Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Richard Jarram
Richard Jarram Author
User level: Level 1
0 points

General LDAP problem

Hi,


I have set up a lion server as a directroy master and bound clients on the LAN to this directory. On the cient machines I can directly access and edit the network accounts via directory utility. However, when I try to log on via the netowk account through network login I am faced with the error message: "You are unable to log in to the user account ... at this time. Logging in to the account failed because an error occured. (Not a very helpful error box...).


Forward and reverse DNS settings have been confiugred properly (other server services such as VPN fully-functional), and on the server machine I can log in to the network account via the network login portal.


Checking the var/log files for LDAP, i get this concurrent error message repeating itself every few seconds:


Sep 5 14:04:41 server slapd[1469]: conn=7586 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037"


Any Ideas?


REgards,

Richard.

MAC OS X LION SERVER-OTHER, Mac OS X (10.7.4)

Posted on Sep 5, 2012 6:10 AM

Reply
6 replies
User profile for user: Jonathan Melville
Jonathan Melville
User level: Level 2
450 points

Sep 5, 2012 7:56 AM in response to Richard Jarram

  1. Did you bind the client to your directory using the server's fully qualified domain name?
  2. Is the client looking to the server for DNS?
  3. In terminal on the client machine, type 'host' and then the FQDN of your server. Does it return the right IP address?
  4. In terminal on the client, type 'host' and then the IP address of the server. Does it return the right hostname?
  5. On the server in terminal, what is returned from 'sudo changeip -checkhostname'
Reply
User profile for user: Richard Jarram
Richard Jarram Author
User level: Level 1
0 points

Sep 5, 2012 9:11 AM in response to Jonathan Melville

Hi,


1) Yes. In the Server Admin app the server is configured to run as a DNS server:

- server.[example].private.

- 10.0.1.200


2) Yes. In the Directory Utility the search policy lists:

/LDAPv3/server.[example].private.


3) Yes. Terminal returns:

server.[example].private has address 10.0.1.200

(terminal does not return the address with a trailing dot at the end of the address - is this significant?)


4) Yes. Terminal returns:

200.1.0.10.in.arpa domain name pointer server.[example].private.


5) Terminal returns:


Primary address: 10.0.1.3

Current Hostname: RJ-MBP.local

The DNS hostname is not available, please repair DNS and re-run this tool.

dirserv:success = "success"

Reply
User profile for user: Jonathan Melville
Jonathan Melville
User level: Level 2
450 points

Sep 5, 2012 9:36 AM in response to Richard Jarram

The DNS hostname is not available, please repair DNS and re-run this tool.


You should always run changeip -checkhostname on a server before you promote it to an Open Directory Master. You can see that DNS is not properly configured.


You have an A Record in your primary zone that indicates your servers hostname is "server.example.private" but the server thinks it's hostname is "RJ-MBP.local".


DNS has to be 100% perfect for directory services to function correctly.

Reply

General LDAP problem

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up