5 Replies Latest reply: Nov 20, 2012 12:59 PM by MrHoffman
bsungur Level 1 (0 points)

Does open directory master work without replica? What can I do for work without replica?


image 1: Open Directory Master


Screen shot 2012-11-14 at 9.18.26 AM.png


image 2: Open directory replica


Screen shot 2012-11-14 at 9.20.33 AM.png

Mac OS X (10.6.8), open directory master, replica
  • MrHoffman Level 6 (14,762 points)

    I'm not entirely certain I understand the question you're asking here.  A few more words around the current problem and any errors or diagnostics or symptoms you might be seeing — and some background on your configuration and goals — might help me with that understanding.


    Open Directory works just fine without replicas around, if that's your question.


    If your replica server is still around and you "just" want rid of it, then demote it using Server Admin too, and it'll "cleanly" exit the configuration.


    Getting rid of a tangled or missing replica server can involve a few extra non-GUI steps, if the replica server is somehow no longer around to exit "cleanly" the configuration, if that's your question.  (There's a Krypted post on this topic, for instance.)

  • bsungur Level 1 (0 points)

    Hi MrHoffman


    I am sorry, for the unclear question


    We want to use open directory without replica. what do you  think about it. Do we have any problem?



  • MrHoffman Level 6 (14,762 points)

    I think that you will want to....

    • ensure you have proper (and occasionally tested) backups of your Open Directory data, as OD does occasionally get corrupted, disks do fail, server security does get breached, and accidents do happen.
    • establish an OD replica if/when your local operations become or are large enough to require that your authentication needs better uptime, or if you're starting to distribute your authentication data across multiple (remote) sites.
    • consider an upgrade to newer versions of OS X Server, as OS X Server 10.6 has largely fallen off Apple support.


    Is running one Open Directory server and no replicas particularly problematic?  Not really.  I know a number of sites that have services (DNS, OD, mail, whatever) that are effectively single points of failure.  But that's as much a business decision as a technical one, and business decisions are almost always local decisions.

  • bsungur Level 1 (0 points)

    Our _ldap_replicator user is always disable.Why does it to be disable? What does _ldap_replicator work ? Is it important to _ldap_replicator is active?


    Screen shot 2012-11-20 at 8.35.26 AM.png

  • MrHoffman Level 6 (14,762 points)

    If there are no LDAP replicas, then it would be somewhat unusual for the replication mechanisms to be active.


    I'm not sure whether there is a larger question here that you're not directly asking, or whether you're trying to learn how LDAP and related pieces fit together or — and this is usually the most hazardous to your sanity — whether you're poking around with hidden viewing enabled — that bullseye icon — and looking in log files for scary-looking things. 


    If it's the latter, you'll definitely find scary messages, weird messages, odd errors, and related.  And typically, there are no problems, either.  Turn off the hidden views and related, and let OS X Server do its work.


    If you're trying to learn LDAP, there are some pretty good books on that topic, including one or two from O'Reilly.  The OS X Server manuals for 10.6 have some decent details, too.


    If it's the former — if you have a particular and overarching question here — well, ask away.