Q: Open Directory: "Unable to load replica list"
I'm currently running Mavericks Server 3.1 on my Mac Mini at the home network. I had some issues with the client logins and went for local accounts on the clients instead. Today I finally wanted to fix the problem and go all Open Directory. But the Open Directory service was shut off when I opened the server software. I tried to turn it on but got a message saying "Unable to load replica list". I updated the software to the latest 3.1 but are still having the same issue. I never had any replica list, I only had a standard one from the start, but it seems I can't do anyhing there now.
LDAP log:
Mar 21 22:48:38 xxYY.com slapd[172]: @(#) $OpenLDAP: slapd 2.4.28 (Nov 12 2013 12:02:47) $
root@hikkaduwa.apple.com:/private/var/tmp/OpenLDAP/OpenLDAP-491.1~1/servers/slapd
Mar 21 22:48:38 xxYY.com.com slapd[172]: daemon: SLAP_SOCK_INIT: dtblsize=8192
Mar 21 22:48:39 xxYY.com.com slapd[172]: TLS: found identity in keychain using identity preference.
Mar 21 22:48:42 xxYY.com.com slapd[172]: slap_add_listener: opened additional listener 'ldaps:///'
Mar 21 22:48:42 xxYY.com.com slapd[172]: bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
Mar 21 22:48:44 xxYY.com.com slapd[172]: slapd starting
Mar 21 22:48:44 xxYY.com.com slapd[172]: daemon: posting com.apple.slapd.startup notification
Mar 21 22:48:54 xxYY.com.com slapd[172]: => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Mar 21 22:48:54 xxYY.com.com slapd[172]: conn=1022 op=3: attribute "entryCSN" index delete failure
Mar 21 22:50:02 xxYY.com.com slapd[172]: => bdb_idl_delete_key: c_get failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994)
Mar 21 22:50:02 xxYY.com.com slapd[172]: conn=1042 op=3: attribute "entryCSN" index delete failure
I don't understand any of this other than the obvious failure words. Can anyone understand this and help me here?
OS X Server
Posted on Mar 21, 2014 3:11 PM
Many Open Directory problems can be resolved by taking the following steps.
1. The OD master must have a manually-assigned IP address on the local network, not a dynamic address.
2. The primary DNS server used by the master must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.
3. Verify that the master's hostname matches its domain name by running the shell command
sudo changeip -checkhostname
4. Follow these instructions to rebuild the Kerberos configuration on the master.
5. If you use authenticated binding, check the validity of the master's certificate. The common name must match the hostname and domain name. Deselecting and then reselecting the certificate in Server.app has been reported to have an effect in some cases.
6. Unbind and then rebind the clients in the Users & Groups preference pane. Use the fully-qualified domain name of the master.
7. Reboot the master and the clients.
8. Don't log in to the server with a network user's account.
9. Export all OD users, delete them, turn off OD, turn it back on, and import. Ensure that the UID's are in the 1001+ range.
Posted on Mar 23, 2014 6:40 AM