Open directory Server admin APP, crashes

Similar Messages

• Open directory server crashing every 30 days / clients unable to connect to calendar, contacts server

  Hello everyone,
  I am running an up to date Mavericks Server which serves exclusively as a calendar and contacts server for about two dozens devices. The server is reachable via DynDNS, however, the public IP hardly ever changes (only once or twice a year maybe). Tried setting the OS X DNS Server to serve "all clients" and "some clients".
  For about 6 months (i.e. also under Mountain Lion), I am having a very strange problem. Roughly every 20-30 days, clients will not be able to connect to the server, instead getting a "wrong password" dialog. Restarting the open directory server will help for the next 30 days.
  I have tried repairing the database as detailed here, however, the issue persists.
  Any help would be highly appreciated!
  I would have tried setting up a clean server installation, migrating calendars/contacts manually and re-adding all users by hand, however, I am not aware of an easy way to do so. The terminal command for calendar backup is broken under mavericks (might work with this workaround) and re-adding users manually would apparently involve correcting user UUIDs afterwards in order to match the migrated calendar data. Do you know of a better approach?
  Thanks a lot!
  DPSG-Scout

  Hi Linc,
  This looks the most relevant to me:
  opendirectory.log
  2014-03-11 11:13:09.460675 CET - 333.2628758.2628759 - Client: Python, UID: 93, EUID: 93, GID: 93, EGID: 93
  2014-03-11 11:13:09.460675 CET - 333.2628758.2628759, Node: /Local/Default, Module: PlistFile - predicates with 'AND' are not supported
  2014-03-11 12:09:00.296514 CET - State information (some requests have been active for extended period):
            Sessions: {
                28 -- opendirectoryd:
                            Session ID: 7BFBA6FE-A968-4399-A129-E3A5945E2A81
                            Refs: singleton
                            Type: Default
                            Target: localhost
            Nodes: {
                43 -- authd:
                            Node ID: 6D0E236D-6DBD-4E8C-BC01-B3F50C2C2D8E
                            Nodename: /LDAPv3/127.0.0.1
                            Session ID: <Default>
                            Refs: 1
                            Internal Use: X
  an many more similar ones…
  Thanks for your effort!

• Open Directory server on two Private IP addresses - acting slow

  We have an OS X Open Directory server that has two non-routable IP addresses.
  Primary - 10.0.0.x (LAN) with 10.0.0.x gateway
  Secondary - 172.16.0.x (SAN) with no gateway
  When it is plugged in to both networks, Server Admin responds very slowly. If the server is just on the primary interface, Server Admin responds normally.
  We also have a replica that is on the two private networks.
  Primary - 10.0.0.x (LAN) with 10.0.0.x gateway
  Secondary - 172.16.0.x (SAN) with no gateway
  When we launch Server Admin on the replica, Server Admin says there's no server found at this address, even when it is looking for server.local, as opposed to server.domain.com.
  Again, if you put this server on the primary 10. network, it works fine.
  What's going on?

  For anyone else interested, I eventually decided that a fully-qualified domain name seems to be necessary for some services, and that OS X Server doesn't seem to know exactly when that is the cause of problems, and the documentation doesn't really specify exactly what it is necessary for. So I had my organization set up a FQDN for the server, even though it's only meant to be used internally, and that seems to fix things.
  Greg

• Local Server Admin app on G5 power mac

  Apologis if this is obvious, but just installed 10.5.8 server on a recycled G5 1.8GHz late 2004 power mac.
  Seems to work well, but no idea how to locally admin the machine.
  Trying to run Server Admin loads the program, but majority of menu options are greyed out and clicking 'new server admin window' doesn't actually open a server admin window. Means I can't manage any services locally on the machine. This is from the user admin account set-up during installation.
  I can run it from an user admin account setup after installation was complete, but not from the account created during installation.
  I can also run server admin remotely on my laptop.
  Am I missing something?
  Thanks
  Andy

  G5 Power Mac with OSX server (I think 10.5)....When using Alt or pressing C to start-up from a Snow Leopard installer......Am I missing something?
  A Power Mac G5 CANNOT run Snow Leopard (10.6x).
  Any use of a Snow Leopard disk WILL fail to install, format WILL produce a non-booting drive (without extra steps) and repair with a SL Disk Utility may worsen a damaged drive directory.
  We also have a Time Machine backup from the Friday night before the failure.
  However, we still can't start-up from the DVD to restore the Time Machine backup.
  What you need to be doing is booting to the real, currently installed OS install disk and using the restore function available with it and Time Machine.
  Without the install disc of the currently used OS, you're chances of recovery without reinstall may be slim.
  Repair of a drive directory may be possible using fsck. Start by booting to Safe Mode.
  Read more here:
  Resolve startup issues and perform disk maintenance with Disk ...
  Anyhow, stop mucking around with Snow Leopard in a G5.
  Unless, of course, what you are really talking about is a Mac Pro, then we need to start all over again as a Mac Pro and a G5, save for a cosmetically similar case, are completely different.

• How to promote my OSX10.6.8 replica server to Open Directory server

  My Open Directory Server crash and i would like to promote my replica Server to Open Directory.  can you tell me how to do this.

  Hello Dave,
  Check out the steps quoted below to promote your replica to the Open Directory master.
  Provide Open Directory service
  https://help.apple.com/advancedserveradmin/mac/3.1/#apdD1F7D8CA-CF07-40CE-B2D4-8 E3ACF4BCA40
  Promote a replica to Open Directory master
  If an Open Directory master fails and you can’t recover it from a backup, you can promote a replica to be a master. The new master (promoted replica) uses the directory and authentication databases of the replica.
  Select Open Directory in the sidebar.
  Click Servers.
  Select a replica to promote, then choose Promote Replica to Master from the Action pop-up menu (looks like a gear).
  Enter the directory administrator name and password.
  If you archived Open Directory data with certificate authority keys, you can restore them by entering the Open Directory archive location or clicking choose to locate the archive.
  Click Next.
  Enter the user name and password for the replica that’s being promoted, then click Connect.
  Regards,
  -Norm G.

• Ubuntu Karmic authentication against Snow leopard open directory server

  Hi,
  I'm looking for help. I've tried to configure an installation of Karmic to authenticate against our office's open directory server running on an osx snow leopard server. Currently `getent password` show all users including those from the open directory server when running the command as both root and normal users. However authentication against the open directry users fails with the following messages in the /var/log/auth.log:-
  Dec 7 22:42:05 [hostname] getent: nss_ldap: failed to bind to LDAP server ldap://server.domain.com: Invalid credentials
  Dec 7 22:42:05 [hostname] getent: nss_ldap: could not search LDAP server - Server is unavailable
  (I've changed the hostname and ldap url)
  /etc/ldap.conf has:-
  base dc=server,dc=domain,dc=com
  ldap_version 3
  rootbinddn cn=diradmin,dc=server,dc=domain,dc=com
  bind_policy soft
  pam_password md5
  /etc/ldap.secret is set to the password of the diradmin user and has a permission mask of 600
  /etc/pam.d/common-passwd :-
  password sufficient pam_ldap.so md5
  password required pam_unix.so nullok obscure md5
  password optional pam_smbpass.so nullok use_authtok tryfirstpass missingok
  /etc/pam.d/common-auth:-
  auth [success=2 default=ignore] pam_unix.so nullok_secure
  auth [success=1 default=ignore] pam_ldap.so usefirstpass
  auth requisite pam_deny.so
  auth required pam_permit.so
  /etc/pam.d/common-account:-
  account [success=2 newauthtokreqd=done default=ignore] pam_unix.so
  account [success=1 default=ignore] pam_ldap.so
  account requisite pam_deny.so
  account required pam_permit.so
  /etc/pam.d/common-session
  session [default=1] pam_permit.so
  session requisite pam_deny.so
  session required pam_permit.so
  session required pam_unix.so
  session optional pam_ldap.so
  session optional pamckconnector.so nox11
  Does anyone have any ideas where to go from here?
  Message was edited by: zebardy

  Hi
  It's easy enough to 'connect' any version of OS X Server to any other version of OS X Server. Use the Join button in the Users & Groups Preferences Pane. Alternatively use the Directory Utility itself.
  You seem to be misunderstanding what an Open Directory Master and Replica are? They are not what I think you think they are. They are not a 'back-up' of each other if you're providing more than the shared Directory Service.
  An OD Replica maintains a read-only copy of the LDAP Database (Usernames, Passwords and Policies etc) that's stored on the OD Master and nothing more. If the Master was to go offline for any reason the Replica can be quickly promoted to a Master Role and continue to provide information for the shared directory. This assumes it has easy and quick access to the Volume storing networked home folders? The LDAP Database in that case would then become writable. Later on and whenever you've fixed the problem with the old Master it can quickly be demoted and made a Replica of the now new Master.
  Although this is for 10.6 Server (it is nevertheless still applicable) everything you need to know about Master and Replica relationships is here:
  http://manuals.info.apple.com/en_US/OpenDirAdmin_v10.6.pdf
  Page 55 onwards.
  From Page 64:
  "The Open Directory master and its replicas must use the same version of Mac OS X Server. . ."
  If your OD Master is also providing Mail, Calendar and Contact Services then none of these will be replicated. You will have to maintain a backup of these databases yourself using whatever method you deem fit for your needs.
  HTH?
  Tony

• Changing the Name of an Open Directory Server while preserving users, etc.

  Hi Everyone,
  Not an emergency - but I have been wrestling with this dilemma for almost a year now.
  The good news is nothing has to be done right away. But I will ultimately need a solution.
  We have inherited a server system at a traditional elementary school from a previous IT person who was immature to say the least.
  When he set up the server system, he named the open directory server something that, while innocuous is inappropriate for a school setting.  I am sure he thought it was clever and cheeky at the time. But a few years later it is simply unprofessional. And we are being expected to ultimately be able to change it so something like "XXXdirectory.domainname.edu" The more it hangs around - the longer it looks like we did this and it makes us look unprofessional.
  So here is my dilemma. 
  This is an OD Master with iCal and network homes attached to it. It also runs DNS.
  I would like to set up a new server and name it "xxxdirectory.schooldomainname.edu"
  Setting up the new server is easy and getting all the client machines to bind to it - no problem.
  The problem is how to migrate all the users to the new server.  It seems a restore wont work because if the new server is named differently, the restore will fail. I also can't do a server migration because the stupid name migrates to the new server.
  My old server is 10.5.8 Server.  The new one is 10.7.1 Server . But could be 10.6.8 Server if need be. 
  The main problem is how do I get all the accounts onto a new server with a new OD master name?
  I don't mind command line stuff. So throw whatever you got at me.
  Thanks in advance for your help everyone.  Don't worry - I won't be a pain in the butt or argue.  I just need some good solid guidance, even if it is a "Not possible" answer - at least I have something to tell the administration when they want to know why we can't change the OD Master name from mcnugget.schoolname.edu.
  Please let me know if you need more details.  I am happy to provide.
  Thanks again.
  Tony

  If you don't mind resetting everybodies password then you can export the users and groups and wipe the server for a clean install or turn it into a standalone server then back into od master  then import the users and groups.

• Wrong UID from open directory server

  I have a problem with a mac OSX server
  I have an open directory server A, that shares all users to every other server i have.
  I then have 2 mac OSX servers B and C, that it set up to allow network users. I can easily login with a open directory user, on both servers, but I have a problem. on server B it says the users user id is 1050, which is correct. On server C it says that the same users user id is 1000, which is wrong. Both server set ups are identical, as far as I know. On the Open Directory server A the users id for the user is also 1050, in case that is relevant.
  I have checked if server C has a local user with the same name, but htat is not the case.
  Any idea what might have caused this problem?

  bump

• 10.3.9 clients not working with 10.4.9 open directory server

  I have a 10.4.9 server running open directory and managing about 20 10.4.9 clients. I am trying to have it manage our remaining 10.3.9 clients, but for whatever reason, I cannot seem to get the 10.3 clients to "attach" to the server.
  I have the 10.3 clients set up in a computer list on the server, and in directory access I have it set to "get ldap mappings from server". At one point, it was suggested to me that I have the clients "get ldap mappings from open directory server". I tried this, and manually set the search base suffix. My search base suffix was "dc=example,dc=local". I even tried doing "cn=config,dc=example,dc=local" (where in both cases example.local was replaced with my real DNS name). Any suggestions on what else I could try to get this to work?

  That's the odd thing though. I've done this with 10.4 no problem. Settings always worked. For some reason though, even though the clients are able to login using a network user, none of the preference settings sync.
  For example - I always put a loginwindow message on as a sort of "test" to see if preferences are being set. If that works, then I rarely have a problem. No matter what I do, though, I cannot get the loginwindow message to display on the 10.3 clients. It works really well on 10.4, but not at all on 10.3. I've tried this on multiple 10.3 machines, as well, (and they're both based on different system images) but it still doesn't work. When I get back to work on Friday, I'll have to see if preferences will work for network users; that's the one thing I haven't tried.
  Other than dumping the directoryaccess preferences, is there another preference setting that could be dumped on the client that may make it grab prefs from the server?

• Command-Line Remove Open Directory Server

  What is the terminal command to remove an Open Directory server?

  On LDAP server open the Terminal and run this:
  +sudo slapconfig -destroyldapserver+
  *man slapconfig* will give you more interesting options

• Server Admin app RedirectMatch forces rules to lowercase (v 10.4.7 157.8)

  I just upgraded **Server Admin** app to its version 10.4.7 (157.8). (Do not confuse that with my XServe versions ... I am administering 10.3 and 10.4 servers. I am talking about version 10.4.7 of Server Admin) In both cases, when I select "Web" and look at the Alias tab for a virtualhost, the app forces all of my *RedirectMatch* rules to lower case. They were mixed upper and lower previously (just like in my Apache config files) but Server Admin version 10.4.7 forces them to lower case. This (of course) wreaks all sorts of havoc because the redirects used to map to and from mixed upper and lowercase filenames (which of course the OS allows), but now it is impossible to map onto a filename that contains any upper-case letters because Server Admin forces the rules into all lower case. What's going on here? Anyone know?

  Thanks. I've been hand-editing Apache configs at least 10 years, so no problem.
  That's a pretty tricky work-around. Since Server Admin doesn't know about RedirectPermanent and RedirectTemp it just ignores them, which it should. LOL. This works for 80% of my redirects. However, I use RedirectMatch because I need regex processing on about 20% of my URLs and RedirectPermanent and RedirectTemp do not process regular expressions. So I must use RedirectMatch for many redirects. So many of us will still need a corrected version of Server Admin at some future date, unless Apple only intends that it be used by people with no sophisticated needs.
  BTW, I tried using mod_speling, which can cause the server to "not care" about case, but it looks like it must be invoked after redirects have been processed so it didn't help me.
  How does one report such a bug to Apple? I used to be an Apple developer (for almost 20 years) and we had well-defined channels to report bugs, but I just have no idea how to report such a bug to Apple today. Clearly it's a bug, not a feature, because Apache config files are capable of doing case-sensitive processing of Redirects, and many of us need these capabilities! And Server Admin used to allow us to do this - it just stopped working with this version.

• Three new groups in Open Directory Server

  I noticed that my Open Directory server has three new groups in WGM,OD Users, OD Administators and com.apple.limited_admin. Should I treat these as I treated the other groups by assigning them members and group folders? I also noticed that now I have a System Administrator and a Directory Adminstrator, does that sound right? Should I keep both? Thanks

  Ok, thanks, I had forgoten the "show system records" trick.
  For the guest user, I don't see it in dscl.
  So I suppose it's not a user, just an "anonymous" authentication option in the sharing preferences.
  It's a bit like "others" in the posix rights permissions : User, group, other. User and group are existing and named, other are not named, it's just anybody that is not the named user and not a member of the named group.
  To keep things understandable, you should use an other name if you wish to configure a "guest user"
  You can manage the "enable guest account" option from WGM if you select a computergroup, in the preferences pane / login / options.
  Hope it helps
  Nicolas

• Unable to replicate Open Directory server

  I have a Master OD server that is currently being replicated to an offsite OD.
  But im looking to run a dedicated Mini for the offsite, but i cannot get the new mini to replicate.
  The slapconf log says the credentials are invalid. and exits with error code=69
  I have reset the directory admin password. made sure the network settings were all correct and the hostname and DNS name are correct.
  the OS and server versions are identical between the 2 servers.
  Anyone have any thoughts???

  Can't Create Replica in Open Directory
  Failed to setup Open Directory Replica.
  Still not possible to create OD Replic under Lion Server

• Leopard and panther open directory server hate each other

  So I got Leopard the first day but didn't install it till a week later 'coz I was working on a Final Cut project. When I was ready to install I saw all these problems people are having and decided to backup all my user files before I do it which I've never done before (what can you say, I trust Apple engineers!) Anyway, after an upgrade install I found that my PowerMac Dual 2.7GHz G5 with 3.5GB of RAM was slow, very slow, crawling slow. Every button I pressed, every app I tried to open, every response seemed it'd take at least 5 mins and Activity Monitor showed that those apps I was trying to interact with were not responding but if I was patient enough to wait, most of them would eventually come around.
  After a whole night searching the Apple forum and googling, I couldn't find any solution. So I decided to wipe the hard disk clean and do a clean installation. Amazingly everything worked just as they should and installation only took like 15 mins or so. After I finished installing all my usual apps back into my PowerMac I was, again, busy working on another Final Cut project. And finally that project was concluded so I can look at my new Leopard installation and see if I've missed anything after the clean installation. I found out that I forgot to add my office LDAP server information into the Directory Access and I went ahead and added it.
  I was distracted by something else after I added the LDAP info and an hour or so later when I restart my PowerMac, it started to act weird and crawling slow again, just like when I first did the upgrade installation. I totally forgot what I did to make it slow and I was super worry. After like 2 hours of ghost hunting in my PowerMac, I decided to let it sleep for the night and try to figure it out in the morning. On my way home I finally remembered what I did to make it slow! It's the LDAP info!!!! That's the only system related thing I added since before I did the last Final Cut project.
  I searched the Apple forum again last night to see if anyone has the same or related problem but I couldn't find anything close. I came to work this morning and decided to test my finding. The PowerMac was still super slow and I figured if it's directory access related, then if I unplug the network cable, my Mac should be smart enough to understand that there is no point in searching for a directory and simply gives up. I unplug the cable and my Mac is up and running smoothly again. I opened the Directory Access app and delete the LDAP entry, restart the Mac, plug the network cable back in and everything is fine now!
  I believe the problem is more on my Panther (10.3.9) server (ok fine! we are cheap, we didn't think a Tiger server was worth it! was I wrong!) than on the Leopard itself and that's why I couldn't find anything related on the forum. Is the Panther server LDAP module faulty to begin with that caused the problem? I don't know. I just know that Leopard does not play well with Panther's Open Directory service.

  I've convinced myself that all the problems which I'm experiencing with failures to mount, disappearing CD/DVD drives are nothing to do with Windows XP because all my problems are occurring under Windows 2000 (on different computers). Looks like Apple have taken a leaf out of Microsoft's rule book (put the product out in the market before it's ready and let the punters do all the hard work finding and fixing the bugs).

• Brand new Open Directory server not authenticating 10.9, 3.3.2

  I'm hoping somebody here has ran into this as it's driving me up a wall.
  I'm on a completely clean install of OS X Mavericks, with the installation from the App Store.
  On top of that, a completely clean install of Server.app 3.2.2 is installed.
  This server has a FQDN, and when I check to see if the hostname resolves in DNS, it totally does. DNS is not turned on as a service, but DNS server settings are correct and the server can hit the outside internet just fine.
  So my steps are as follows: Install Mavericks, clean onto a new partition. Update with all patches. Set Static IP. Install Server 3.2.2 which installs without error. Check hostname settings. All good there. Verify permissions. Create OD Master. I cannot get a single newly created with Server.app Local Network user to log in, even with home folders all 100% local to the client machine. I've unbound and rebound the client machine. I've restarted everything. Nothing.
  When attempting to log in, if I set it to reset password at next login, the prompt to reset the password will appear. I know at least initial auth is taking place, or I wouldn't be getting a password reset screen. After attempting to reset the password, neither the original temporary nor reset password will work. Users cannot log in.
  Here are the errors generated, with my info edited out:
  Jan 14 17:49:35 server slapd[111]: passwd_extop: (null) changed password for uid=test,cn=users,dc=controller,dc=domain,dc=edu
  Jan 14 17:49:35 server slapd[111]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
  Jan 14 17:49:35 server slapd[111]: conn=1181 op=3: attribute "entryCSN" index delete failure
  Jan 14 17:49:41 server slapd[111]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
  Jan 14 17:49:41 server slapd[111]: conn=1197 op=3: attribute "entryCSN" index delete failure
  I understand this is common for users upgrading from 10.6.8 but this is completely clean. I'm not usually administering an OS X server; I'm completely lost.
  Have tried: Recreating master, rekerberizing
  Using scutil and host to verify the DNS on the server works perfectly. Am I missing something small with DNS? We are a fairly large org with DNS not being provided by this server. If you think a different log file would help, please let me know which one.

  What do you get from this:
  sudo /usr/libexec/slapd -Tt
  Anything in /Library/Logs/slapconfig.log?
  Also, have you tried the suggestion here:
  Open Directory - Local Network User/Group - GONE