workgrp mgr not saving account changes...??

Question

Level 1

115 points

workgrp mgr not saving account changes...??

i keep having issues where i make a change to an OD acct, authenticated into dir LDAPv3/127.0.0.1, i press save and try to move to the next acct and i get a dial saying 'want to save changes?' and i say yes, save, then the same thing happens and i have to hit 'don't save' in order to move on. the change is reflected in the acct, but when i log out and back in again, the changes are reverted.... very frustrating.

there is also this entry in the ldap log;

Apr 15 10:57:31 server slapd[41]: <= bdb substringcandidates: (authAuthority) index_param failed (18)
Apr 15 10:57:31 server slapd[41]: SASL [conn=6] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Key version number for principal in key table is incorrect)
Apr 15 10:59:12 server slapd[41]: <= bdb substringcandidates: (authAuthority) index_param failed (18)
Apr 15 10:59:12 server slapd[41]: SASL [conn=8] Failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Key version number for principal in key table is incorrect)

related?

any ideas to get past this bug? or am i doing something wrong...?? this has worked fine in the past and i haven't changed anything i'm aware of...

tia.

Xserve; MacPro; C2D PwrBks; iPhone; still have that Newton 2000 in the closet..., Mac OS X (10.5.6)

Posted on Apr 15, 2009 11:06 AM

Reply

Answer 1

dtich Author

Level 1

115 points

Apr 15, 2009 11:33 AM in response to dtich

also this in the kerberos admin log:

Apr 15 10:52:48 server.domain.net kadmin.local[21751](info): No dictionary file specified, continuing without one.
Apr 15 10:54:21 server.domain.net kadmin.local[21783](info): No dictionary file specified, continuing without one.
Apr 15 10:54:21 server.domain.net kadmin.local[21783](info): No dictionary file specified, continuing without one.
Apr 15 10:54:47 server.domain.net kadmin.local[21784](info): No dictionary file specified, continuing without one.
Apr 15 10:54:47 server.domain.net kadmin.local[21784](info): No dictionary file specified, continuing without one.

fwiw? anyone have a thought on the issue here?

thanks.

Reply

Answer 2

Pagrash

Level 1

84 points

Apr 21, 2009 2:59 PM in response to dtich

I can show you how to fix the authAuthority error, but I'm not sure if it will correct the other problems, especially the SASL error. I think I would run a disk check first.

We had the (authAuthority) index_param failed (18) entry in a server, and while everything seemed to work OK, the constant error began to bloat the slapd.log file.

In our case, for some reason, authAuthority was not indexed during installation.

We corrected it by adding the index entry in the LDAP and reindexing.
To do so I did the following:

1) Added the index entry in ldap
In WGM
Go to Inspector tab.
Choose
OLCBDBConfig / {1}bdb /
Expand
dsAttrTypeNative:olcDbindex

Look for the:
authAuthority sub
Entry.
If its not there choose
"New Value"
and add
authAuthority sub
in the text window.

Close and quit WGM
Close and quit Server admin, to make sure there are no locks on the database.

2) shut down slapd. i.e., Run:
sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist

Check the slapd.log in the console for ..."slapd stopped".

3) Reindex the database. i.e., Run:
sudo /usr/sbin/slapindex -v -d 1

4) Restart slapd. i.e., Run:
sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist

Check the slapd.log. If all went well, you should not see
authAuthority) index_param failed (18)
anymore.

I Hope this helps.
Steve

Reply

Answer 3

dtich Author

Level 1

115 points

Apr 21, 2009 5:26 PM in response to Pagrash

steve, very good, i'll get into that. see what works. thanks so much, really appreciate it.

dt

Reply

Answer 4

May 4, 2009 12:09 PM in response to Pagrash

This worked for me, many thanks!

Now to figure out:
No dictionary file specified, continuing without one.
Which spams my kerberos log file just as often.

Reply