Previous 1 2 Next 28 Replies Latest reply: Jan 14, 2014 4:02 PM by jhdore Go to original post
  • gobi876h Level 1 (0 points)
    I suffered from the same issue but was unable to resolve using the above methodology because the cn=config.ldif file was gone. I thought that this was an issue from the 10.6.5 upgrade, but my backups show that this stretches back to at least the 10.6.4 upgrade. For some reason, nothing came of missing the file until 10.6.5 came and the whole house of cards fell in (i'm also missing /usr/libexec/slurpd, but that's a different story). I solved the issue by recreating the cn=config.ldif file using /usr/bin/slaptest -f /etc/openldap/slapd.conf -F slapd.d in the /etc/openldap directory. With the .ldif in place, I could then get SSL turned back on.
  • aliveonearth Level 1 (0 points)
    Rrrr.. This one is a little over my head. Same problem. The update was never applied with the "In Progress" being displayed in server admin 12 hours later it was still there. I did a reboot and was locked out of work group manager and no more ssh. This turned out to be a DNS related issue. as the reverse lookup on my local network was returning the servers external IP rather than the local one causing any authentication to fail. After restoring and fixing DNS I could use screen sharing and got a terminal on the server fro the local host and have server admin up. LDAP service are stopped and my root certificate is not valid. / Created a new one and trusted it in the keychain. reboot. LDAP still not started and I am here...
  • aliveonearth Level 1 (0 points)
    Any advice on what this actually means.. ??
    It looks to be like I don't have a configuration set up at all ?
    This is out side of the scope of my knowledge.... So if there are any one out there who know suggestions welcome.


    /usr/libexec/slapd -d -1
    @(#) $OpenLDAP: slapd 2.4.11 (Aug 12 2010 17:17:10) $
    daemon_init: <null>
    ODNodeCustomCall node(/Cache) - ERROR (4001)
    daemon: SLAPSOCKINIT: dtblsize=256
    daemon_init: listen on ldap:///
    daemon_init: 1 listeners to open...
    ldapurl_parseext(ldap:///)
    daemon: bind(8) failed errno=13 (Permission denied)
    daemon: bind(8) failed errno=13 (Permission denied)
    slapopenlistener: failed on ldap:///
    slapd stopped.
    connections_destroy: nothing to destroy.
    ODNodeCustomCall node(/Cache) - ERROR (4001)
  • aliveonearth Level 1 (0 points)
    Success .. Removed the 5 offending lines with reference to my old root certificate and .. LDAP is up and runnig again...
  • perigean Level 1 (0 points)
    I'm attempting this fix, but received a "Permission Denied" response after entering the "...cn=config.ldif".

    Any suggestions?
  • Dr Mike Level 1 (115 points)
    Absolute gold. I can't thank you enough for posting this!
  • Dr Mike Level 1 (115 points)
    You need root permissions to edit this file. Try using sudo or su to switch to the root account first.
  • Bao-Khang Nguyen Level 1 (15 points)

    Second Day of 2012! Certificate about to expire. Updated the Self-assigned Cert. Boom! Dead in the water. Running Snow Leopard (10.6.8).

     

    Well thanks to root66 Problem solved!

     

    Thanks a million!

     

    -Bao

  • ruluk7 Level 1 (0 points)

    works also for me, thanks root 66!

  • quickthyme@mac.com Level 1 (0 points)

    Root 66, you saved the day with your response!!! Apple phone support told me I was going to have to rebuild my LDAP from scratch. Following your approach saved me countless hours, not to mention my job. THANK YOU!!

  • Sellers Level 1 (10 points)

    Thanks much - this was very helpful even in 10.8.  

  • soerenkroeger Level 1 (0 points)

    Even after updating to 10.8.4 !! Thanks a lot!

  • Tyson Brown Level 1 (5 points)

    Thankyou so much everyone, and particularly root66!  This post saved my bacon BIG TIME when my certificate update went terribly wrong....  Note that this worked in OS X server 10.7.4...

     

    Hurray!!! Thanks again!

  • jhdore Level 1 (0 points)

    Get In my son! Having trawled t'internet for nearly six hours, found your posting re the contents of /etc/openldap/slapd.d/cn=config.ldif containing outdated SSL certificate references. They do not match current SSL certificates, which was preventing my Lion Server LDAP and Open Directory from starting.

     

    deleting the outdated references cured the problem. Many thanks, dude!

Previous 1 2 Next