Occasionally, when we go to install an Open Directory Replica for a new Open Directory environment, where the Master is running 10.8.4 we run into an error that:
NSMutableDictionary *_getRootDSE(const char *): rootDSE not found
At the GUI this just looks like:
This could mean that you need to check the SSL box in the Directory Utility for the replica. You’ll know that’s the case if the Replica appears in the Server app but is still throwing errors when trying to work. This could also be an issue where the Master can’t get a version or the DSE from the Master. Assuming you already checked IP/DNS, let’s see if the server knows what it is (the master, version, etc). To see if it can’t get a version, run slapconfig -ver:
slapconfig -ver
If you get an error, comment out the TLSCertificatePassphrase line in /etc/openldap/slapd_macosxserver.conf. If not, then it’s a problem with ssh connecting. Assuming ssh is open/on we’re gonna’ need to make sure the authentication types between the client and the server match. To do so, first, change the authentication options in /etc/sshd_config (the section should look like the following when you’re done):
# To disable tunneled clear text passwords both PasswordAuthentication and
# ChallengeResponseAuthentication must be set to "no".
#PasswordAuthentication yes
#PermitEmptyPasswords no
Then, in the Authentication section, change PubkeyAuthentication to no:
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication no
Then, in the /etc/sshd_config on the client, change the PasswordAuthentication to yes and the PubkeyAuthentication to no, which should have an sshd_config file similar to the above examples.
