Server.app and Open Directory Rebuilds in Lion

Server.app in Lion is a pretty good app for most tasks. But I find myself frequently doing things that I don’t think developers intended me to do. One such item is setting up and tearing down Open Directory to test various iterations of enabling a master. I frequently use slapconfig to destroyldapserver:

slapconfig -destroyldapserver

Doing so almost immediately allows me to demote an Open Directory master to a stand-alone server and then repromote the server to a master or replica for testing purposes. If you do this, then Open Directory  cannot be set back up using Server.app. The fix is to use Server Admin to repromote your server back to an Open Directory master and then use Server Admin to more graciously demote the server back to stand-alone. Until you do this, the Server.app will error out on Open Directory promotions that the server is already an Open Directory master.

A change I’ve made to my workflow when nukin’ and pavin’ OD is to just use Server Admin for the paving part. If you demote with Server Admin you won’t have these issues. Hope this helps someone who finds similar wonkiness.

4 Comments

  • May 2, 2012 - 5:27 am | Permalink

    Hello!

    I’m currently a newbie on OSX Lion Server, and I belive I messed up a few things on keychain and cannot add or remove users and groups in Server.app. Any ideas on how to revert this?

    I’m using my own (trusted) root CA, with an intermediate CA and a server certificate. I’ve tried to setup some things directly on KeyChain (like OpenDirectory ROOT CA and OpenDirectory INT CA) and I belive that’s where everything went wrong.

    I’ve tried to CHANGE the configuration I’ve set — to no use — then I’ve REMOVED the entries altogether. Now I’m kinda lost.

    I’m affraid to rebuild the OpenDirectory like you say in your post and get locked out of the system (btw, who’s this “Server Admin” entity you’re talking about?).

    Thanks for your time.

    – Sergio Moura

    • June 29, 2012 - 7:52 am | Permalink

      Server Admin is pretty much root. The local admin password will always work, even if you nuke and pave OD. But any users (e.g. diradmin) in OD will be lost.

  • miken
    October 8, 2012 - 3:38 pm | Permalink

    I’m experimenting with MLS and was having problems with OD so tried slapconfig -destroyldapserver. Of course, MLS has no Server Admin to graciously re-promote the OD from standalone to master (in fact, I just get errors if I try this in Server.app). Any suggestions?

    • October 12, 2012 - 6:46 am | Permalink

      I’ve had to delete the Server app, restart and then re-download the Server app… Hope that helps you.

  • Comments are closed.