Q: Can't setup OD

Question

Jack Humphries

Level 1 (30 points)

Q: Can't setup OD

Hi, I was having a problem with my server so I wiped it and restored from a Time Machine backup. Server.app was not automatically put back on, so I had to reinstall it from the Mac App Store. The services work fine, however I cannot create a new Open Directory Master! I tried it in Server Admin, too, and it failed. Here is the configuration log:

ng new entry "cn={9}customSchema,cn=schema,cn=config"

2011-09-05 21:03:10 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi

2011-09-05 21:03:10 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID

2011-09-05 21:03:10 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi

2011-09-05 21:03:10 +0000 command: /usr/sbin/mkpassdb -o -u diradmin -p -q

2011-09-05 21:03:11 +0000

2011-09-05 21:03:11 +0000 command: /usr/sbin/mkpassdb -setadmin 0x76144ee2d80211e0b05dc82a142a67c3 0

2011-09-05 21:03:11 +0000 Admin's entry UUID is: dd8f6021-4bc4-49c5-9542-b4043e7ca60b

2011-09-05 21:03:11 +0000 Setting SASL realm to <CHILLYSKY.COM>

2011-09-05 21:03:11 +0000 command: /usr/sbin/mkpassdb -setrealm CHILLYSKY.COM

2011-09-05 21:03:12 +0000 command: /bin/launchctl load -w /System/Library/LaunchDaemons/com.apple.PasswordService.plist

2011-09-05 21:03:13 +0000 Stopping LDAP server (slapd)

2011-09-05 21:03:15 +0000 Starting LDAP server (slapd)

2011-09-05 21:03:15 +0000 Waiting for slapd to start

2011-09-05 21:03:15 +0000 ...

2011-09-05 21:03:16 +0000 Configuring Kerberos server, realm is CHILLYSKY.COM

2011-09-05 21:03:16 +0000 command: /usr/sbin/kdcsetup -f /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -w -a diradmin -p **** -v 1 CHILLYSKY.COM

2011-09-05 21:03:34 +0000 Contacting the Directory Server

Authenticating to the Directory Server

Creating Kerberos directory

Creating KDC Config File

Creating Kerberos Database

Using existing master key file

Creating Kerberos Admin user

Creating ACL file

Adding kerberos auth authority to admin user

Starting kdc & kadmind

Adding the new KDC into the KerberosClient config record

Finished

2011-09-05 21:03:34 +0000 command: /usr/sbin/kdcsetup -e

2011-09-05 21:03:34 +0000 command: /usr/sbin/sso_util configure -x -r CHILLYSKY.COM -f /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi -a diradmin -p **** -v 1 all

2011-09-05 21:03:34 +0000 command: /usr/sbin/mkpassdb -kerberize

2011-09-05 21:03:34 +0000 Updating user records and principals

2011-09-05 21:03:46 +0000 Asking OpenDirectoryConfig to bind to server: 127.0.0.1

2011-09-05 21:03:48 +0000 Attempting to open /LDAPv3/127.0.0.1 node

2011-09-05 21:03:48 +0000 Verified /LDAPv3/127.0.0.1 node is available

2011-09-05 21:03:49 +0000 command: /usr/sbin/sso_util info -r /LDAPv3/127.0.0.1 -p

2011-09-05 21:03:49 +0000 Creating Root CA

2011-09-05 21:03:50 +0000 ***Error creating domain CA. Error - The specified item already exists in the keychain.

2011-09-05 21:03:50 +0000 Root CA creation failed with error - -25299

2011-09-05 21:03:50 +0000 Destroying OD master as CA creation failed with error 75

2011-09-05 21:03:50 +0000 Logging slapd container data to /var/run/slapconfig_error_1315256630

2011-09-05 21:03:50 +0000 Stopping LDAP server (slapd)

2011-09-05 21:03:52 +0000 command: /usr/sbin/slapcat -l /var/run/slapconfig_error_1315256630/user.ldif

2011-09-05 21:03:52 +0000 command: /usr/sbin/slapcat -b cn=authdata -l /var/run/slapconfig_error_1315256630/authdata.ldif

2011-09-05 21:03:52 +0000 Error retrieving kerberos realm

2011-09-05 21:03:52 +0000 CopyReplicaArray: ldap_search_ext_s failed

2011-09-05 21:03:52 +0000 Error retrieving replica array

2011-09-05 21:03:52 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.opendirectorybackup.plist

2011-09-05 21:03:52 +0000 Deleting Cert Authority related data

2011-09-05 21:03:52 +0000 No intCAIdentity, not removing int CA from keychain

2011-09-05 21:03:52 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist

2011-09-05 21:03:52 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist

2011-09-05 21:03:52 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist

2011-09-05 21:03:52 +0000 _destroyLDAPServer: Failed to find computer record named chillysky.com$: 2100 Connection failed to the directory server.

2011-09-05 21:03:52 +0000 Updating ldapreplicas on primary master

2011-09-05 21:03:52 +0000 Unable to locate primary master

2011-09-05 21:03:52 +0000 Primary master node is nil!

2011-09-05 21:03:52 +0000 Unable to locate ldapreplicas record: 0 (null)

2011-09-05 21:03:52 +0000 Error setting read ldap replicas array: 0 (null)

2011-09-05 21:03:52 +0000 Error setting write ldap replicas array: 0 (null)

2011-09-05 21:03:52 +0000 Could not retrieve xmlplist from ldapreplicas: 0 (null)

2011-09-05 21:03:52 +0000 Error synchronizing ldapreplicas: 0 (null)

2011-09-05 21:03:52 +0000 Removing self from the database

2011-09-05 21:03:52 +0000 Warning: An error occurred while re-enabling GSSAPI.

2011-09-05 21:03:52 +0000 Stopping LDAP server (slapd)

2011-09-05 21:03:53 +0000 cleanKeytab: unable to retrieve default realm

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/mail.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/__db.001.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/__db.002.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/__db.003.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/__db.004.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/__db.005.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/__db.006.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/alock.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalAliases.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.

2011-09-05 21:03:53 +0000 Removed directory at path /var/db/openldap/authdata.

2011-09-05 21:03:53 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.

2011-09-05 21:03:53 +0000 Removed file at path /etc/openldap/slapd.conf.

2011-09-05 21:03:53 +0000 Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist.

2011-09-05 21:03:53 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.

2011-09-05 21:03:53 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.

2011-09-05 21:03:53 +0000 Removed directory at path /etc/openldap/slapd.d.

2011-09-05 21:03:53 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.

2011-09-05 21:03:53 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.

2011-09-05 21:03:53 +0000 Removed directory at path /etc/openldap/slapd.d.backup.

2011-09-05 21:03:53 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.PasswordService.plist

2011-09-05 21:03:59 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.

2011-09-05 21:03:59 +0000 Removed file at path /var/run/slapconfig.lock.

Mac OS X Server, Mac OS X (10.6.7)

Posted on Sep 5, 2011 2:09 PM

I have this question too

Q: Can't setup OD

All replies

Helpful answers

by Jack Humphries,

Jack Humphries Sep 5, 2011 2:11 PM in response to Jack Humphries
Level 1 (30 points)

Sep 5, 2011 2:11 PM in response to Jack Humphries

If you notice, it says: 2011-09-05 21:03:52 +0000 Primary master node is nil!. Is that important? What does it mean? Is it even relevant?
Reply options

Link to this post

by FlorianLeo,

FlorianLeo Feb 19, 2016 8:41 AM in response to Jack Humphries
Level 1 (9 points)

Mac OS X

Feb 19, 2016 8:41 AM in response to Jack Humphries

Do you still have this question?
The problem might be that the "old" Certificates are still in place?
Goto /private/var/root/Library/Application\ Support/ and look for a folder called Certificate\ Authority
if it's there then delete it, and try to create the OD-Master again.
Reply options

Link to this post

Q: Can't setup OD

All replies Helpful answers

by Jack Humphries,

by FlorianLeo,

All replies

Helpful answers