12693 Views 10 Replies Latest reply: Jun 30, 2010 7:54 PM by James Nennemann
A call to Apple support helped solve this problem, especially to deal with a typo in the Apple Snow Leopard Server documentation:
1. Export all of your users, groups, etc. to files. Passwords will be reset but everything else will work.
2. In OD, change the server to be "stand alone" (basically turning off OD).
3. From the command line run the following command, noting that you literally put the string "HostName" in the position specified, not the old host name specified in the documentation:
sudo scutil --set HostName <fully qualified domain name>
5. Restart Server Admin and recreate the OD master using the fully qualified name.
6. Go to KeyChain and look for the entries for system -> com.apple.opendirectory. One should point to your server and one should be blank. Delete the bank entry.
Blessed are the pessimists, for they hath made back ups.
Yesterday, I accidentally deleted a group. Don't ever do that. Can't be undone, and the permissions on the sharepoints have to be re-built because the group name in the access control list is gone.
If you delete users but still have groups and group permissions, you can re-populate the group with new users and the group permissions in the ACL are fine.
Learned that the hard way.
The problem with restoring an Archived LDAP Database is you'll be restoring the previous Domain/Realm with all references to it into a different Domain/Realm. I'm not saying this won't work but if you do you'll in all likelihood introduce potentially major problems.
FWIW restoring a damaged/corrupted LDAP Database is not a good idea either.
I have to say if that is the case then it is really f@#$ up. I have run every version of OS X Server since version 1 and the server OS has always seemed a little unfinished with too much margin for error... very un-apple like. They kind of treat it like the red headed stepchild.
I am going to image the SSD before I try so that I can still regress if need be. I will be giving it a shot in about 4 hours and I will try to remember to come back here and report progress.
I'm not sure I entirely agree with you, but you do have a point. However making a backup of the server either as a cloned .dmg or on a bootable external drive is regarded generally by Apple as "Best Practice'. This has been known for some time as of course you already knew. I make this point because a lot of posters on these boards fail to realise this and invariably end up posting because of some problem they've had after running a major update. It comes as a shock to some of them when they realise there's no 'rollback' or 'undo' as their is in Windows.
Yes... I had to export users, groups, computers and computer groups, demote to stand-alone, re-promote then reimport users, groups, computers and computer groups, loosing passwords for the 300+ users. *****, but such is life.
Thanks for the input, Tony; You were right on. BTW - Archive and Restore worked just fine in 10.6. I performed that operation two or three times as I experimented. The only problem was that it brought over EVERYTHING including the LDAP search base.
****... if Snow Leopard was perfect, who would want to buy 10.7, right? (;-)