Mac OS X Server

Demote Open Directory Servers Using The Command Line

The command to create and tear down an Open Directory environment is slapconfig. When you disable Open Directory from the Server app you aren’t actually removing users. To do so, you’d use slapconfig along with the -destroyldapserver. When run, you get a little insight into what’s happening behind the scenes. This results in the following:

bash-3.2# slapconfig -destroyldapserver

Note: Currently the system is not working as intended on replicas. The replica will remove, but the Open Directory Master will not remove the replica from the Open Directory list. The process will fail in 10.12 and above. I’ve filed a radar on this. You can archive and restore the master and then rebuilt the Open Directory tree.

The logs are as follows:

2016-09-08 04:17:58 +0000 slapconfig -destroyldapserver
2016-09-08 04:17:58 +0000 Deleting Cert Authority related data
2016-09-08 04:17:58 +0000 Removed directory at path /var/root/Library/Application Support/Certificate Authority/Krypted Open Directory Certificate Authority.
2016-09-08 04:17:58 +0000 command: /usr/sbin/xscertadmin add –reason 5 –issuer Krypted Open Directory Certificate Authority –serial 3449505949
2016-09-08 04:18:19 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2016-09-08 04:18:19 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2016-09-08 04:18:19 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2016-09-08 04:18:19 +0000 Stopping LDAP server (slapd)
2016-09-08 04:18:20 +0000 Stopping password server
2016-09-08 04:18:24 +0000 Removed all service principals from keytab for realm OSXSERVER.KRYPTED.COM
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2015-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/apple-hwuuid.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/mail.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/__db.001.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/__db.002.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/__db.003.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/__db.004.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/__db.005.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/__db.006.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/alock.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.
2016-09-08 04:18:24 +0000 Removed directory at path /var/db/openldap/authdata.
2016-09-08 04:18:24 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.
2016-09-08 04:18:24 +0000 Removed file at path /etc/openldap/slapd.conf.
2016-09-08 04:18:24 +0000 Removed file at path /etc/openldap/rootDSE.ldif.
2016-09-08 04:18:24 +0000 Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist.
2016-09-08 04:18:24 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.
2016-09-08 04:18:24 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2016-09-08 04:18:24 +0000 Removed directory at path /etc/openldap/slapd.d.
2016-09-08 04:18:24 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2016-09-08 04:18:24 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2016-09-08 04:18:24 +0000 Removed directory at path /etc/openldap/slapd.d.backup.
2016-09-08 04:18:27 +0000 Stopping password server
2016-09-08 04:18:27 +0000 Removed file at path /etc/ntp_opendirectory.conf.
2016-09-08 04:18:27 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.