Skip navigation

10.7.2: still can't replicate 10.6 Open Directory or restore from backup

1809 Views 4 Replies Latest reply: Sep 12, 2013 8:15 PM by Henri Shustak RSS
D. Hoffmann Level 1 Level 1 (10 points)
Currently Being Moderated
Oct 17, 2011 7:56 PM

I am trying to migrate my Open Directory (OD) database from an Xserve running 10.6.8 to an iMac running 10.7.2 now. As before the update to 10.7.2, I am unable to make the Lion server an OD replica of the OD database running on Snow Leopard.

 

This is what I do (please let me know, if anyting I do is wrong):

 

On the Snow Leopard Server (SLS) in the Server Admin utility, I go to the Open Directory service, the "Archive" subsection, choose a target directory for "Archive In", and click on the Archive button. I am then asked to name my archived database and provide a password. Let's say, it is "OD Archive," the file generated will be "OD Archive.sparseimage".

 

I copy this Sparseimage to the deskop of my Leopard Server (LS).

 

I then open the same place in the Server Admin utility on the LS. In the "Restore from" section I browse to the LS desktop and "Choose" the saved Sparseimage. I click on "Restore," at which point I am asked for the password of the archived OD database. When I supply it, it appears that my OD archive is being imported.

 

However, going into the Workgroup Manager on the LS, and logging in as diradmin, into /LDAPv3/127.0.0.1, shows no users from my SLS having been migrated. Why has this still not been fixed?

 

Likewise, when I try to make the LS an Open Directory replica of the SLS, I again, even after this updated informed that my OD database admin credentials are incorrect, when they are not. I had surely expeced a fix for this by the time we reached 10.7.2.

Xserve Dual 2.0 GHz Xeon, Mac OS X (10.6.6), Apple has made quite a bit of money off me over the years.
  • John Lockwood Level 5 Level 5 (5,075 points)

    Historically you have not been able to mix versions between an Open Directory Master and Replica, that is both would either have to be Snow Leopard, or both would have to be Lion.

     

    I have not tried upgrading to Lion this way (I am currently leaving my servers on Snow Leopard) but I can suggest the following based on experiences with Snow Leopard Servers.

     

    • As you already appear to have done, in Snow Leopard Server make an Archive of your Open Directory setup
    • Make sure you also have a backup of the entire Snow Leopard Server so you can go back to it if you can't successfully move to Lion
    • Setup the hostname, IP address and DNS records (which might mean setting up a DNS server) for the new Lion Server
    • Check this using the command line

     

    sudo changeip -checkhostname

     

    • Make the new Lion Server in to a new empty Open Directory Master
    • Test this new Open Directory Master by creating a test user and then deleting afterwards
    • Now move on to the restoring of the Open Directory Archive, when I did this last time, I found that I was given two choices, either to completely replace the Open Directory with the one from the Archive, or to merge the two together. I found that trying to replace failed and resulted in an empty Open Directory like you report, I found that chosing merge did work successfully

     

    If the above still does not work, then you might have to consider the following alternative approach.

     

    • On the Snow Leopard Server in Workgroup Manager export all the user accounts except the Admin and DirAdmin accounts
    • Optionally export all the Groups
    • Optionally export all the Computer Groups
    • Setup the new Lion Server
    • Create a new empty Open Directory
    • Import the files exported from Workgroup Manager

     

    This will not keep the original passwords. You will have to set a password for each account.

  • Antonio Rocco Level 6 Level 6 (10,095 points)

    Hi

     

    In keeping with the advice John has offered, you can't make an OD Replica of an OD Master which is not the same OS Version. It even has to be exactly the same version. For example 10.6.4 cannot be used to make an OD Replica of a 10.6.8 OD Master.

     

    This has been the case since 10.4. I could be wrong but I don't think there was LDAP redundancy in versions of the server prior to 10.4?

     

    You should also be aware that Apple have hampered the ability to create an effective OD Master using Server Admin. You should really use the 'new' Server App to achieve successful promotion. Once promoted you can use Server Admin to make what minor changes are possible using the GUI.

     

    If you decide to take John's alternative approach and depending on how many users you have, you can apply a Password Policy forcing all users to change their passwords. This would be a far quicker process than manually changing each one. I can - in my experience - confirm users, groups etc exported from a 10.6 Server and imported into 10.7 do not cause any problems.

     

    HTH?

     

    Tony

  • Martin Baechtold Level 1 Level 1 (15 points)

    I'm also trying to migrate OD from a SL server to Lion server using an archive from OD.

    I think there is a problem if your new Lion server has a different hostname than your SL server.

     

    This is what I get in /Library/Logs/slapconfig.log when I try to import the archive into Lion server's OD:

     

    <timestamp> Current hostname does not match that of the archive (<new_server> vs. <old_server>).  Please run changeip to make sure the hostnames match prior to restoring the archive.

  • Henri Shustak Calculating status...

    Hello Martin,

     

    With regards the error you mentioned :

    <timestamp> Current hostname does not match that of the archive (<new_server> vs. <old_server>).

    I would suggest that you use the changeip command to ensure that the hostname and IP address of the server matches the hostname file located within the open directory archive backup.

     

    As an example, if your server just needs to be refreashed with changeip and has an IP of 192.168.1.2 and FQHN of myserver.example.com then the following command should set allow you to import the backup.

     

    sudo changeip 192.168.1.2 myserver.example.com myserver.example.com

     

    Keep in mind that the hostname file would have to contain myserver.example.com in order for the restore to work on a Mac OS 10.8 system.

     

    I hope this helps


Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.