PDA

View Full Version : LDAP Issues




DJLC
Apr 16, 2013, 09:38 AM
So, today has been a massive headache...

I get in to work. AFP is down; nobody can connect. Restarting the service via Server.app didn't help, so I just rebooted the Xserve completely.

Upon boot, LDAP was no longer functional at all. Slapd exits with this error:
bdb_db_open: database "cn=authdata": db_open(/var/db/openldap/authdata/id2entry.bdb) failed: Invalid argument (22).

I do have a nightly OD backup run by launchd. Unfortunately I was unable to figure out the password to mount the sparseimages that SH script creates. No evidence of the password is in the script, and none of the obvious choices worked.

In a desperate attempt to get things going, I decided to try swapping in the id2entry.bdb file from a system clone I made a few months ago. Not much (if anything) has changed in our directory, after all. LDAP is now functional, but the log is filling itself with:
SASL [conn=19092] Failure: incorrect digest response

I left a voicemail with our Apple server consultant. Things are mostly working aside from our usual issues with passwords being wiped out and managed preferences being ignored. But meanwhile, can anyone tell me what broke / what kind of sins I committed when I "fixed" it?



Shrink
Apr 16, 2013, 09:45 AM
I thought your title said LAPD...and I thought, oh, no...not another LA police problem!!:o:o

DJLC
Apr 16, 2013, 10:56 AM
I'd welcome LAPD-style brutality toward OS X Server... :rolleyes:

DJLC
Apr 17, 2013, 08:03 AM
Also, fixed...

Figured out the password for the OD backup archives finally. Restored Friday's backup via Server Admin. All good + clean logs! :D

rlkarren
Apr 18, 2013, 10:56 AM
I would add another layer of protection by implementing an OD Replica. In the instance of failure, simply promote the replica to a master and it will continue where the other left off.

Basically, server1 goes down, server2 takes over. make Server1 a copy of server2, then shutdown server2 and server1 takes over again. promote server1 back to Master. return server2 to replica status

Any Mac will do, even a VM.

IIRC, the Server Admin Manual indicated that replicas were preferred and that all traffic should be routed to the replicas, so that in the case of failure, the Master is untouched.

just my $0.02, trying to be helpful.. ;-)

DJLC
Apr 18, 2013, 01:44 PM
Something similar is definitely on my to-do list! We have a Windows server at a nearby location and the two locations will be connected in a 100Mbps WAN this summer. The plan is to move to an AD/OD mix, with the Windows server handling authentication + RADIUS and the Xserve just kicking in for profile management and AFP. It's become clear to me that OS X Server isn't really suited to run its own domain.