krypted.com

Tiny Deathstars of Foulness

macOS Server 5.4 running on High Sierra can have problems with Open Directory. Sometimes, you just need to reset your directory service. You can demote and restore the server if needed. But buyer beware, you may end up screwing things up while the directory server is being demoted and you’re restoring a backup. Or if you haven’t built out the directory server, you may end up just demoting the server and starting over. In this article, we’ll look at demoting the server.

Note: If you demote the service, and you don’t have a replica, you will destroy all users and groups.

To get started demoting the Open Directory master, first open the Server app and click on Open Directory.


From the Open Directory screen, click on the minus button in the Servers section. When prompted to Delete the directory service, click on the Delete button.


You’ll then see that the server is demoting.


Once the process is complete, you’ll be able to setup a new directory server, back at the initial Open Directory screen. The process takes awhile, so be patient.


Note: This process can fail on Open Directory replicas. Make sure you can ssh into the master from the replica, and that you can access all required slurpd services.

September 28th, 2017

Posted In: Mac OS X Server

Tags: , , , , , ,

The command to create and tear down an Open Directory environment is slapconfig. When you disable Open Directory from the Server app you aren’t actually removing users. To do so, you’d use slapconfig along with the -destroyldapserver. When run, you get a little insight into what’s happening behind the scenes. This results in the following: bash-3.2# slapconfig -destroyldapserver The logs are as follows: 2014-09-18 14:42:02 +0000 slapconfig -destroyldapserver 2014-09-18 14:42:02 +0000 CopyReplicaArray: ldap_search_ext_s failed 2014-09-18 14:42:02 +0000 Error retrieving replica array 2014-09-18 14:42:02 +0000 Deleting Cert Authority related data 2014-09-18 14:42:03 +0000 Removed directory at path /var/root/Library/Application Support/Certificate Authority/Take Control Books Open Directory Certification Authority. 2014-09-18 14:42:03 +0000 command: /usr/sbin/xscertadmin add --reason 5 --issuer Take Control Books Open Directory Certification Authority --serial 2127185704 CopyCARecordByName: get ldapi node code = 2100 description = Connection failed to node '/LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi' No such issuer - failed to revoke certificate 2014-09-18 14:42:23 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist /System/Library/LaunchDaemons/com.apple.xscertd.plist: Could not find specified service 2014-09-18 14:42:23 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist: Could not find specified service 2014-09-18 14:42:23 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist /System/Library/LaunchDaemons/com.apple.xscertadmin.plist: Could not find specified service 2014-09-18 14:42:23 +0000 void _destroyLDAPServer(const char *): Failed to find computer record named YosemiteSam.krypted.com$: 0 (null) 2014-09-18 14:42:23 +0000 Updating ldapreplicas on primary master 2014-09-18 14:42:23 +0000 CopyLdapReplicas: Unable to create DSLDAPContainer: 77014 Can't contact LDAP server (-1) 2014-09-18 14:42:23 +0000 CopyPrimaryMaster: CopyLdapReplicas failed 2014-09-18 14:42:23 +0000 Unable to locate primary master 2014-09-18 14:42:23 +0000 Primary master node is nil! 2014-09-18 14:42:23 +0000 Unable to locate ldapreplicas record: 0 (null) 2014-09-18 14:42:23 +0000 Error setting read ldap replicas array: 0 (null) 2014-09-18 14:42:23 +0000 Error setting write ldap replicas array: 0 (null) 2014-09-18 14:42:23 +0000 ODRecord *_getODRecord(ODNode *, NSString *, NSString *, NSArray *): ODNodeRef parameter error 2014-09-18 14:42:23 +0000 int _removeReplicaFromConfigRecord(ODNode *, NSString *): ODRecord not found 2014-09-18 14:42:23 +0000 Error synchronizing ldapreplicas: 0 (null) 2014-09-18 14:42:23 +0000 Removing self from the database 2014-09-18 14:42:23 +0000 Stopping LDAP server (slapd) 2014-09-18 14:42:23 +0000 Stopping password server 2014-09-18 14:42:23 +0000 Removed all service principals from keytab for realm YOSEMITESAM.KRYPTED.COM 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/apple-hwuuid.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/mail.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/__db.001. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/__db.002. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/__db.003. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/__db.004. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/__db.005. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/__db.006. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/alock. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001. 2014-09-18 14:42:23 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb. 2014-09-18 14:42:23 +0000 Removed directory at path /var/db/openldap/authdata. 2014-09-18 14:42:23 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf. 2014-09-18 14:42:23 +0000 Removed file at path /etc/openldap/slapd.conf. 2014-09-18 14:42:23 +0000 Removed file at path /etc/openldap/rootDSE.ldif. 2014-09-18 14:42:23 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config. 2014-09-18 14:42:23 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif. 2014-09-18 14:42:23 +0000 Removed directory at path /etc/openldap/slapd.d. 2014-09-18 14:42:23 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config. 2014-09-18 14:42:23 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif. 2014-09-18 14:42:23 +0000 Removed directory at path /etc/openldap/slapd.d.backup. 2014-09-18 14:42:26 +0000 Stopping password server 2014-09-18 14:42:26 +0000 Removed file at path /etc/ntp_opendirectory.conf. 2014-09-18 14:42:26 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.

October 21st, 2014

Posted In: Mac OS X Server

Tags: , , , , ,