when trying to create an open directory master after i had to re-install my server i get the error message stated in the title and it is vital that i get this repaired as i cant allow access to the network to anyone until this is resolved, I have already tried re-installing and deleting my server folder but no change has occured
Thanks in advance
iMac (21.5-inch Mid 2011), OS X Server
Was DNS already set up and fully tested? Anything in the logs?
yes the DNS is fine im trying the re install one more time ill get back to you in around ten minutes 🙂
heres the logs but im no expert so i dont know what anything means 😟
2013-12-07 19:42:20 +0000 Success. Master creation is possible.
2013-12-07 19:42:24 +0000 Success. Master creation is possible.
2013-12-07 19:42:32 +0000 Success. Master creation is possible.
2013-12-07 19:42:33 +0000 slapconfig -createldapmasterandadmin
2013-12-07 19:42:33 +0000 command: /usr/bin/sntp -s time.euro.apple.com.
2013-12-07 19:42:36 +0000 Success. Master creation is possible.
2013-12-07 19:42:36 +0000 Starting LDAP server (slapd)
2013-12-07 19:42:40 +0000 slapd started
2013-12-07 19:42:40 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2013-12-07 19:42:55 +0000 command: /usr/sbin/slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
13-12-07 19:42:56 +0000 Stopping LDAP server (slapd)
2013-12-07 19:43:03 +0000 Starting LDAP server (slapd)
2013-12-07 19:43:04 +0000 slapd started
2013-12-07 19:43:04 +0000 Save of LDAP configuration failed with error 10000
2013-12-07 19:43:04 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2013-12-07 19:43:04 +0000 adding new entry "olcOverlay=unique,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=dynid,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=nestedgroup,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay={0}odusers,olcDatabase={-1}frontend,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={1}bdb,cn=config"
adding new entry "olcOverlay=syncprov,olcDatabase={2}bdb,cn=config"
2013-12-07 19:43:04 +0000 command: /usr/bin/ldapadd -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2013-12-07 19:43:04 +0000 adding new entry "cn={9}customSchema,cn=schema,cn=config"
2013-12-07 19:43:04 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2013-12-07 19:43:04 +0000 command: /usr/bin/ldapsearch -x -LLL -H ldapi://%2Fvar%2Frun%2Fldapi -b cn=config -s base olcServerID
2013-12-07 19:43:05 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2013-12-07 19:43:05 +0000 Configuring Kerberos server, realm is DIRECT.CALLUM3DWARDS.CO.UK
2013-12-07 19:43:05 +0000 command: /usr/sbin/kdcsetup -a diradmin -v 1 DIRECT.CALLUM3DWARDS.CO.UK
2013-12-07 19:43:09 +0000 Opening ldapi connection to the LDAP user data
Opening ldapi connection to the LDAP auth data
Creating KDC for OD Master
Creating Kerberos directory
Creating KDC Config File
Creating Kerberos ACL file
Adding KDC config data to the KerberosKDC config record
Adding KDC config data to the KerberosClient config record
Creating KDC database
Creating new random master key
Successfully created KDC for OD Master
2013-12-07 19:43:09 +0000 Updating user records and principals
2013-12-07 19:43:09 +0000 No ldap principal found in keytab, skipping rootDSE population
2013-12-07 19:43:09 +0000 command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2013-12-07 19:43:09 +0000 Stopping LDAP server (slapd)
2013-12-07 19:43:13 +0000 Starting LDAP server (slapd)
2013-12-07 19:43:13 +0000 slapd started
2013-12-07 19:43:14 +0000 Creating admin user
2013-12-07 19:43:20 +0000 Creating certificate authorities & hostname certificate
2013-12-07 19:43:22 +0000 Creating root CA with Callum Edwards Open Directory Certification Authority
2013-12-07 19:43:22 +0000 ***Error creating domain CA. Error - The specified item already exists in the keychain.
2013-12-07 19:43:22 +0000 Root CA creation failed with error - -25299
2013-12-07 19:43:22 +0000 Destroying OD master as CA creation failed with error 75
2013-12-07 19:43:22 +0000 Logging slapd container data to /var/run/slapconfig_error_1386445402
2013-12-07 19:43:22 +0000 Stopping LDAP server (slapd)
2013-12-07 19:43:27 +0000 command: /usr/sbin/slapcat -l /var/run/slapconfig_error_1386445402/user.ldif
2013-12-07 19:43:27 +0000 command: /usr/sbin/slapcat -b cn=authdata -l /var/run/slapconfig_error_1386445402/authdata.ldif
2013-12-07 19:43:27 +0000 CopyReplicaArray: ldap_search_ext_s failed
2013-12-07 19:43:27 +0000 Error retrieving replica array
2013-12-07 19:43:27 +0000 Deleting Cert Authority related data
2013-12-07 19:43:27 +0000 No intCAIdentity, not removing int CA from keychain
2013-12-07 19:43:27 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd.plist
2013-12-07 19:43:27 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertd-helper.plist
2013-12-07 19:43:27 +0000 command: /bin/launchctl unload -w /System/Library/LaunchDaemons/com.apple.xscertadmin.plist
2013-12-07 19:43:27 +0000 void _destroyLDAPServer(const char *): Failed to find computer record named direct.callum3dwards.co.uk$: 10000 Operation is not supported by the directory node.
2013-12-07 19:43:27 +0000 Updating ldapreplicas on primary master
2013-12-07 19:43:27 +0000 CopyLdapReplicas: Unable to create DSLDAPContainer: 77014 Can't contact LDAP server (-1)
2013-12-07 19:43:27 +0000 CopyPrimaryMaster: CopyLdapReplicas failed
2013-12-07 19:43:27 +0000 Unable to locate primary master
2013-12-07 19:43:27 +0000 Primary master node is nil!
2013-12-07 19:43:27 +0000 Unable to locate ldapreplicas record: 0 (null)
2013-12-07 19:43:27 +0000 Error setting read ldap replicas array: 0 (null)
2013-12-07 19:43:27 +0000 Error setting write ldap replicas array: 0 (null)
2013-12-07 19:43:27 +0000 ODRecord *_getODRecord(ODNode *, NSString *, NSString *, NSArray *): ODNodeRef parameter error
2013-12-07 19:43:27 +0000 int _removeReplicaFromConfigRecord(ODNode *, NSString *): ODRecord not found
2013-12-07 19:43:27 +0000 Error synchronizing ldapreplicas: 0 (null)
2013-12-07 19:43:27 +0000 Removing self from the database
2013-12-07 19:43:27 +0000 Warning: An error occurred while re-enabling GSSAPI.
2013-12-07 19:43:27 +0000 Stopping LDAP server (slapd)
2013-12-07 19:43:27 +0000 Stopping password server
2013-12-07 19:43:27 +0000 Removed all service principals from keytab for realm DIRECT.CALLUM3DWARDS.CO.UK
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/__db.001.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/__db.002.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/__db.003.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/__db.004.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/__db.005.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/__db.006.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/altSecurityIdentities.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/apple-config-realname.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/entryCSN.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/entryUUID.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/__db.001.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/__db.002.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/__db.003.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/__db.004.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/__db.005.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/__db.006.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/alock.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/authGUID.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/DB_CONFIG.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/dn2id.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/draft-krbPrincipalName.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/entryCSN.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/entryUUID.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/id2entry.bdb.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/log.0000000001.
2013-12-07 19:43:27 +0000 Removed file at path /var/db/openldap/authdata/objectClass.bdb.
2013-12-07 19:43:27 +0000 Removed directory at path /var/db/openldap/authdata.
2013-12-07 19:43:27 +0000 Removed file at path /etc/openldap/slapd_macosxserver.conf.
2013-12-07 19:43:27 +0000 Removed file at path /etc/openldap/slapd.conf.
2013-12-07 19:43:27 +0000 Removed file at path /etc/openldap/rootDSE.ldif.
2013-12-07 19:43:27 +0000 Removed directory at path /etc/openldap/slapd.d/cn=config.
2013-12-07 19:43:27 +0000 Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2013-12-07 19:43:27 +0000 Removed directory at path /etc/openldap/slapd.d.
2013-12-07 19:43:27 +0000 Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2013-12-07 19:43:27 +0000 Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2013-12-07 19:43:27 +0000 Removed directory at path /etc/openldap/slapd.d.backup.
2013-12-07 19:43:27 +0000 Stopping password server
2013-12-07 19:43:27 +0000 Removed file at path /Library/Preferences/com.apple.openldap.plist.
2013-12-07 19:43:27 +0000 Removed file at path /var/run/slapconfig.lock.
ive bolded what seems to be the problem:)
If I was an expert, you think I'd be hanging about in these forums?
I've never had issues setting up OD beyond two areas. The first is DNS which you said you have covered. The second, which has really only been an issue for me with Mavericks (and I gave up on that for other reasons), had to do with certificates. In my case, OD would only use the local self-signed cert and not my PositiveSSL-issued domain cert. I never got errors, the certificates management screen just kept reverting to the self-signed cert.
Are you trying to set up as a CA? If so, I never have so I'm not sure I can help much other than throw out ideas.
Have you checked the system keychain entries to see if there are old certs you can clean out?
If you've not already performed this test, launch Terminal.app and issue the following harmless diagnostic command:
sudo changeip -checkhostname
Also confirm that the domain being used is not a .local domain.
I'd also check the keychain, as you're correct; this sequence could well be the trigger:
2013-12-07 19:43:22 +0000 Creating root CA with Callum Edwards Open Directory Certification Authority
2013-12-07 19:43:22 +0000 ***Error creating domain CA. Error - The specified item already exists in the keychain.
The error code is a keychain duplicate error:
errKCDuplicateItem = -25299,
I'd look for an OD-related entry in the keychain, and remove it. There used to be a com.apple.opendirectory entry around (with the host name and ending in a $, on at least the older versions), but I don't have a 10.9 OD Server keychain handy to check that. Prior to making modifications, you can cp or otherwise back up the keychain file out of the way, and then test your changes.
ive deleted all keychain items related to the directory and the hostname is fine and im still getting the erorr 😕
Again, I'm kind of taking guesses here....did you delete Server.app and start over with the install after you deleted any keychain items associated with the domain/directory?
This will solve your problem.... it fixed it for me...
go to terminal and type in the following command..
sudo mkdir -m755 /var/db/openldap
then reboot your system... :-)
'servername' was succesfully configured as a directory server but an error occurred.
