroup,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay={0}odusers,olcDatabase={-1}frontend,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config"
2012-09-11 16:26:06 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-11 16:26:06 +0000 adding new entry "cn={9}customSchema,cn=schema,cn=config"
2012-09-11 16:26:06 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-11 16:26:06 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID
2012-09-11 16:26:07 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2012-09-11 16:26:07 +0000 Setting SASL realm to <SERVIN.DANDYBOX.NET>
2012-09-11 16:26:07 +0000 command: /usr/sbin/mkpassdb -setrealm SERVIN.DANDYBOX.NET
2012-09-11 16:26:07 +0000 command: /usr/sbin/mkpassdb -o -u diradmin -p -q
2012-09-11 16:26:08 +0000
2012-09-11 16:26:09 +0000 command: /usr/sbin/mkpassdb -setadmin 0x63c3d88efc2d11e1b45a3c07545a924d 0
2012-09-11 16:26:09 +0000 Admin's entry UUID is: d407cf7d-b3df-43bf-bc65-f6a3321fb30f
2012-09-11 16:26:09 +0000 Starting password server
2012-09-11 16:26:10 +0000 Stopping LDAP server (slapd)
2012-09-11 16:26:13 +0000 Starting LDAP server (slapd)
2012-09-11 16:26:13 +0000 Waiting for slapd to start
2012-09-11 16:26:13 +0000 slapd started
2012-09-11 16:26:13 +0000 dsproxy group already exists, reusing
2012-09-11 16:26:13 +0000 Configuring Kerberos server, realm is SERVIN.DANDYBOX.NET
2012-09-11 16:26:13 +0000 command: /usr/sbin/kdcsetup -a diradmin -p **** -v 1 SERVIN.DANDYBOX.NET
2012-09-11 16:26:19 +0000 Opening ldapi connection to the LDAP user data
Opening ldapi connection to the LDAP auth data
Creating KDC for OD Master
Creating Kerberos directory
Creating KDC Config File
Creating Kerberos ACL file
Adding KDC config data to the KerberosKDC config record
Adding KDC config data to the KerberosClient config record
Creating KDC database
Creating new random master key
Creating Kerberos principal for 'diradmin'
Creating Kerberos auth authority for 'diradmin'
Creating Kerberos alt security identity for 'diradmin'
Successfully created KDC for OD Master
2012-09-11 16:26:19 +0000 command: /usr/sbin/sso_util configure -x -r SERVIN.DANDYBOX.NET -f /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -a diradmin -p **** -v 1 all
2012-09-11 16:26:20 +0000 command: /usr/sbin/mkpassdb -kerberize
2012-09-11 16:26:22 +0000 Updating user records and principals
2012-09-11 16:26:42 +0000 Asking OpenDirectoryConfig to bind to server: 127.0.0.1
2012-09-11 16:26:42 +0000 Could not bind - The operation couldn\u2019t be completed. (com.apple.OpenDirectory error 4102.)
2012-09-11 16:26:42 +0000 Logging slapd container data to /var/run/slapconfig_error_1347380802
2012-09-11 16:26:42 +0000 Stopping LDAP server (slapd)
2012-09-11 16:26:46 +0000 command: /usr/sbin/slapcat -l /var/run/slapconfig_error_1347380802/user.ldif
2012-09-11 16:26:46 +0000 command: /usr/sbin/slapcat -b cn=authdata -l /var/run/slapconfig_error_1347380802/authdata.ldif
2012-09-11 16:26:46 +0000 Error retrieving kerberos realm
2012-09-11 16:26:46 +0000 CopyReplicaArray: ldap_search_ext_s failed
2012-09-11 16:26:46 +0000 Error retrieving replica array
2012-09-11 16:26:46 +0000 Deleting Cert Authority related data
2012-09-11 16:26:46 +0000 No intCAIdentity, not removing int CA from keychain
2012-09-11 16:26:46 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2012-09-11 16:26:46 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2012-09-11 16:26:46 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2012-09-11 16:26:46 +0000 void _destroyLDAPServer(const char *): Failed to find computer record named servin.dandybox.net$: 2100 Connection failed to the directory server.
2012-09-11 16:26:46 +0000 Updating ldapreplicas on primary master
2012-09-11 16:26:46 +0000 CopyPrimaryMaster: CopyLdapReplicas failed
2012-09-11 16:26:46 +0000 Unable to locate primary master
2012-09-11 16:26:46 +0000 Primary master node is nil!
2012-09-11 16:26:46 +0000 Unable to locate ldapreplicas record: 0 (null)
2012-09-11 16:26:46 +0000 Error setting read ldap replicas array: 0 (null)
2012-09-11 16:26:46 +0000 Error setting write ldap replicas array: 0 (null)
2012-09-11 16:26:46 +0000 ODRecord *_getODRecord(ODNode *, NSString *, NSString *, NSArray *): ODNodeRef parameter error
2012-09-11 16:26:46 +0000 int _removeReplicaFromConfigRecord(ODNode *, NSString *): ODRecord not found
2012-09-11 16:26:46 +0000 Error synchronizing ldapreplicas: 0 (null)
2012-09-11 16:26:46 +0000 Removing self from the database
2012-09-11 16:26:46 +0000 Stopping LDAP server (slapd)
2012-09-11 16:26:46 +0000 Stopping password server
2012-09-11 16:26:47 +0000 cleanKeytab: unable to retrieve default realm
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/__db.001.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/__db.002.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/__db.003.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/__db.004.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/__db.005.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/__db.006.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/alock.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.
2012-09-11 16:26:47 +0000 Removed directory at path /var/db/openldap/authdata.
2012-09-11 16:26:47 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.
2012-09-11 16:26:47 +0000 Removed file at path /etc/openldap/slapd.conf.
2012-09-11 16:26:47 +0000 Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist.
2012-09-11 16:26:47 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.
2012-09-11 16:26:47 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2012-09-11 16:26:47 +0000 Removed directory at path /etc/openldap/slapd.d.
2012-09-11 16:26:47 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2012-09-11 16:26:47 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2012-09-11 16:26:47 +0000 Removed directory at path /etc/openldap/slapd.d.backup.
2012-09-11 16:26:47 +0000 Stopping password server
2012-09-11 16:26:48 +0000 Removed file at path /etc/ntp_opendirectory.conf.
2012-09-11 16:26:48 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.
2012-09-11 16:26:48 +0000 Removed file at path /var/run/slapconfig.lock.
Thanks again for any help. DNS is correct, certs are not present, using FQDN. -
How to repair Open Directory Master after Changing Hostname
Summary:
How to repair Open Directory after Changing your Server's Hostname (see separate post)
Problem:
I had to change our server's hostname from a private hostname (server.name.private) to a public hostname (name.dyndns.org).
Procedure:
1. Precautions:
Since I was anticipating major dramas I tested the change of hostname on a clone ( I used Super Duper, and I very strongly advise everybody to heed this warning because a change of hostname will corrupt your server services, in particular Open Directory)
Second, I exported the network users from Server Admin and copied the archive to the Drop Folder of the server's local account (because the network accounts will be unavailable after demoting the OD Master.)
2. Change hostname and demote OD Master
a) I re-booted the server from the clone
b) I changed the hostname in Server App and I noticed that the Open Directory Password and the Kerberos database were still stuck with the old hostname.
c) I then demoted to a standalone directory (Server Admin) and I tried to promote the server to an OD Master using the Server App (Manage Network Accounts). Server App always returned an error saying I should check my network settings.
3. List of 'fixes'
I tried the following fixes to no avail (which does not mean that you can skip them)
a) I checked the DNS entries, forward and reverse were working fine (sudo checkip -changehostname)
b) Checked with Lookup in Network Utility, all was fine
c) I deleted all system certificates (Keychain) which showed the name of the previous hostname
( N.B. you need not delete email certificate and private/public keys)
d) I tried to assign a new static IP in Networking Preferences (had no visible result)
e) I re-booted from the working drive and I re-paired permissions on the clone; I ran disk repairs.
Despite all this I could not re-create an OD Master.
I then looked for this dubious folder /var/root/Library/Application Support/Certificate Authority.
I could not find this folder when using the Finder's Go To Folder, nor did "Easy Find" see this folder.
I was about to give up when I read the posts on this page and I entered the Terminal commands
sudo rm -R /var/root/Library/Application\ Support/Certificate\ Authority/
I had not much hope when I set about to re-create the OD Master from the Server App.
But lo and behold !!! I did not trust my eyes when Server App claimed that the OD Master had been successfully created. And indeed, Server admin showed a running OD Master, LDAP, Kerberos and Password Server all running again !
Final touch: re-import the user accounts.
Epilogue:
I woud not have been able to fix this issue had not so many others shared their experience and the working solution.
(Refer : https://discussions.apple.com/thread/3219325?start=0&tstart=0 )
Thank you all !
Let's hope that Apple will fix this annoying issue in the next server update.
Regards,
TwistanHi Rhyan,
Please try clearing the security cache
http://www.sharepointanalysthq.com/2014/05/active-directory-groups-and-sharepoint-security/
https://sergeluca.wordpress.com/2013/07/06/sharepoint-2013-use-ag-groups-yes-butdont-forget-the-security-token-caching-logontokencacheexpirationwindow-and-windowstokenlifetime/
http://webactivedirectory.com/active-directory/windows-active-directory-cached-user-credentials/
Please remember to click 'Mark as Answer' on the answer if it helps you -
Can´t configure Open Directory Master
After a reinstall I can´t config Open Directory Master. I have this logs:
Mar 4 12:22:28 servidor slapd[14293]: @(#) $OpenLDAP: slapd 2.4.23 (Oct 19 2011 00:16:13) $
[email protected]:/private/var/tmp/OpenLDAP/OpenLDAP-186.2~3/servers/slapd
Mar 4 12:22:28 servidor slapd[14293]: daemon: SLAP_SOCK_INIT: dtblsize=8192
Mar 4 12:22:28 servidor slapd[14293]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
Mar 4 12:22:28 servidor slapd[14293]: slapd starting
Mar 4 12:22:28 servidor slapd[14293]: daemon: posting com.apple.slapd.startup notification
Mar 4 12:22:47 servidor slapd[14293]: SASL [conn=1025] Failure: no secret in database
Mar 4 12:22:50 servidor slapd[14293]: SASL [conn=1028] Failure: no secret in database
Mar 4 12:22:51 servidor slapd[14293]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Mar 4 12:22:51 servidor slapd[14293]: conn=1014 op=37: attribute "entryCSN" index delete failure
Mar 4 12:23:10 servidor slapd[14293]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Mar 4 12:23:10 servidor slapd[14293]: conn=1014 op=101: attribute "entryCSN" index delete failure
Mar 4 12:23:17 servidor slapd[14293]: SASL [conn=1036] Failure: no secret in database
Mar 4 12:23:20 servidor slapd[14293]: SASL [conn=1040] Failure: no secret in database
Mar 4 12:23:47 servidor slapd[14293]: SASL [conn=1098] Failure: no secret in database
Mar 4 12:23:51 servidor slapd[14293]: SASL [conn=1111] Failure: no secret in database
Mar 4 12:24:18 servidor slapd[14293]: SASL [conn=1179] Failure: no secret in database
Mar 4 12:24:21 servidor slapd[14293]: SASL [conn=1182] Failure: no secret in database
Mar 4 12:24:24 servidor slapd[14293]: daemon: shutdown requested and initiated.
Mar 4 12:24:24 servidor slapd[14293]: daemon: posting daemon shutdown notification.
Mar 4 12:24:24 servidor slapd[14293]: slapd shutdown: waiting for 0 operations/tasks to finish
Mar 4 12:24:30 servidor slapd[14293]: slapd stopped.
and:
2012-03-04 12:04:51.855 CET - opendirectoryd (build 172.10) launched...
2012-03-04 12:04:52.073 CET - Logging level limit changed to 'error'
2012-03-04 12:04:52.153 CET - Initialize trigger support
2012-03-04 12:04:52.486 CET - Registered node with name '/Active Directory' as hidden
2012-03-04 12:04:52.487 CET - Registered node with name '/Configure' as hidden
2012-03-04 12:04:52.487 CET - Discovered configuration for node name '/Contacts' at path '/Library/Preferences/OpenDirectory/Configurations//Contacts.plist'
2012-03-04 12:04:52.487 CET - Registered node with name '/Contacts'
2012-03-04 12:04:52.575 CET - Registered node with name '/LDAPv3' as hidden
2012-03-04 12:04:52.620 CET - Registered node with name '/Local' as hidden
2012-03-04 12:04:52.672 CET - Registered node with name '/NIS' as hidden
2012-03-04 12:04:52.697 CET - Discovered configuration for node name '/Search' at path '/Library/Preferences/OpenDirectory/Configurations//Search.plist'
2012-03-04 12:04:52.698 CET - Registered node with name '/Search'
2012-03-04 12:04:52.920 CET - Loaded bundle at path '/System/Library/OpenDirectory/Modules/legacy.bundle'
2012-03-04 12:04:53.159 CET - Loaded bundle at path '/System/Library/OpenDirectory/Modules/search.bundle'
2012-03-04 12:04:54.162 CET - '/Search' has registered, loading additional services
2012-03-04 12:04:54.162 CET - Initialize augmentation support
2012-03-04 12:04:54.217 CET - Loaded bundle at path '/System/Library/OpenDirectory/Modules/SystemCache.bundle'
2012-03-04 12:04:54.247 CET - Successfully registered for Kernel identity service requests
2012-03-04 12:04:54.264 CET - Loaded bundle at path '/System/Library/OpenDirectory/Modules/PlistFile.bundle'
2012-03-04 12:04:54.310 CET - Loaded bundle at path '/System/Library/OpenDirectory/Modules/FDESupport.bundle'
2012-03-04 12:04:54.707 CET - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ConfigurationProfiles.bundle'
2012-03-04 12:04:54.708 CET - Registered subnode with name '/Local/Default'
2012-03-04 12:05:17.128 CET - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ldap.bundle'
2012-03-04 12:07:47.863 CET - Loaded bundle at path '/System/Library/OpenDirectory/Modules/configure.bundle'
2012-03-04 12:07:48.030 CET - Loaded bundle at path '/System/Library/OpenDirectory/Modules/keychain.bundle'
2012-03-04 12:08:42.226 CET - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClient.bundle'
2012-03-04 12:10:17.881 CET - Registered subnode with name '/LDAPv3/127.0.0.1'
2012-03-04 12:10:29.747 CET - Unregistered node with name '/LDAPv3/127.0.0.1'
2012-03-04 12:24:08.488 CET - Registered subnode with name '/LDAPv3/127.0.0.1'
2012-03-04 12:24:30.792 CET - Unregistered node with name '/LDAPv3/127.0.0.1'
Anyone may help me?It happens after a clean install and posterior data recovery through TimeMachine. With Server Admin it was imposible change Standalone to Master.
Thanks a God I have only a few users and after a hard week end I back up data and I did a new clean installation with a enterely new OD.
Thanks for your interest. -
Unable to set up Kerberos when creating Open Directory Master-beginner!
I'm trying to promote a standalone server to an Open Directory master.
In the Kerberos section I am typing my FQDN into the Realm field
which is studioserver.example.com.
However the searchbase is already filled with dc=studioserver,dc=local
I've tried every different permutation but when I save the settings, the overview shows that Kerberos is stopped and therefore no KDC is created.
I've used Lookup to confirm that DNS is ok...could this still be the problem?
Any help much appreciated.Hi
If DNS is configured correctly then the Kerberos Realm and search base fields will be both filled in automatically. The only difficult you have to do is decide on the Directory Administrator name and password and click OK.
The only way out of this is to demote back to Standalone. This will trash the LDAP configuration and database effectively allowing you to start again. Export any users and groups first. Home folders (if you have created any) will not be affected.
Go back and stop the DNS Service and delete the configuration you have in there, stop any other service you have running as well as deleting any configuration that depends on DNS. If you have configured DHCP, stop this and delete the configuration. Restart the server. Start simple file services first, AFP etc and then move onto DNS. Make sure this is resolving correctly. Avoid .local.
Follow the instructions given in the first thread.
You could also download the Open Directory Administration Manual from here:
http://www.apple.com/support/manuals/macosxserver/
Tony -
10.7.2: still can't replicate 10.6 Open Directory or restore from backup
I am trying to migrate my Open Directory (OD) database from an Xserve running 10.6.8 to an iMac running 10.7.2 now. As before the update to 10.7.2, I am unable to make the Lion server an OD replica of the OD database running on Snow Leopard.
This is what I do (please let me know, if anyting I do is wrong):
On the Snow Leopard Server (SLS) in the Server Admin utility, I go to the Open Directory service, the "Archive" subsection, choose a target directory for "Archive In", and click on the Archive button. I am then asked to name my archived database and provide a password. Let's say, it is "OD Archive," the file generated will be "OD Archive.sparseimage".
I copy this Sparseimage to the deskop of my Leopard Server (LS).
I then open the same place in the Server Admin utility on the LS. In the "Restore from" section I browse to the LS desktop and "Choose" the saved Sparseimage. I click on "Restore," at which point I am asked for the password of the archived OD database. When I supply it, it appears that my OD archive is being imported.
However, going into the Workgroup Manager on the LS, and logging in as diradmin, into /LDAPv3/127.0.0.1, shows no users from my SLS having been migrated. Why has this still not been fixed?
Likewise, when I try to make the LS an Open Directory replica of the SLS, I again, even after this updated informed that my OD database admin credentials are incorrect, when they are not. I had surely expeced a fix for this by the time we reached 10.7.2.Historically you have not been able to mix versions between an Open Directory Master and Replica, that is both would either have to be Snow Leopard, or both would have to be Lion.
I have not tried upgrading to Lion this way (I am currently leaving my servers on Snow Leopard) but I can suggest the following based on experiences with Snow Leopard Servers.
As you already appear to have done, in Snow Leopard Server make an Archive of your Open Directory setup
Make sure you also have a backup of the entire Snow Leopard Server so you can go back to it if you can't successfully move to Lion
Setup the hostname, IP address and DNS records (which might mean setting up a DNS server) for the new Lion Server
Check this using the command line
sudo changeip -checkhostname
Make the new Lion Server in to a new empty Open Directory Master
Test this new Open Directory Master by creating a test user and then deleting afterwards
Now move on to the restoring of the Open Directory Archive, when I did this last time, I found that I was given two choices, either to completely replace the Open Directory with the one from the Archive, or to merge the two together. I found that trying to replace failed and resulted in an empty Open Directory like you report, I found that chosing merge did work successfully
If the above still does not work, then you might have to consider the following alternative approach.
On the Snow Leopard Server in Workgroup Manager export all the user accounts except the Admin and DirAdmin accounts
Optionally export all the Groups
Optionally export all the Computer Groups
Setup the new Lion Server
Create a new empty Open Directory
Import the files exported from Workgroup Manager
This will not keep the original passwords. You will have to set a password for each account. -
Converting from Standalone to Open Directory Master
I want to change my server to an Open Directory Master from a standalone server so that mail clients can use Kerberos to send and receive email. I want to do this just to increase security measures on my network. I have been sucessfully running the server for 3 years or so but am not very knowlegable about Open directories.
My questions is this.
1. Is there any documentation on makeing the change to Open Directory Master with the sole purpose of being able to Authenticate using Kerberos for mail clients. Step by step would be great.Take a look at www.afp548.com for some good tutorials on the subject.
The admin guide should have step by step instructions as well.
One thing, you will need to move your users from the local "domain" to the OD "domain" in order for them to use kerberos. e.g. all your current user records have a dir node path of "/Users", and you will need to move them to "LDAPv3/127.0.0.1/Users".
Hope this gets you started
- Leland
Maybe you are looking for
-
Installing Windows XP on Bootcamp
I recently applied to a new college and found out that they offer free Microsoft software. I happen to own a Macbook Pro, it's about 3 years old but works great. The problem I face is that I have to install Microsoft XP onto bootcamp for my programmi
-
Flash Cs6 incredibly sluggish save time, & unable to save document as
I am using Flash CS6, animating on ones with the brush tool. my timeline is 100 frames long, there arent keyframes on every frame, but there are a lot of them. my .fla file is 79mb. there is only one thing in my library - a 15 second .wav audio fi
-
Want to go wireless on blueray player but don't know how
I have a panasonic blueray player that can stream netflix. Does anyone know how I can use my wireless router with the blue ray?
-
Total number of records loaded into ODS and in case of Infocube
hai i loaded some datarecords from Oracle SS in ODS and Infocube. My SOurceSytem guy given some datarecords by his selection at Oracle source system side. how can i see that 'how many data records are loaded into ODS and Infocube'. i
-
Itunes on my macbook started freezing after I turned on homesharing on Itunes and began backing up my system using Time Capsule. Whenever I insert a CD itunes locks up completely. My operating system is up to date-- 10.7.4. I have a new Mac Mini and