LDAP Issues

Discussion in 'Mac OS X Server, Xserve, and Networking' started by DJLC, Apr 16, 2013.

  1. macrumors 6502

    DJLC

    Joined:
    Jul 17, 2005
    Location:
    Mooresville, NC
    #1
    So, today has been a massive headache...

    I get in to work. AFP is down; nobody can connect. Restarting the service via Server.app didn't help, so I just rebooted the Xserve completely.

    Upon boot, LDAP was no longer functional at all. Slapd exits with this error:
    Code:
    bdb_db_open: database "cn=authdata": db_open(/var/db/openldap/authdata/id2entry.bdb) failed: Invalid argument (22).
    I do have a nightly OD backup run by launchd. Unfortunately I was unable to figure out the password to mount the sparseimages that SH script creates. No evidence of the password is in the script, and none of the obvious choices worked.

    In a desperate attempt to get things going, I decided to try swapping in the id2entry.bdb file from a system clone I made a few months ago. Not much (if anything) has changed in our directory, after all. LDAP is now functional, but the log is filling itself with:
    Code:
    SASL [conn=19092] Failure: incorrect digest response
    I left a voicemail with our Apple server consultant. Things are mostly working aside from our usual issues with passwords being wiped out and managed preferences being ignored. But meanwhile, can anyone tell me what broke / what kind of sins I committed when I "fixed" it?
     
  2. macrumors demi-god

    Shrink

    Joined:
    Feb 26, 2011
    Location:
    New England, USA
    #2
    I thought your title said LAPD...and I thought, oh, no...not another LA police problem!!:eek::eek:
     
  3. thread starter macrumors 6502

    DJLC

    Joined:
    Jul 17, 2005
    Location:
    Mooresville, NC
    #3
    I'd welcome LAPD-style brutality toward OS X Server... :rolleyes:
     
  4. thread starter macrumors 6502

    DJLC

    Joined:
    Jul 17, 2005
    Location:
    Mooresville, NC
    #4
    Also, fixed...

    Figured out the password for the OD backup archives finally. Restored Friday's backup via Server Admin. All good + clean logs! :D
     
  5. macrumors newbie

    Joined:
    Jan 25, 2013
    #5
    I would add another layer of protection by implementing an OD Replica. In the instance of failure, simply promote the replica to a master and it will continue where the other left off.

    Basically, server1 goes down, server2 takes over. make Server1 a copy of server2, then shutdown server2 and server1 takes over again. promote server1 back to Master. return server2 to replica status

    Any Mac will do, even a VM.

    IIRC, the Server Admin Manual indicated that replicas were preferred and that all traffic should be routed to the replicas, so that in the case of failure, the Master is untouched.

    just my $0.02, trying to be helpful.. ;-)
     
  6. thread starter macrumors 6502

    DJLC

    Joined:
    Jul 17, 2005
    Location:
    Mooresville, NC
    #6
    Something similar is definitely on my to-do list! We have a Windows server at a nearby location and the two locations will be connected in a 100Mbps WAN this summer. The plan is to move to an AD/OD mix, with the Windows server handling authentication + RADIUS and the Xserve just kicking in for profile management and AFP. It's become clear to me that OS X Server isn't really suited to run its own domain.
     

Share This Page