Mac OS X Server

Demote Open Directory Servers Using The Command Line in macOS Server

The command to create and tear down an Open Directory environment is slapconfig. When you disable Open Directory from the Server app you aren’t actually removing users. To do so, you’d use slapconfig along with the -destroyldapserver. When run, you get a little insight into what’s happening behind the scenes. This results in the following:

bash-3.2# sudo slapconfig -destroyldapserver

The logs are as follows:

2017-09-09 20:59:31 +0000 slapconfig -destroyldapserver
2017-09-09 20:59:31 +0000 Deleting Cert Authority related data
2017-09-09 20:59:31 +0000 Removed directory at path /var/root/Library/Application Support/Certificate Authority/krypted Open Directory Certificate Authority.
2017-09-09 20:59:31 +0000 command: /usr/sbin/xscertadmin add –reason 5 –issuer krypted Open Directory Certificate Authority –serial 1339109282
2017-09-09 20:59:51 +0000 Could not find matching identity in system keychain
2017-09-09 20:59:51 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2017-09-09 20:59:51 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2017-09-09 20:59:51 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2017-09-09 20:59:51 +0000 Stopping LDAP server (slapd)
2017-09-09 20:59:53 +0000 Stopping password server
2017-09-09 20:59:56 +0000 Removed all service principals from keytab for realm MACOSSERVER.KRYPTED.COM
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/apple-hwuuid.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/mail.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/__db.004.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/__db.003.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/__db.002.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/__db.005.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/__db.006.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/__db.001.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/openldap/authdata/alock.
2017-09-09 20:59:56 +0000 Removed directory at path /var/db/openldap/authdata.
2017-09-09 20:59:56 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.
2017-09-09 20:59:56 +0000 Removed file at path /etc/openldap/slapd.conf.
2017-09-09 20:59:56 +0000 Removed file at path /etc/openldap/rootDSE.ldif.
2017-09-09 20:59:56 +0000 Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist.
2017-09-09 20:59:56 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.
2017-09-09 20:59:56 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2017-09-09 20:59:56 +0000 Removed directory at path /etc/openldap/slapd.d.
2017-09-09 20:59:56 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2017-09-09 20:59:56 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2017-09-09 20:59:56 +0000 Removed directory at path /etc/openldap/slapd.d.backup.
2017-09-09 20:59:59 +0000 Stopping password server
2017-09-09 20:59:59 +0000 Removed file at path /etc/ntp_opendirectory.conf.
2017-09-09 20:59:59 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.