Apple Event: May 7th at 7 am PT

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Level 1

0 points

Periodic errors authenticating caldav/carddav

I'm having users from iCal and via their iPhones get periodic errors while trying to connect to our MacOS X Lion server. The caldav logs show an odd error:

2012-04-11 14:24:53-0700 [-] [caldav-6] [PooledMemCacheProtocol,client] [calendarserver.platform.darwin.od.opendirectory#error] Error Domain=com.apple.OpenDirectory Code=5205 "Authentication server encountered a communication error while attempting the requested operation." UserInfo=0x7fc5e2f1db00 {NSLocalizedDescription=Authentication server encountered a communication error while attempting the requested operation., NSLocalizedFailureReason=Authentication server encountered a communication error while attempting the requested operation.}

2012-04-11 14:24:53-0700 [-] [caldav-6] [PooledMemCacheProtocol,client] [twistedcaldav.directory.appleopendirectory.OpenDirectoryRecord#error] OpenDirectory (node=xxx.seatme.com) error while performing digest authentication for user jordan: Error Domain=com.apple.OpenDirectory Code=5205 "Authentication server encountered a communication error while attempting the requested operation." UserInfo=0x7fc5e2f1db00 {NSLocalizedDescription=Authentication server encountered a communication error while attempting the requested operation., NSLocalizedFailureReason=Authentication server encountered a communication error while attempting the requested operation.}

So it seems that ocacssionally, the connection to OpenDirectory simply fails. Has anyone else run into this problem? We have about 50 devices hitting this server and when it happens, iCal prompts the user saying their password is invalid and asks them to enter their password again which is subpar to say the least.

Mac mini Server (Mid 2011), Mac OS X (10.7.3)

Posted on Apr 11, 2012 2:39 PM

22 replies

Uzilurcs

Level 1

0 points

Jul 9, 2012 7:52 AM in response to Martin Baechtold

recheck the log.

the message will be return in 1-2 days.

Jul 9, 2012 7:55 AM in response to Uzilurcs

I definitely will keep an eye on the logs. Thank you.

Aug 4, 2012 2:28 AM in response to Aloisius

Hi,

Could you tell me how you got the script working? I tried what you wrote but either watchpath is not working well or the script below is not running because the user logged in is not the root?

For your information, I am logged in as an admin user but not as root. So when I try to execute the script below with that user, I get "No matching processes belonging to you were found." How can I get the script below to work without logging in as root?

Would really appreciate an answer. Sorry for being such a newbie. I am just maintaining the Lion Server for a small office of about 50 people and am not some expert computer guy.

if tail -n20 /private/var/log/opendirectoryd.log | grep -q "Broken pipe"

then

killall PasswordService;

sleep 5;

killall opendirectoryd;

sleep 5;

exit;

ppitton

Level 1

12 points

Aug 6, 2012 11:47 AM in response to Aloisius

Hi,

that sounds like in-depth knowledge.

I changed my DynDNS server and then changed the SSL-certificate which in turn screwed up my whole CalDAV and CardDAV setup.

Anyone who could help "looking over" the server config?

I'm sure it's only a few command lines away, but I have no idea at all.

I would even reset the whole server, but don't know how, since it was a test-setup only, starting to "fill" it.....

Thanks,

Peter

BTW: your name sound German?

Aug 6, 2012 1:46 PM in response to Community User

No matching processes belonging to you were found

That's because opendirectoryd and PasswordService are owned by the root user, not by the currently logged in user (you).

The script has to be executed as root. You can do this by making sure the script is owned by root (chown root:wheel) and the launchd plist is owned by root and placed in /Library/LaunchDaemons/.

Use sudo launchctl load to activate the launchdaemon.

Sep 18, 2012 6:43 PM in response to Aloisius

Hi Jonathan

Looks like you have a great solution. But alas, I have know idea what it is! I have already applied

sudo echo "limit maxfiles 10240 120000">/etc/launchd.conf

but about once a week I am still getting passwords not being reconised, I restart and everythign comes back (except iCal so I hit that with

sudo serveradmin settings calendar:Authentication:Wiki:URL = "http://127.0.0.1:8089/RPC2"

and I am all good.

Now enough about me!

So you create a plist called com.seatme.checkpwservice.plist , that contains

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<dict>

<key>Label</key>

<string>com.seatme.CheckPwService</string>

<key>ProgramArguments</key>

<array>

<string>/usr/local/bin/checkpwservice</string>

</array>

<key>WatchPaths</key>

<array>

<string>/private/var/log/opendirectoryd.log</string>

</array>

<key>StandardOutPath</key>

<key>ThrottleInterval</key>

</dict>

</plist>

and place it in /Library/LaunchDaemons/

Next you go to /usr/local/bin/ and what?

I am a little lost with the next part!

Sep 19, 2012 6:54 AM in response to paulfromburwood

What you are doing is creating a LaunchDaemon that monitors the opendirectoryd.log file for changes. Every time the log is updated, the script executes. Most of the time it's nothing bad going on, just regular log messages that don't mean anything. But if the log starts containing messages that say "Broken pipe" then you know you've got a problem. The script checks the log every time it's updated and looks for that text. If it finds it, it kills Open Directory. Launchd will then see that opendirectoryd isn't running and respawn it.

First your ProgramArguments look incorrect in your plist file. It should look like this:

<key>ProgramArguments</key>

<array>

<string>/bin/sh</string>

<string>/Users/serveradmin/Agents/KickAuthServer.sh</string>

</array>

I would append a .sh file extension to your script to indicate it's a shell script.

Now you place your plist file in /Library/LaunchDaemons, you want to make sure it's owned by root:

sudo chown root:wheel /Library/LaunchDaemons/com.seatme.checkpwservice.plist

Next, place your script wherever you like. In your plist, you're placing it in /usr/local/bin, which is fine. Now make sure the script is owned by root.

sudo chown root:wheel /usr/local/bin/checkpwservice.sh

Finally, use the sudo command to load your launchdaemon.

sudo launchctl load /Library/LaunchDaemons/com.seatme.checkpwservice.plist

Doing so allows the daemon to run with root privileges, which is required to do things like kill the password service.

Periodic errors authenticating caldav/carddav