Mac OS X Server

Resolve “rootDSE not found” Error in Open Directory

Occasionally, when we go to install an Open Directory Replica for a new Open Directory environment, where the Master is running 10.8.4 we run into an error that:

NSMutableDictionary *_getRootDSE(const char *): rootDSE not found

At the GUI this just looks like:

Screen Shot 2013-09-11 at 4.51.20 PM

This could mean that you need to check the SSL box in the Directory Utility for the replica. You’ll know that’s the case if the Replica appears in the Server app but is still throwing errors when trying to work. This could also be an issue where the Master can’t get a version or the DSE from the Master. Assuming you already checked IP/DNS, let’s see if the server knows what it is (the master, version, etc). To see if it can’t get a version, run slapconfig -ver:

slapconfig -ver

If you get an error, comment out the TLSCertificatePassphrase line in /etc/openldap/slapd_macosxserver.conf. If not, then it’s a problem with ssh connecting. Assuming ssh is open/on we’re gonna’ need to make sure the authentication types between the client and the server match. To do so, first, change the authentication options in /etc/sshd_config (the section should look like the following when you’re done):

# To disable tunneled clear text passwords both PasswordAuthentication and
# ChallengeResponseAuthentication must be set to "no".
#PasswordAuthentication yes
#PermitEmptyPasswords no

Then, in the Authentication section, change PubkeyAuthentication to no:

# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication no

Then, in the /etc/sshd_config on the client, change the PasswordAuthentication to yes and the PubkeyAuthentication to no, which should have an sshd_config file similar to the above examples.