Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: 2jan
2jan Author
User level: Level 1
0 points

Open Directory: "Unable to load replica list"

I'm currently running Mavericks Server 3.1 on my Mac Mini at the home network. I had some issues with the client logins and went for local accounts on the clients instead. Today I finally wanted to fix the problem and go all Open Directory. But the Open Directory service was shut off when I opened the server software. I tried to turn it on but got a message saying "Unable to load replica list". I updated the software to the latest 3.1 but are still having the same issue. I never had any replica list, I only had a standard one from the start, but it seems I can't do anyhing there now.


LDAP log:

Mar 21 22:48:38 xxYY.com slapd[172]: @(#) $OpenLDAP: slapd 2.4.28 (Nov 12 2013 12:02:47) $

root@hikkaduwa.apple.com:/private/var/tmp/OpenLDAP/OpenLDAP-491.1~1/servers/slapd

Mar 21 22:48:38 xxYY.com.com slapd[172]: daemon: SLAP_SOCK_INIT: dtblsize=8192

Mar 21 22:48:39 xxYY.com.com slapd[172]: TLS: found identity in keychain using identity preference.

Mar 21 22:48:42 xxYY.com.com slapd[172]: slap_add_listener: opened additional listener 'ldaps:///'

Mar 21 22:48:42 xxYY.com.com slapd[172]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable

Mar 21 22:48:44 xxYY.com.com slapd[172]: slapd starting

Mar 21 22:48:44 xxYY.com.com slapd[172]: daemon: posting com.apple.slapd.startup notification

Mar 21 22:48:54 xxYY.com.com slapd[172]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

Mar 21 22:48:54 xxYY.com.com slapd[172]: conn=1022 op=3: attribute "entryCSN" index delete failure

Mar 21 22:50:02 xxYY.com.com slapd[172]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)

Mar 21 22:50:02 xxYY.com.com slapd[172]: conn=1042 op=3: attribute "entryCSN" index delete failure


I don't understand any of this other than the obvious failure words. Can anyone understand this and help me here?

OS X Server

Posted on Mar 21, 2014 3:11 PM

Reply
11 replies
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,547 points

Mar 21, 2014 6:53 PM in response to 2jan

This procedure is a diagnostic test. It makes no changes to your data. If you have more than one user account, you must be logged in as an administrator to carry out these instructions.


Please triple-click anywhere in the line below on this page to select it:

sudo /usr/libexec/slapd -Tt | pbcopy


Copy the selected text to the Clipboard by pressing the key combination command-C.

Launch the built-in Terminal application in any of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.


Paste into the Terminal window by pressing the key combination command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. You'll be prompted for your login password. Nothing will be displayed when you type it. If you don’t have a login password, you’ll need to set one before you can run the command. You may get a one-time warning to be careful. Confirm. You don't need to post the warning.

If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator. Log in as one and start over.

Wait for a new line ending in a dollar sign ($) to appear below what you entered.

The output of the command will be automatically copied to the Clipboard. If the command produced no output, the Clipboard will be empty. Paste into a reply to this message.

The Terminal window doesn't show the output. Please don't copy anything from there.

Reply
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,547 points

Mar 23, 2014 6:40 AM in response to 2jan

Many Open Directory problems can be resolved by taking the following steps.

1. The OD master must have a manually-assigned IP address on the local network, not a dynamic address.

2. The primary DNS server used by the master must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.

3. Verify that the master's hostname matches its domain name by running the shell command

sudo changeip -checkhostname

4. Follow these instructions to rebuild the Kerberos configuration on the master.

5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases.

6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.

7. Reboot the master and the clients.

8. Don't log in to the server with a network user's account.

9. Export all OD users, delete them, turn off OD, turn it back on, and import. Ensure that the UID's are in the 1001+ range.

Reply
User profile for user: paradoxgrowth
paradoxgrowth
User level: Level 1
5 points

Sep 2, 2014 9:00 PM in response to Linc Davis

Hello I seem to have this problem often. Here is the output:


The names match. There is nothing to change.

dirserv:success = "success"

persinger:~ $ sudo touch /var/db/openldap/migration/.rekerberize

touch: /var/db/openldap/migration/.rekerberize: No such file or directory

persinger:~ $ sudo /usr/libexec/slapd -Tt | pbcopy

54068f7b bdb(dc=xxxxxx,dc=xxxxx,dc=xxxxxx): file id2entry.bdb has LSN 1/2036906, past end of log at 1/1528318

54068f7b bdb(dc=xxxxxx,dc=xxxxx,dc=xxxxxx): Commonly caused by moving a database from one database environment

54068f7b bdb(dc=xxxxxx,dc=xxxxx,dc=xxxxxx): to another without clearing the database LSNs, or by removing all of

54068f7b bdb(dc=xxxxxx,dc=xxxxx,dc=xxxxxx): the log files from a database environment

54068f7b bdb(dc=xxxxxx,dc=xxxxx,dc=xxxxxx): /var/db/openldap/openldap-data/id2entry.bdb: unexpected file type or format

54068f7b bdb_db_open: database "dc=xxxxx,dc=xxxx,dc=xxx": db_open(/var/db/openldap/openldap-data/id2entry.bdb) failed: Invalid argument (22).

54068f7b backend_startup_one (type=xxxxx, suffix="dc=xxxxx,dc=xxxx,dc=xxxx"): bi_db_open failed! (22)

slap_startup failed (test would succeed using the -u switch)

Reply
User profile for user: essandess
essandess
User level: Level 1
41 points

Dec 9, 2014 10:22 AM in response to paradoxgrowth

Me too. Had to power cycle after a stalled shutdown, now OD fails. Hostname and DNS are all solid. I've tried all the rekerberization steps above. Any progress on solving this? The solutions offered on these pages don't fix this problem:


OS X Server (Mavericks): After upgrading or migrating, network user cannot be created - Apple Support

http://apple.stackexchange.com/questions/79141/how-to-fix-failing-open-directory -database-cn-authdata-cannot-be-opened-err

Open directory unable to start up after crash


I've also tried fixing Disks and Permissions with reboots.


I'm about to wipe away this server with a nightly Carbon Copy Cloner clone. I'd prefer a way to fix the server, rather than erasing it with a backup.


$ sudo /usr/libexec/slapd -Tt | pbcopy

01234bdb bdb(dc=server,dc=domain,dc=com): file id2entry.bdb has LSN 2/8257161, past end of log at 2/7972882

01234bdb bdb(dc=server,dc=domain,dc=com): Commonly caused by moving a database from one database environment

01234bdb bdb(dc=server,dc=domain,dc=com): to another without clearing the database LSNs, or by removing all of

01234bdb bdb(dc=server,dc=domain,dc=com): the log files from a database environment

01234bdb bdb(dc=server,dc=domain,dc=com): /var/db/openldap/openldap-data/id2entry.bdb: unexpected file type or format

01234bdb bdb_db_open: database "dc=server,dc=domain,dc=com": db_open(/var/db/openldap/openldap-data/id2entry.bdb) failed: Invalid argument (22).

01234bdb backend_startup_one (type=bdb, suffix="dc=server,dc=domain,dc=com"): bi_db_open failed! (22)

slap_startup failed (test would succeed using the -u switch)

Reply
User profile for user: essandess
essandess
User level: Level 1
41 points

Dec 9, 2014 3:36 PM in response to 2jan

I was able to restore OD with the automatic OD backup that Server.app makes. Whenever my OD fails to start after a crash and db_recover commands don't work, it's always worked for me to restore the odmaster from a backupusing the command:


sudo slapconfig -restoredb /private/var/backups/ServerBackup_OpenDirectoryMaster.sparseimage


I'm careful to keep an independent OD backup with Carbon Copy Cloner and this preflight script.


You can also grab an earlier version of the sparse image ServerBackup_OpenDirectoryMaster.sparseimage from a Time Machine backup. It's also possible to rsync the database files directory from a Time Machine backup.

Reply

Open Directory: "Unable to load replica list"

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up