Q: Open Directory Service not working since Server 3.2.1
Hello everybody,
Since I upgraded to OS X 10.9.5 and Server 3.2.1 the Password Server of OpenDirectory is producing Erros and dirserv is not starting up.
I also tried to restore via TimeMachine to OS X 10.9.4 and Server 3.1.2, Services where migrated but the OpenDirectory Service is not starting up.
But I am 100% sure it worked before the first update to 10.9.5 and Server.app 3.2.1.
I show u some Logs, maybe somebody has a idea how to fix it?
hydra:ProfileManager root# tail -f /var/log/system.log Sep 24 10:46:06 hydra.s-f.com PasswordService[5330]: -[PasswordServerPrefsObject saveXMLData]: ldap_modify_ext_s of the passwordserver config record's plist attribute: -1 Can't contact LDAP server Sep 24 10:46:07 hydra com.apple.launchd[1] (org.openldap.slapd[5326]): Exited with code: 1 Sep 24 10:46:07 hydra com.apple.launchd[1] (org.openldap.slapd): Throttling respawn: Will start in 7 seconds Sep 24 10:46:07 hydra.s-f.com PasswordService[5330]: int pwsf_GetPublicKey(char *): ldap_search_ext_s cn=authdata for Public Key returned -1 Sep 24 10:46:07 hydra com.apple.launchd[1] (com.apple.PasswordService[5330]): Exited with code: 1 Sep 24 10:46:07 hydra com.apple.launchd[1] (com.apple.PasswordService): Throttling respawn: Will start in 10 seconds Sep 24 10:46:12 hydra.s-f.com xscertd-helper[5340]: ldap_search_ext_s returned -1 - Can't contact LDAP server when searching for bdb suffix, exiting Sep 24 10:46:12 hydra com.apple.launchd[1] (com.apple.xscertd-helper[5340]): Exited with code: 1 Sep 24 10:46:12 hydra com.apple.launchd[1] (com.apple.xscertd-helper): Throttling respawn: Will start in 10 seconds Sep 24 10:46:13 hydra.s-f.com xscertd[206]: Failed sending LookupCRLByCARecordName command to com.apple.xscertd.helper: The operation couldn’t be completed. (com.apple.certificateserver error 42005.) Sep 24 10:46:14 hydra com.apple.launchd[1] (org.openldap.slapd[5346]): Exited with code: 1 Sep 24 10:46:14 hydra com.apple.launchd[1] (org.openldap.slapd): Throttling respawn: Will start in 10 seconds Sep 24 10:46:17 hydra.s-f.com PasswordService[5351]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server Sep 24 10:46:17 hydra.s-f.com PasswordService[5351]: -[PasswordServerPrefsObject loadXMLData]: Unable to locate passwordserver config record's plist attribute: -1 Can't contact LDAP server Sep 24 10:46:17 hydra.s-f.com PasswordService[5351]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server Sep 24 10:46:17 hydra.s-f.com PasswordService[5351]: -[PasswordServerPrefsObject saveXMLData]: ldap_modify_ext_s of the passwordserver config record's plist attribute: -1 Can't contact LDAP server Sep 24 10:46:17 hydra.s-f.com PasswordService[5351]: int pwsf_GetPublicKey(char *): ldap_search_ext_s cn=authdata for Public Key returned -1 Sep 24 10:46:17 hydra com.apple.launchd[1] (com.apple.PasswordService[5351]): Exited with code: 1 Sep 24 10:46:17 hydra com.apple.launchd[1] (com.apple.PasswordService): Throttling respawn: Will start in 10 seconds
hydra:PasswordService root# tail -f ApplePasswordServer.Error.log Sep 24 2014 10:58:33 36683us Server received error -1 during startup. Sep 24 2014 10:58:33 36787us Aborting Password Service. Sep 24 2014 10:58:42 146995us Server received error -1 during startup. Sep 24 2014 10:58:42 147074us Aborting Password Service. Sep 24 2014 10:58:52 271001us Server received error -1 during startup. Sep 24 2014 10:58:52 271109us Aborting Password Service. Sep 24 2014 10:59:02 401008us Server received error -1 during startup. Sep 24 2014 10:59:02 401085us Aborting Password Service. Sep 24 2014 10:59:12 529810us Server received error -1 during startup. Sep 24 2014 10:59:12 529888us Aborting Password Service.
hydra:PasswordService root# tail -f ApplePasswordServer.Server.log Sep 24 2014 11:00:44 20929us Starting UNIX domain socket listener /var/run/passwordserver Sep 24 2014 11:00:44 21674us CRunAppThread::StartUp: caught error -1. Sep 24 2014 11:00:44 21692us ** ERROR: The Server received an error during startup. See error log for details. Sep 24 2014 11:00:44 21713us RunAppThread::StartUp() returned: 4294967295 Sep 24 2014 11:00:44 21746us Stopping server processes ... Sep 24 2014 11:00:44 21757us Stopping Network Processes ... Sep 24 2014 11:00:44 21767us Deinitializing networking ... Sep 24 2014 11:00:44 21786us Server Processes Stopped ... Sep 24 2014 11:00:44 21797us RunAppThread Stopped Sep 24 2014 11:00:44 21818us Aborting Password Service. See error log. Sep 24 2014 11:00:54 85526us Mac OS X Password Service version 400.1 (pid = 6584) was started at: Wed Sep 24 11:00:54 2014 . Sep 24 2014 11:00:54 85641us RunAppThread Created Sep 24 2014 11:00:54 85904us RunAppThread Started Sep 24 2014 11:00:54 85929us Initializing Server Globals ... Sep 24 2014 11:00:54 92881us Initializing Networking ... Sep 24 2014 11:00:54 92951us Initializing TCP ... Sep 24 2014 11:00:55 414969us SASL is using realm "hydra.s-f.com" Sep 24 2014 11:00:55 415027us Starting Central Thread ... Sep 24 2014 11:00:55 415046us Starting other server processes ... Sep 24 2014 11:00:55 415058us StartCentralThreads: 1 threads to stop Sep 24 2014 11:00:55 415094us Initializing TCP ... Sep 24 2014 11:00:55 415146us Starting TCP/IP Listener on ethernet interface, port 106 Sep 24 2014 11:00:55 415273us Starting TCP/IP Listener on ethernet interface, port 3659 Sep 24 2014 11:00:55 415317us Starting TCP/IP Listener on interface lo0, port 106 Sep 24 2014 11:00:55 415360us Starting TCP/IP Listener on interface lo0, port 3659 Sep 24 2014 11:00:55 415404us StartCentralThreads: Created 4 TCP/IP Connection Listeners Sep 24 2014 11:00:55 415423us Starting UNIX domain socket listener /var/run/passwordserver Sep 24 2014 11:00:55 416104us CRunAppThread::StartUp: caught error -1. Sep 24 2014 11:00:55 416126us ** ERROR: The Server received an error during startup. See error log for details. Sep 24 2014 11:00:55 416152us RunAppThread::StartUp() returned: 4294967295 Sep 24 2014 11:00:55 416182us Stopping server processes ... Sep 24 2014 11:00:55 416193us Stopping Network Processes ... Sep 24 2014 11:00:55 416205us Deinitializing networking ... Sep 24 2014 11:00:55 416225us Server Processes Stopped ... Sep 24 2014 11:00:55 416237us RunAppThread Stopped Sep 24 2014 11:00:55 416258us Aborting Password Service. See error log.
hydra:PasswordService root# tail -n 100 /var/log/opendirectoryd.log 2014-09-24 10:00:48.979173 CEST - opendirectoryd (build 339.102.1) launched... 2014-09-24 10:00:49.340572 CEST - Logging level limit changed to 'error' 2014-09-24 10:00:54.943976 CEST - Initialize trigger support 2014-09-24 10:00:54.947086 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/SystemCache.bundle' 2014-09-24 10:00:55.542745 CEST - Registered node with name '/Active Directory' as hidden 2014-09-24 10:00:55.543076 CEST - Registered node with name '/Configure' as hidden 2014-09-24 10:00:55.543498 CEST - Discovered configuration for node name '/Contacts' at path '/Library/Preferences/OpenDirectory/Configurations//Contacts.plist' 2014-09-24 10:00:55.543512 CEST - Registered node with name '/Contacts' 2014-09-24 10:00:55.543760 CEST - Registered node with name '/LDAPv3' as hidden 2014-09-24 10:00:55.545861 CEST - Registered node with name '/Local' as hidden 2014-09-24 10:00:55.547043 CEST - Registered node with name '/NIS' as hidden 2014-09-24 10:00:55.547441 CEST - Discovered configuration for node name '/Search' at path '/Library/Preferences/OpenDirectory/Configurations//Search.plist' 2014-09-24 10:00:55.547455 CEST - Registered node with name '/Search' 2014-09-24 10:00:55.548416 CEST - Discovered configuration for node name '/Active Directory/COMMARCO' at path '/Library/Preferences/OpenDirectory/Configurations/Active Directory/COMMARCO.plist' 2014-09-24 10:00:55.548473 CEST - Registered subnode with name '/Active Directory/COMMARCO' 2014-09-24 10:00:55.548526 CEST - Registered placeholder subnode with name '/Active Directory/COMMARCO/All Domains' 2014-09-24 10:00:55.549007 CEST - Discovered configuration for node name '/LDAPv3/127.0.0.1' at path '/Library/Preferences/OpenDirectory/Configurations/LDAPv3/127.0.0.1.plist' 2014-09-24 10:00:55.549023 CEST - Registered subnode with name '/LDAPv3/127.0.0.1' 2014-09-24 10:00:55.550412 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/legacy.bundle' 2014-09-24 10:00:55.552421 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/search.bundle' 2014-09-24 10:00:55.555679 CEST - '/Search' has registered, loading additional services 2014-09-24 10:00:55.555690 CEST - Initialize augmentation support 2014-09-24 10:00:55.559214 CEST - Successfully registered for Kernel identity service requests 2014-09-24 10:00:55.559224 CEST - Adjusting kernel ID cache (100 -> 250) and membership cache (100 -> 500) 2014-09-24 10:00:55.572834 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/PlistFile.bundle' 2014-09-24 10:00:55.597615 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/FDESupport.bundle' 2014-09-24 10:00:55.600809 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleID.bundle' 2014-09-24 10:00:55.694171 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ConfigurationProfiles.bundle' 2014-09-24 10:00:55.699276 CEST - Registered subnode with name '/Local/Default' 2014-09-24 10:00:55.705314 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ldap.bundle' 2014-09-24 10:00:55.717692 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClientLDAP.bundle' 2014-09-24 10:00:55.719501 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClientPWS.bundle' 2014-09-24 10:00:55.784459 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ActiveDirectory.bundle' 2014-09-24 10:00:55.796659 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/Kerberosv5.bundle' 2014-09-24 10:00:55.802781 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/NetLogon.bundle' 2014-09-24 10:00:55.803744 CEST - Registered subnode with name '/Active Directory/COMMARCO/commarco.com' as hidden 2014-09-24 10:00:55.804502 CEST - Registered subnode with name '/Active Directory/COMMARCO/All Domains' 2014-09-24 10:00:55.804762 CEST - Registered subnode with name '/Active Directory/COMMARCO/Global Catalog' as hidden 2014-09-24 10:02:06.485102 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/configure.bundle' 2014-09-24 10:02:06.487212 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/keychain.bundle'
I think because of this issue I cant enroll new devices in ProfileManager.
Posted on Sep 24, 2014 2:06 AM
Do you have an OpenDirectory archive available? An export of your OpenDirectory stored on a backup?
Timemachine does create an archive but it is rather hard to get to.
You need to use the terminal to get a hidden folder inside your timemachine backup: timemachinefolder/timestamp/yourserverhdname/var/backups/ which contains your OpenDirectory archive. Copy that to your desktop for instance. When you use that to restore from there is a good chance authentication will start to work. Enable OpenDirectory if needed or destroy the current one using:
sudo slapconfig -destroyldapserver
set it up as new and it will ask to restore from an archive.
Goodluck!
Jeffrey
Posted on Sep 24, 2014 8:55 AM


