New Open Directory System - Losing Licensing Information

Similar Messages

• Error creating new Open Directory domain

  The wizard for creating a new Open Directory domain in Server.app on Mountain Lion responds with the following error message:
       "An error occurred while configuring My Server as a directory server.  Please check your network configuration and try again."
  Not very helpful.  How do find out what the actual error is?
  Thanks.

  Can anyone translate these log messages?
  Aug 12 05:22:26 myhost.mydomain.com kdc[60240]: label: default
  Aug 12 05:22:26 myhost.mydomain.com kdc[60240]:         dbname: od:/Local/Default
  Aug 12 05:22:26 myhost.mydomain.com kdc[60240]:         mkey_file: /var/db/krb5kdc/m-key
  Aug 12 05:22:26 myhost.mydomain.com kdc[60240]:         acl_file: /var/db/krb5kdc/kadmind.acl
  Aug 12 05:22:26 myhost com.apple.launchd[1] (com.apple.Kerberos.kpasswdd[60241]): Exited: Killed: 9
  Aug 12 05:22:26 myhost com.apple.launchd[1] (com.apple.Kerberos.kpasswdd): Throttling respawn: Will start in 10 seconds
  Aug 12 05:22:26 myhost com.apple.launchd[1] (com.apple.Kerberos.kadmind[60242]): Exited: Killed: 9
  Aug 12 05:22:26 myhost com.apple.launchd[1] (com.apple.Kerberos.kadmind): Throttling respawn: Will start in 10 seconds
  Aug 12 05:22:26 myhost.mydomain.com kdc[60240]: WARNING Found KDC certificate (O=System Identity,CN=com.apple.kerberos.kdc)is missing the PK-INIT KDC EKU, this is bad for interoperability.
  Aug 12 05:22:26 myhost.mydomain.com kdc[60240]: KDC started
  Aug 12 05:22:26 myhost.mydomain.com Server[46707]: An error occurred while configuring My Mac Mini Server as a directory server:
          Error Domain=XSActionErrorDomain Code=-1 "A child action failed" UserInfo=0x7fb854a2ad90 {XSActionErrorActionsKey=(
              "Creating Open Directory master"
          ), NSLocalizedDescription=A child action failed}

• Unable To Create New Open Directory Master

  I have a brand new installation of MacOS X Mountain Lion Server, latest version, in a brand new Mac Mini. This Mac Mini is being co-located in a data centre, and I am setting it up via remote access (screen sharing). The data centre has setup DNS zone records for my domain, including a reverse DNS PTR record, and everything in the DNS is working fine.
  During the installation of Server, when the installer asked for the type of 'Host Name', I selected 'Host name for Internet'. The installer was able to use the IP address of the Mac Mini to automatically find the correct host name, and configure it. Once the installation was complete, no services were turned on - not even DNS, as the installer probably figured out that DNS services were being handled externally.
  The first thing I went to try and do was to turn on Open Directory. I turn the service on, and a sheet comes down, where I select to "Create a new Open Directory Domain". I click 'next', and on the next sheet I enter the OD Administrator's details, and password. Click 'next' again, and then I get the following message:
  "This computer's host name is invalid.
  The host name does not resolve to any configured address of this computer. Please ensure the host name is correct."
  Opening Terminal app, and typing "hostname", I get the correct hostname, as showing in Server app itself.
  Entering "sudo changeip -checkhostname" in Terminal app, I get all correct details for the IP address and host name of the machine, and the message: "The names match. There is nothing to change. dirserv:success = 'success'"
  I finally tried getting Server app to change the host name itself - going into the Server pane, select the 'Network' tab, and in the 'Names' section, next to the host name, click on the "Edit..." button. Again, went through the wizard, and the wizard again was able to find the hostname automatically from the machine's IP address. Once the 'changing' process was completed, I went to try and initialise Open Directory, and again, got the same message.
  Can anyone shed any light? Any suggestion would be welcome at this stage...

  MrHoffman, thank you for your guidance. You have, however, given me a bit of a headache.
  MrHoffman wrote:
  127.0.0.1 is likely going to be incorrect here.  Please reference the DC DNS servers, and not a local server.  If you're in a DC and particularly with a public-facing host without an outboard firewall to block DNS traffic, you likely do not want to be running your own local DNS services.
  As described previously, the server was referencing the DC DNS servers. The server was not running its own DNS service. Open Directory was not able to detect that the ip address and the hostname were correct with this setup - even though the command line on the server as well as externally showed that all DNS records were setup correctly, and that the IP address and hostname matched. The server's own installation wizard and 'Change Host Name' wizard automatically detected the hostname from the machine's ip address - by consulting the reverse DNS PTR record in the DC DNS servers.
  Starting the server's own DNS server - and adding '127.0.0.1' to the top of the DNS list in Preferences - allowed me to create the Open Directory master, finally. Of course, the internal DNS server was setup so that only the server itself could access it - it was closed to any other machines - and even then, I had it running only momentarily: once Open Directory created its master domain, I switched DNS service off, and removed '127.0.0.1' from the DNS list in Prefences.
  With that setup, everything seemed to work fine. All users were able to login, access their share points and their mail.
  MrHoffman wrote:
  For the host name, the host name would usually be the FQDN fully-qualified domain name, and "example.com" isn't usually a host name.  You'd usually find somehostname.example.com here
  That is the only machine in the domain. All public sub-domains - like 'mail', 'www' or 'calendar' - point to the same machine. The reverse DNS PTR record points to the higher-level domain "example.com".
  Your warning, however, made me worried:
  MrHoffman wrote:
  I'd probably rebuild the OD configuration, as I'd wonder of OD now had a bogus host name.  Once bad DNS gets involved, the entanglements can be quite pernicious..
  So I decided to heed your advice, and rebuild OD. I deleted the Open Directory master, and tried rebuilding it with DNS service turned off. As before, OD insists that "the host name does not resolve to any configured address of this computer", and refuses to create the new Master. I ended up following the procedure above again - switching DNS service on temporarily to get OD to work.
  The problem is, that now no user can connect to the server anymore. Everyone keeps getting a message stating that their password is wrong - including users on their iPhones and iPads.
  I suspect that when I created the new OD Master, it created a new certificate, and that is what is causing problems. While I could try to get the desktop users to delete the old certificates from their keychain, this is not really an option for iPhone/iPad users.
  Where do I go from here? After almost 24 hours straight dealing with this, I'm at the end of my rope...

• Move user files and preferences to new open directory log in

  I have a machine that I have been using for a few months. I log in to the machine as an admin user. We just put in a new MAC OS X server and are going to be using Open Directory and probably Mobility on the users.
  Is it possible to move or duplicate current state (preferences, passwords, bookmarks, email, etc.) of my computer to a new Open Directory log in on the same computer. If i can what is going to be the easiest way.
  Both the sever and my machine are 10.5.6.

  If you're logged into the old drive, select GO from the FInder menu while holding the option key down. Select Library from the submenu. This is your Home Library.
  The Mail folder will contain all accounts, mailboxes, and account preferences.
  The Mail application preferences will be stored in the Preference folder.
  For "what files you need" , that depends on what you're trying to accomplish. What are you trying to do?

• Can't create new open directory user

  hi.
  If I use the workgroupmanager to create a new user it automatically creates one with a "crypt" password.
  first it is shown as open directory, but then if I re-load, it says "crypt" password.
  If I try to change it to open directory the system tells me that I am not authorized to do so.
  it does not matter if I try the workgroupmanager locally or via my macbook remotely.
  if I create them via the server preferences it works fine.
  since I am a newbie here, maybe I am doing something wrong... ideas? please.
  thanks.
  martindavid

  Check out this tread, you are not alone but there doesn't seem to be a single solution...
  http://discussions.info.apple.com/thread.jspa?threadID=2262981
  I had this code and MY solution came from the fact that I had turned OFF DNS because I couldn't see that "I" was using it. turning it back on and ensuring that it was correctly configured solved it for me!

• New open directory account doesn't create mail account

  Hi All
       I have a Mac Mini with lion server, Fresh out of the box i messed with it a few times to learn and then i did a clean (internet) install and started with the settings i wanted (hostname, etc) with no mistakes. (It seems Lion doesn't like applhying most changes)
  When i set it up i created one local admin user that won't be in the open directory.
  Anyway, I've set up the following :
  * Address Book
  * File Sharing
  * iCal
  * Mail
  * Profile Manager
  * and VPN
  The first open directory user i added was myself and that user managed to get assigned an email account.
  Susiquent users i've added have not been registered with the mail subsystem.
  I've checked this using the "Server Admin" additional download management tool. (Mail service on the left, Maintenance up the top and then accounts uder that)
  There is only one mail account and thats the first one i've added.
  I havn't played with the settings so other than switching things on it should "just work" but it doesn't.
  I've prevously setup vmail servers using mysql to store the accounts with postfix and courioer imap but that was in some ways simpler as nothing was under the covers. I havn't dug too much into the dovecot config files, etc as i believe there is an all knowing server configuration engine at work here that isn't doing its job (which i havn't dug into)
  Has anyone had this issue of the mail accounts not being created?
  Or can anyone point me to a fix?

  It seems to have something to do with profile manager.
  I get stack traces in the "system messages" logs for the "Server" application, grrrr.
  I'll get that info and attempt to submit a but report tonight.

• Brand new Open Directory server not authenticating 10.9, 3.3.2

  I'm hoping somebody here has ran into this as it's driving me up a wall.
  I'm on a completely clean install of OS X Mavericks, with the installation from the App Store.
  On top of that, a completely clean install of Server.app 3.2.2 is installed.
  This server has a FQDN, and when I check to see if the hostname resolves in DNS, it totally does. DNS is not turned on as a service, but DNS server settings are correct and the server can hit the outside internet just fine.
  So my steps are as follows: Install Mavericks, clean onto a new partition. Update with all patches. Set Static IP. Install Server 3.2.2 which installs without error. Check hostname settings. All good there. Verify permissions. Create OD Master. I cannot get a single newly created with Server.app Local Network user to log in, even with home folders all 100% local to the client machine. I've unbound and rebound the client machine. I've restarted everything. Nothing.
  When attempting to log in, if I set it to reset password at next login, the prompt to reset the password will appear. I know at least initial auth is taking place, or I wouldn't be getting a password reset screen. After attempting to reset the password, neither the original temporary nor reset password will work. Users cannot log in.
  Here are the errors generated, with my info edited out:
  Jan 14 17:49:35 server slapd[111]: passwd_extop: (null) changed password for uid=test,cn=users,dc=controller,dc=domain,dc=edu
  Jan 14 17:49:35 server slapd[111]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
  Jan 14 17:49:35 server slapd[111]: conn=1181 op=3: attribute "entryCSN" index delete failure
  Jan 14 17:49:41 server slapd[111]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
  Jan 14 17:49:41 server slapd[111]: conn=1197 op=3: attribute "entryCSN" index delete failure
  I understand this is common for users upgrading from 10.6.8 but this is completely clean. I'm not usually administering an OS X server; I'm completely lost.
  Have tried: Recreating master, rekerberizing
  Using scutil and host to verify the DNS on the server works perfectly. Am I missing something small with DNS? We are a fairly large org with DNS not being provided by this server. If you think a different log file would help, please let me know which one.

  What do you get from this:
  sudo /usr/libexec/slapd -Tt
  Anything in /Library/Logs/slapconfig.log?
  Also, have you tried the suggestion here:
  Open Directory - Local Network User/Group - GONE

• Strange Permissions problem when creating new Open Directory user

  I just set up a mac lab to authenticate to an Open Directory server which also stores home folders. All of the initial users I created work fine, there were about 50 users that I set up. When I added a new user this morning though, it would not allow him to access anything within his home folder (i.e. nothing worked)
  I went back to the server and took a look at the Users share and noticed that when his accound was created, instead of setting the owner of the folder to his username (xxx123) it was set to his userid number (1024). I did a chown on his directory to his username and he was then able to access his home directory from the clients.
  I realize I found a fix, but I would prefer to not have to do this every time I create a new user. Why is this happening?

  Have you used the "Role" drop-down to "SYSDBA"? - if not, you get the ORA-01017 error.

• Can't login to new open directory users

  I have a Mac Mini Server running 10.8.2 Server. I have existing users, most with no home directory and a couple with network home directories.
  However, any NEW users I add (in LDAPv3), they aren't able to login. When I create the user, the "access account" option is checked and stays checked after the user is configured & saved, and stays that way when I relauch Workgroup Manager.
  However, when I attempt to login to this user from a network comptuer, the "access account" checkbox gets unchecked. I can check it again and save the account, but when I reopen Workgroup Manager, it's unchecked.
  Help???

  Good tip from Francis.
  Last night I finaly was able to get things back to semi normal to summarise here are some tips that worked for me.
  Things first went wrong when I tried to add a new user in work group manager. After doing this I got some quite strange behaviour.
  The server appeared to hang when loggin on with the new user. but ssh to the server was working.  Finally after about 10 minutes I hit the reset button on the server it appeared to go into sleep mode then automagically it logged in the user. Wow did it work .... no,   Bad news other users could no longer ssh to the server... Arrrr.  Cause tracked down to Kerberous reported as no longer running... Clients (my family )  startign to report cant access services like email ... help... 
  Rather than all the pain of tryig to fix that this is what I did.
  1) Back up OD in Server Admin ( not Server.app) OD dosent show up there dont know why ??
  2) Make sure the DNS is working
  nslookup, dig, hostname commands ... all reported correctly  forward and reverse MYSERVER.MYDOMAIN.COM. domain and IP address.  I even re-ordered the DNS name so that the local address 192.168.10.X was reported first  on my local netwrok before the external ip of the server.
  3) Create a completly new OD by deleatign the old one by setting is as a stand alone then re-creating is as a new  master ( use Server Admin tool )
  Finally Kerbrous all reported as runnig ... Try again to add a user...
  4) Add new user in Workgroup manager open on server not remotly this didnt work.
  5) set home account with apf://fqd.name/Users/ 
  6) make sure home account is accessable on network.
  6) set shell
  7) in Server Admin give all permissions to services new user will need. such as ssh login as required.
  8) in Server.app ( not Server Admin or workgroup manager )
  check that new user appears.  The local OD must be in the Directory Exployer search path for this to happen
  and the server must be binded to this path.
  I added both /Ldap3/127.0.0.1  but also importantly /ldap3/MYSERVER.MYDOMAIN.COM
  9) in Server app click on the user then select the Advanced settings. Make sure user has home dir selectd as the correct /Users folder on the server
  ( this was not set at first and had the value of 99  no idea why ) there are also other important settings here.
  10) Finally restore OD with perevious backup to add back the rest of the users.
  Apparantly this actually does a merge not a overwrite.
  End state every thign finaly working .....
  except the iChat/jabber server for some reasion wont accept authanicate users.... rrrr.
  Bonjour works on the local network but well the point of havign a jabber server was for family in countary A to talk to grandparents  and have private secure video phone with country B so would have been nice if that worked
  Good luck
  Hope that helps 

• Open Directory & Solaris

  I have a few Solaris (8&9) servers that I need to authenticate to our new Open Directory System running on MAC OS X 10.4. The Sun boxes are currently using NIS. Has anyone done this yet?

  I have a few Solaris (8&9) servers that I need to authenticate to our new Open Directory System running on MAC OS X 10.4. The Sun boxes are currently using NIS. Has anyone done this yet?

• 10.7.2: still can't replicate 10.6 Open Directory or restore from backup

  I am trying to migrate my Open Directory (OD) database from an Xserve running 10.6.8 to an iMac running 10.7.2 now. As before the update to 10.7.2, I am unable to make the Lion server an OD replica of the OD database running on Snow Leopard.
  This is what I do (please let me know, if anyting I do is wrong):
  On the Snow Leopard Server (SLS) in the Server Admin utility, I go to the Open Directory service, the "Archive" subsection, choose a target directory for "Archive In", and click on the Archive button. I am then asked to name my archived database and provide a password. Let's say, it is "OD Archive," the file generated will be "OD Archive.sparseimage".
  I copy this Sparseimage to the deskop of my Leopard Server (LS).
  I then open the same place in the Server Admin utility on the LS. In the "Restore from" section I browse to the LS desktop and "Choose" the saved Sparseimage. I click on "Restore," at which point I am asked for the password of the archived OD database. When I supply it, it appears that my OD archive is being imported.
  However, going into the Workgroup Manager on the LS, and logging in as diradmin, into /LDAPv3/127.0.0.1, shows no users from my SLS having been migrated. Why has this still not been fixed?
  Likewise, when I try to make the LS an Open Directory replica of the SLS, I again, even after this updated informed that my OD database admin credentials are incorrect, when they are not. I had surely expeced a fix for this by the time we reached 10.7.2.

  Historically you have not been able to mix versions between an Open Directory Master and Replica, that is both would either have to be Snow Leopard, or both would have to be Lion.
  I have not tried upgrading to Lion this way (I am currently leaving my servers on Snow Leopard) but I can suggest the following based on experiences with Snow Leopard Servers.
  As you already appear to have done, in Snow Leopard Server make an Archive of your Open Directory setup
  Make sure you also have a backup of the entire Snow Leopard Server so you can go back to it if you can't successfully move to Lion
  Setup the hostname, IP address and DNS records (which might mean setting up a DNS server) for the new Lion Server
  Check this using the command line
  sudo changeip -checkhostname
  Make the new Lion Server in to a new empty Open Directory Master
  Test this new Open Directory Master by creating a test user and then deleting afterwards
  Now move on to the restoring of the Open Directory Archive, when I did this last time, I found that I was given two choices, either to completely replace the Open Directory with the one from the Archive, or to merge the two together. I found that trying to replace failed and resulted in an empty Open Directory like you report, I found that chosing merge did work successfully
  If the above still does not work, then you might have to consider the following alternative approach.
  On the Snow Leopard Server in Workgroup Manager export all the user accounts except the Admin and DirAdmin accounts
  Optionally export all the Groups
  Optionally export all the Computer Groups
  Setup the new Lion Server
  Create a new empty Open Directory
  Import the files exported from Workgroup Manager
  This will not keep the original passwords. You will have to set a password for each account.

• Open Directory PDC w/ profiles stored on another server

  Hello,
  I am working on a new Open Directory (OD) setup to consolidate our O/S authentication directories. I desire to have our OD act as our Windows PDC. However, I want the profiles to be stored on another Samba server. I tried setting 'logon path = \\myserver\%U\profile', but when a OD Windows client logs in the system does not create a new profile.
  Can an Open Directory Samba PDC store profiles on another server? If so, how do you do it?
  Thank you,
  Joe Kotran
  Mac Pro   Mac OS X (10.4.8)  

  SUMMARY
  Q: Can an Open Directory (OD) Samba Primary Domain Controller (PDC) store user profiles on a third party Samba / storage server?
  A: Yes! To do so set `logon path = \\$server\$user\$folder` in smb.conf on the OD server. This value will work for all accounts. You may also set individual profile paths in the Workgroup Manager GUI administration tool.
  If you experience a "cannot find profile" error when you first set this up, try setting `profile acls = yes` in the [homes] share of your Samba storage server.
  Mac Pro Mac OS X (10.4.8)

• Open directory fails upon set up

  Hi my name is Alan and I'm using a 2012 mac mini running 10.9.2. I was having problems with my open directory service so i made an archive of the master then deleted and tried to restore it. When I try to restore it or create a new open directory master I receive an error stating my server was successfully configured as a directory server, but an error occured. I have tried restarting server and rebooting the device to fix the issue with no luck. I have other services that are working like time machine and caching. Any thoughts? Thanks.

  Hi Alan , same conf as you , and curiously same issue. Can't figure how get this to work , any thoughts of what do they found in logs.
  Here I do  as root
  # slapconfig -destroylapdserver
  Then I remove /var/db/openldap
  But just it seems that I added a bunch of newnproblems to the one that I already have.
  # changeip -checkhostname stats no issues since he got's a primary address and current hotname equals DNS hostname which is by the way my FQDN so names match and dirserv:success = "success"
  But if we fire this one
  penelope:~ root# serveradmin fullstatus dirserv
  dirserv:logPaths:opendirectorydLog = "/var/log/opendirectoryd.log"
  dirserv:logPaths:ldapLog = "/var/log/slapd.log"
  dirserv:logPaths:passwordServiceServerLog = "/Library/Logs/PasswordService/ApplePasswordServer.Server.log"
  dirserv:logPaths:passwordServiceErrorLog = "/Library/Logs/PasswordService/ApplePasswordServer.Error.log"
  dirserv:logPaths:kdcLog = "/var/log/krb5kdc/kdc.log"
  dirserv:logPaths:slapconfigLog = "/Library/Logs/slapconfig.log"
  dirserv:LDAPServerType = "standalone"
  dirserv:state = "STOPPED"
  dirserv:readWriteSettingsVersion = 1
  Then try manual start up from the terminal
  penelope:~ root# serveradmin start dirserv
  2014-05-01 18:55:28.221 serveradmin[53764:507] servermgr_dirserv: received request to start the Directory Server
  2014-05-01 18:55:28.236 serveradmin[53764:507] servermgr_dirserv: an error occurred when starting the Directory Server: Directory Server is not configured - nothing to start
  dirserv:error = "Directory Server is not configured - nothing to start"
  penelope:~ root#
  uh oh ??
  What was logged in /var/log/slapd.log ?
  May  1 19:00:33 penelope.alliancejr.eu slapd[53941]: @(#) $OpenLDAP: slapd 2.4.28 (Nov 12 2013 12:02:47) $
                      [email protected]:/private/var/tmp/OpenLDAP/OpenLDAP-491.1~1/servers/slapd
  May  1 19:00:33 penelope.alliancejr.eu slapd[53941]: daemon: SLAP_SOCK_INIT: dtblsize=8192
  May  1 19:00:33 penelope.alliancejr.eu slapd[53941]: /etc/openldap/slapd_macosxserver.conf: line 229: invalid path: No such file or directory
  May  1 19:00:33 penelope.alliancejr.eu slapd[53941]: slapd stopped.
  So what is this line tells us ?
  227 # The database directory MUST exist prior to running slapd AND
  228 # should only be accessible by the slapd/tools. Mode 700 recommended.
  229 directory       "/var/db/openldap/openldap-data"
  So I guess I will Time MAchine this directory at once and see if it's do the trick
  Get back right after retoring the missing directory ... Get almost a bit farther but ...
  May  1 19:11:50 penelope.alliancejr.eu slapd[54425]: main: Enabling TLS failed; continuing with TLS disabled.
  May  1 19:11:51 penelope.alliancejr.eu slapd[54425]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
  May  1 19:11:52 penelope.alliancejr.eu slapd[54425]: slapd starting
  May  1 19:11:52 penelope.alliancejr.eu slapd[54425]: daemon: posting com.apple.slapd.startup notification
  May  1 19:12:04 penelope.alliancejr.eu slapd[54425]: daemon: shutdown requested and initiated.
  May  1 19:12:04 penelope.alliancejr.eu slapd[54425]: slapd shutdown: waiting for 4 operations/tasks to finish
  May  1 19:12:05 penelope.alliancejr.eu slapd[54425]: daemon: posting daemon shutdown notification.
  May  1 19:12:10 penelope.alliancejr.eu slapd[54425]: slapd stopped.
  May  1 19:12:11 penelope.alliancejr.eu slapd[54436]: @(#) $OpenLDAP: slapd 2.4.28 (Nov 12 2013 12:02:47) $
                      [email protected]:/private/var/tmp/OpenLDAP/OpenLDAP-491.1~1/servers/slapd
  May  1 19:12:11 penelope.alliancejr.eu slapd[54436]: daemon: SLAP_SOCK_INIT: dtblsize=8192
  May  1 19:12:11 penelope.alliancejr.eu slapd[54436]: main: Enabling TLS failed; continuing with TLS disabled.
  May  1 19:12:11 penelope.alliancejr.eu slapd[54436]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
  May  1 19:12:11 penelope.alliancejr.eu slapd[54436]: slapd starting
  May  1 19:12:11 penelope.alliancejr.eu slapd[54436]: daemon: posting com.apple.slapd.startup notification
  May  1 19:12:14 penelope.alliancejr.eu slapd[54436]: daemon: shutdown requested and initiated.
  May  1 19:12:14 penelope.alliancejr.eu slapd[54436]: slapd shutdown: waiting for 0 operations/tasks to finish
  May  1 19:12:14 penelope.alliancejr.eu slapd[54436]: daemon: posting daemon shutdown notification.
  May  1 19:12:17 penelope.alliancejr.eu slapd[54436]: slapd stopped.
  May  1 19:12:17 penelope.alliancejr.eu slapd[54455]: @(#) $OpenLDAP: slapd 2.4.28 (Nov 12 2013 12:02:47) $
                      [email protected]:/private/var/tmp/OpenLDAP/OpenLDAP-491.1~1/servers/slapd
  May  1 19:12:17 penelope.alliancejr.eu slapd[54455]: daemon: SLAP_SOCK_INIT: dtblsize=8192
  May  1 19:12:17 penelope.alliancejr.eu slapd[54455]: main: Enabling TLS failed; continuing with TLS disabled.
  May  1 19:12:17 penelope.alliancejr.eu slapd[54455]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
  May  1 19:12:17 penelope.alliancejr.eu slapd[54455]: slapd starting
  May  1 19:12:17 penelope.alliancejr.eu slapd[54455]: daemon: posting com.apple.slapd.startup notification
  May  1 19:12:18 penelope.alliancejr.eu slapd[54455]: odusers_copy_primarymasterip: Could not locate apple-password-server-location attribute
  May  1 19:12:18 penelope.alliancejr.eu slapd[54455]: odusers_add_aa: could not locate Primary Master's IP address; trying System Configuration
  May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: odusers_response: processing response to add of uid=diradmin,cn=users,dc=penelope,dc=alliancejr,dc=eu
  May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: odusers_response: entryUUID 80ec9b6c-dcf6-4d9c-977c-079ec4727a0b
  May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: odusers_response: Found uuid: c01067c2-d153-11e3-bd19-406c8f0281a2
  May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: passwd_extop: (null) changed password for uid=diradmin,cn=users,dc=penelope,dc=alliancejr,dc=eu
  May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: => bdb_idl_insert_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
  May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: conn=1003 op=8: attribute "entryCSN" index add failure
  May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: odusers_copy_primarymasterip: Could not locate apple-password-server-location attribute
  May  1 19:12:20 penelope.alliancejr.eu slapd[54455]: odusers_add_aa: could not locate Primary Master's IP address; trying System Configuration
  May  1 19:12:21 penelope.alliancejr.eu slapd[54455]: odusers_response: processing response to add of cn=penelope.alliancejr.eu$,cn=computers,dc=penelope,dc=alliancejr,dc=eu
  May  1 19:12:21 penelope.alliancejr.eu slapd[54455]: odusers_response: entryUUID 49fbd148-ca73-4d0d-9772-ae20a5f0de6a
  May  1 19:12:21 penelope.alliancejr.eu slapd[54455]: odusers_response: Found uuid: c16239f2-d153-11e3-bd19-406c8f0281a2
  May  1 19:12:21 penelope.alliancejr.eu slapd[54455]: passwd_extop: (null) changed password for cn=penelope.alliancejr.eu$,cn=computers,dc=penelope,dc=alliancejr,dc=eu
  May  1 19:12:21 penelope.alliancejr.eu slapd[54455]: conn=1004 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"
  May  1 19:12:23 penelope.alliancejr.eu slapd[54455]: daemon: shutdown requested and initiated.
  May  1 19:12:23 penelope.alliancejr.eu slapd[54455]: slapd shutdown: waiting for 0 operations/tasks to finish
  May  1 19:12:23 penelope.alliancejr.eu slapd[54455]: daemon: posting daemon shutdown notification.
  May  1 19:12:27 penelope.alliancejr.eu slapd[54455]: slapd stopped.
  Still stuck ...
  Message was edited by: Stephane JOUVE

• Open Directory authentication question

  I have 2 Apple servers.  One is running 10.6 (server), the other is running 10.5 (server).  I have my Open Directory on the 10.6 server, and I have the 10.5 server use it via LDAP for user authentication.  What I'd like to do is to assign a home directory on the 10.5 server for users in the 10.6 Open Directory.  Any ideas?

  mickey13 wrote:
  I have 2 Apple servers.  One is running 10.6 (server), the other is running 10.5 (server).  I have my Open Directory on the 10.6 server, and I have the 10.5 server use it via LDAP for user authentication.  What I'd like to do is to assign a home directory on the 10.5 server for users in the 10.6 Open Directory.  Any ideas?
  This should work the same way as normal.
  Define the user accounts in Open Directory as normal via Workgroup Manager
  On the 10.5 Server, set up a share point, usually AFP is used as the protocol, this is done in Server Admin
  On the 10.5 Server, set up that share point to be an Automounted share for user home directories, this will register that share in Open Directory assuming you have already successfully connected the 10.5 Server to Open Directory system, this is also done in Server Admin
  Go back to Workgroup Manager select a user account you want to store on the 10.5 server, click on the Home tab, you should now see the 10.5 share point listed as an available choice for storing home directories.
  Click on the 10.5 share point and save the user account.
  I normally now click on create Home directory, although this happens automatically when a user logs in for the first time.
  It is perfectly ok to mix 10.5 and 10.6 servers in this manner. The client machines can also be a different version e.g. 10.4
  What you are doing above even though you are mixing 10.5 and 10.6 servers, is the same as you would do to spread the workload of user home directories across multiple servers. While handling user home directories does not cause a massive amount of CPU activity (or memory use) it does cause a significant amount of disk activity and therefore at a certain level spreading user accounts across multiple servers is recommended.

• Open Directory Keychain Question

  I have set up open directory on my domain but I am having trouble with Keychain access over the network when users logging into network accounts. Whenever I log in using open directory, I can open all of my applications, however each time I log in to my user account all of my keychain passwords are reset. I can look into the user preferences file and see the keychain file, but for some reason whenever a user logs out the changes to it are lost.
  Is Keychain access supported when network mounting user folders? If so, what is the proper way to implement keychain access?

  mickey13 wrote:
  I have 2 Apple servers.  One is running 10.6 (server), the other is running 10.5 (server).  I have my Open Directory on the 10.6 server, and I have the 10.5 server use it via LDAP for user authentication.  What I'd like to do is to assign a home directory on the 10.5 server for users in the 10.6 Open Directory.  Any ideas?
  This should work the same way as normal.
  Define the user accounts in Open Directory as normal via Workgroup Manager
  On the 10.5 Server, set up a share point, usually AFP is used as the protocol, this is done in Server Admin
  On the 10.5 Server, set up that share point to be an Automounted share for user home directories, this will register that share in Open Directory assuming you have already successfully connected the 10.5 Server to Open Directory system, this is also done in Server Admin
  Go back to Workgroup Manager select a user account you want to store on the 10.5 server, click on the Home tab, you should now see the 10.5 share point listed as an available choice for storing home directories.
  Click on the 10.5 share point and save the user account.
  I normally now click on create Home directory, although this happens automatically when a user logs in for the first time.
  It is perfectly ok to mix 10.5 and 10.6 servers in this manner. The client machines can also be a different version e.g. 10.4
  What you are doing above even though you are mixing 10.5 and 10.6 servers, is the same as you would do to spread the workload of user home directories across multiple servers. While handling user home directories does not cause a massive amount of CPU activity (or memory use) it does cause a significant amount of disk activity and therefore at a certain level spreading user accounts across multiple servers is recommended.