Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Joe Swenson
Joe Swenson Author
User level: Level 3
743 points

Lion OD replica problem

slapconfig -createreplica --certAdminEmail username@university.edu cpstudx1.domain.priv diradmin

diradmin's Password:

2012-02-06 21:49:49 +0000 command: /usr/sbin/sso_util info -r /LDAPv3/ldap://cpstudx1.domain.priv -p

sso_util command failed with status 2

2012-02-06 21:49:49 +0000 _preflightLDAPReplica: could not read the Kerberos realm from the master cpstudx1.domain.priv

2012-02-06 21:49:49 +0000 Not creating replica due to failure to read Kerberos realm from master. (error = 78)

2012-02-06 21:49:49 +0000 Not creating replica due to preflight failure.

2012-02-06 21:49:49 +0000 Not creating replica due to preflight failure. (error = 78)


I had this system as a replica, I demoted it from replica status in an apparently vain attempt to see if I could clear up all these errors:


Feb 6 16:03:10 cpstudx1 slapd[1058]: slap_client_connect: URI=ldap://MASTUDXM.local:389 ldap_sasl_interactive_bind_s failed (-1)

Feb 6 16:03:10 cpstudx1 slapd[1058]: do_syncrepl1: client_connect failed (-1)

Feb 6 16:03:10 cpstudx1 slapd[1058]: do_syncrepl: rid=005 rc -1 retrying

Feb 6 16:03:10 cpstudx1 slapd[1058]: slap_client_connect: URI=ldap://BCSTUDXM.DOMAIN.PRIV:389 ldap_sasl_interactive_bind_s failed (-2)

Feb 6 16:03:10 cpstudx1 slapd[1058]: do_syncrepl1: client_connect failed (-1)

Feb 6 16:03:10 cpstudx1 slapd[1058]: do_syncrepl: rid=002 rc -1 retrying

Feb 6 16:03:10 cpstudx1 slapd[1058]: slap_client_connect: URI=ldap://erstudxm.domain.priv:389 ldap_sasl_interactive_bind_s failed (-2)

Feb 6 16:03:10 cpstudx1 slapd[1058]: do_syncrepl1: client_connect failed (-1)

Feb 6 16:03:10 cpstudx1 slapd[1058]: do_syncrepl: rid=003 rc -1 retrying

Feb 6 16:03:11 cpstudx1 slapd[1058]: SASL [conn=1279] Failure: incorrect digest response


Anyone have useful thoughts? Thanks

Mac OS X (10.7.3)

Posted on Feb 6, 2012 2:09 PM

Reply
9 replies
User profile for user: Joe Swenson
Joe Swenson Author
User level: Level 3
743 points

Jul 26, 2012 8:35 AM in response to bezzoh

Shoot. I should have replied to this thread.

After spending a bunch of time with Apple Support, I figured out that there's a computer group called com.apple.opendirectory.group that is retaining records of previously connected replicas, and this data isn't being removied or over-written.

So, here's what you do:


On the Master remove the failed replicas from command line

$ sudo slapconfig -removereplica replica.fqdn.priv

$ sudo slapconfig -removereplica replica2.fqdn.priv


On both replicas, run this command

$ sudo slapconfig -destroyldapserver


On the master open /System/Library/CoreServices/Directory Utility.app

Click on the "Directory Editor" tab

Change the node to /LDAPv3/127.0.0.1

Go to ComputerGroups

Select the com.apple.opendirectory.group

Delete the offending replicas from GroupMembers (you'll have to figure out the replica's GeneratedUID, which I do by looking at the computer accounts), GroupMembership and Member


Now you should be able to re-connect the replica

Reply
User profile for user: bezzoh
bezzoh
User level: Level 1
4 points

Jul 26, 2012 8:56 AM in response to Joe Swenson

That explains a few things then as i was importing computer groups originally. I have since today however abandoned all hope of complete replication however and reverted to each site having a standalone server. Reason being, once i had gotten a server replicated the one time replication worked fine, however subsequent ones did not and the LDAP log consistenly gets full of ldap_sasl_interactive_bind_s failed errors on both the master and replica.


Unless you have any insight on this also, i'm unfortunately stuck with multiple masters at each customer site (which is a real pain for management).


Thanks for your response however, that did at least explain how I got 1 server connected this morning (as i'd actually demoted that one when in 10.6 prior to the 10.7 install.

Reply
User profile for user: rockhill04
rockhill04
User level: Level 1
8 points

Sep 22, 2012 5:05 AM in response to Joe Swenson

I tried your suggestion and I am down to this error. Any feedback on how to fix this. The OD Master is brand new installed.


sso_util command failed with status 2

2012-09-22 11:58:53 +0000 _preflightLDAPReplica: could not read the Kerberos realm from the master server.mydomain.com

2012-09-22 11:58:53 +0000 Not creating replica due to failure to read Kerberos realm from master. (error = 78)

2012-09-22 11:58:53 +0000 Not creating replica due to preflight failure.

2012-09-22 11:58:53 +0000 Not creating replica due to preflight failure. (error = 78)


Thanks in advance for any feedback.


running 10.7.5

Reply

Lion OD replica problem

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up