How to repair Open Directory Master after Changing Hostname

Summary:

How to repair Open Directory after Changing your Server's Hostname (see separate post)

Problem:

I had to change our server's hostname from a private hostname (server.name.private) to a public hostname (name.dyndns.org).

Procedure:

1. Precautions:

Since I was anticipating major dramas I tested the change of hostname on a clone ( I used Super Duper, and I very strongly advise everybody to heed this warning because a change of hostname will corrupt your server services, in particular Open Directory)

Second, I exported the network users from Server Admin and copied the archive to the Drop Folder of the server's local account (because the network accounts will be unavailable after demoting the OD Master.)

2. Change hostname and demote OD Master

a) I re-booted the server from the clone

b) I changed the hostname in Server App and I noticed that the Open Directory Password and the Kerberos database were still stuck with the old hostname.

c) I then demoted to a standalone directory (Server Admin) and I tried to promote the server to an OD Master using the Server App (Manage Network Accounts). Server App always returned an error saying I should check my network settings.

3. List of 'fixes'

I tried the following fixes to no avail (which does not mean that you can skip them)

a) I checked the DNS entries, forward and reverse were working fine (sudo checkip -changehostname)

b) Checked with Lookup in Network Utility, all was fine

c) I deleted all system certificates (Keychain) which showed the name of the previous hostname

( N.B. you need not delete email certificate and private/public keys)

d) I tried to assign a new static IP in Networking Preferences (had no visible result)

e) I re-booted from the working drive and I re-paired permissions on the clone; I ran disk repairs.

Despite all this I could not re-create an OD Master.

I then looked for this dubious folder /var/root/Library/Application Support/Certificate Authority.

I could not find this folder when using the Finder's Go To Folder, nor did "Easy Find" see this folder.

I was about to give up when I read the posts on this page and I entered the Terminal commands

sudo rm -R /var/root/Library/Application\ Support/Certificate\ Authority/

I had not much hope when I set about to re-create the OD Master from the Server App.

But lo and behold !!! I did not trust my eyes when Server App claimed that the OD Master had been successfully created. And indeed, Server admin showed a running OD Master, LDAP, Kerberos and Password Server all running again !

Final touch: re-import the user accounts.

Epilogue:

I woud not have been able to fix this issue had not so many others shared their experience and the working solution.

(Refer : https://discussions.apple.com/thread/3219325?start=0&tstart=0 )

Thank you all !

Let's hope that Apple will fix this annoying issue in the next server update.

Regards,

Twistan