Open Directory Service not working since Server 3.2.1

Question

Level 1

51 points

Open Directory Service not working since Server 3.2.1

Hello everybody,

Since I upgraded to OS X 10.9.5 and Server 3.2.1 the Password Server of OpenDirectory is producing Erros and dirserv is not starting up.

I also tried to restore via TimeMachine to OS X 10.9.4 and Server 3.1.2, Services where migrated but the OpenDirectory Service is not starting up.

But I am 100% sure it worked before the first update to 10.9.5 and Server.app 3.2.1.

I show u some Logs, maybe somebody has a idea how to fix it?

hydra:ProfileManager root# tail -f /var/log/system.log
Sep 24 10:46:06 hydra.s-f.com PasswordService[5330]: -[PasswordServerPrefsObject saveXMLData]: ldap_modify_ext_s of the passwordserver config record's plist attribute: -1 Can't contact LDAP server
Sep 24 10:46:07 hydra com.apple.launchd[1] (org.openldap.slapd[5326]): Exited with code: 1
Sep 24 10:46:07 hydra com.apple.launchd[1] (org.openldap.slapd): Throttling respawn: Will start in 7 seconds
Sep 24 10:46:07 hydra.s-f.com PasswordService[5330]: int pwsf_GetPublicKey(char *): ldap_search_ext_s cn=authdata for Public Key returned -1
Sep 24 10:46:07 hydra com.apple.launchd[1] (com.apple.PasswordService[5330]): Exited with code: 1
Sep 24 10:46:07 hydra com.apple.launchd[1] (com.apple.PasswordService): Throttling respawn: Will start in 10 seconds
Sep 24 10:46:12 hydra.s-f.com xscertd-helper[5340]: ldap_search_ext_s returned -1 - Can't contact LDAP server when searching for bdb suffix, exiting
Sep 24 10:46:12 hydra com.apple.launchd[1] (com.apple.xscertd-helper[5340]): Exited with code: 1
Sep 24 10:46:12 hydra com.apple.launchd[1] (com.apple.xscertd-helper): Throttling respawn: Will start in 10 seconds
Sep 24 10:46:13 hydra.s-f.com xscertd[206]: Failed sending LookupCRLByCARecordName command to com.apple.xscertd.helper: The operation couldn’t be completed. (com.apple.certificateserver error 42005.)
Sep 24 10:46:14 hydra com.apple.launchd[1] (org.openldap.slapd[5346]): Exited with code: 1
Sep 24 10:46:14 hydra com.apple.launchd[1] (org.openldap.slapd): Throttling respawn: Will start in 10 seconds
Sep 24 10:46:17 hydra.s-f.com PasswordService[5351]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
Sep 24 10:46:17 hydra.s-f.com PasswordService[5351]: -[PasswordServerPrefsObject loadXMLData]: Unable to locate passwordserver config record's plist attribute: -1 Can't contact LDAP server
Sep 24 10:46:17 hydra.s-f.com PasswordService[5351]: -[PasswordServerPrefsObject getSearchBase]: Unable to locate search base: -1 Can't contact LDAP server
Sep 24 10:46:17 hydra.s-f.com PasswordService[5351]: -[PasswordServerPrefsObject saveXMLData]: ldap_modify_ext_s of the passwordserver config record's plist attribute: -1 Can't contact LDAP server
Sep 24 10:46:17 hydra.s-f.com PasswordService[5351]: int pwsf_GetPublicKey(char *): ldap_search_ext_s cn=authdata for Public Key returned -1
Sep 24 10:46:17 hydra com.apple.launchd[1] (com.apple.PasswordService[5351]): Exited with code: 1
Sep 24 10:46:17 hydra com.apple.launchd[1] (com.apple.PasswordService): Throttling respawn: Will start in 10 seconds

hydra:PasswordService root# tail -f ApplePasswordServer.Error.log
Sep 24 2014 10:58:33 36683us    Server received error -1 during startup.
Sep 24 2014 10:58:33 36787us    Aborting Password Service.
Sep 24 2014 10:58:42 146995us    Server received error -1 during startup.
Sep 24 2014 10:58:42 147074us    Aborting Password Service.
Sep 24 2014 10:58:52 271001us    Server received error -1 during startup.
Sep 24 2014 10:58:52 271109us    Aborting Password Service.
Sep 24 2014 10:59:02 401008us    Server received error -1 during startup.
Sep 24 2014 10:59:02 401085us    Aborting Password Service.
Sep 24 2014 10:59:12 529810us    Server received error -1 during startup.
Sep 24 2014 10:59:12 529888us    Aborting Password Service.

hydra:PasswordService root# tail -f ApplePasswordServer.Server.log
Sep 24 2014 11:00:44 20929us    Starting UNIX domain socket listener /var/run/passwordserver
Sep 24 2014 11:00:44 21674us    CRunAppThread::StartUp: caught error -1.
Sep 24 2014 11:00:44 21692us    ** ERROR: The Server received an error during startup.  See error log for details.
Sep 24 2014 11:00:44 21713us    RunAppThread::StartUp() returned: 4294967295
Sep 24 2014 11:00:44 21746us    Stopping server processes ...
Sep 24 2014 11:00:44 21757us    Stopping Network Processes ...
Sep 24 2014 11:00:44 21767us    Deinitializing networking ...
Sep 24 2014 11:00:44 21786us    Server Processes Stopped ...
Sep 24 2014 11:00:44 21797us    RunAppThread Stopped
Sep 24 2014 11:00:44 21818us    Aborting Password Service.  See error log.
Sep 24 2014 11:00:54 85526us    Mac OS X Password Service version 400.1 (pid = 6584) was started at: Wed Sep 24 11:00:54 2014
.
Sep 24 2014 11:00:54 85641us    RunAppThread Created
Sep 24 2014 11:00:54 85904us    RunAppThread Started
Sep 24 2014 11:00:54 85929us    Initializing Server Globals ...
Sep 24 2014 11:00:54 92881us    Initializing Networking ...
Sep 24 2014 11:00:54 92951us    Initializing TCP ...
Sep 24 2014 11:00:55 414969us    SASL is using realm "hydra.s-f.com"
Sep 24 2014 11:00:55 415027us    Starting Central Thread ...
Sep 24 2014 11:00:55 415046us    Starting other server processes ...
Sep 24 2014 11:00:55 415058us    StartCentralThreads: 1 threads to stop
Sep 24 2014 11:00:55 415094us    Initializing TCP ...
Sep 24 2014 11:00:55 415146us    Starting TCP/IP Listener on ethernet interface, port 106
Sep 24 2014 11:00:55 415273us    Starting TCP/IP Listener on ethernet interface, port 3659
Sep 24 2014 11:00:55 415317us    Starting TCP/IP Listener on interface lo0, port 106
Sep 24 2014 11:00:55 415360us    Starting TCP/IP Listener on interface lo0, port 3659
Sep 24 2014 11:00:55 415404us    StartCentralThreads: Created 4 TCP/IP Connection Listeners
Sep 24 2014 11:00:55 415423us    Starting UNIX domain socket listener /var/run/passwordserver
Sep 24 2014 11:00:55 416104us    CRunAppThread::StartUp: caught error -1.
Sep 24 2014 11:00:55 416126us    ** ERROR: The Server received an error during startup.  See error log for details.
Sep 24 2014 11:00:55 416152us    RunAppThread::StartUp() returned: 4294967295
Sep 24 2014 11:00:55 416182us    Stopping server processes ...
Sep 24 2014 11:00:55 416193us    Stopping Network Processes ...
Sep 24 2014 11:00:55 416205us    Deinitializing networking ...
Sep 24 2014 11:00:55 416225us    Server Processes Stopped ...
Sep 24 2014 11:00:55 416237us    RunAppThread Stopped
Sep 24 2014 11:00:55 416258us    Aborting Password Service.  See error log.

hydra:PasswordService root# tail -n 100 /var/log/opendirectoryd.log
2014-09-24 10:00:48.979173 CEST - opendirectoryd (build 339.102.1) launched...
2014-09-24 10:00:49.340572 CEST - Logging level limit changed to 'error'
2014-09-24 10:00:54.943976 CEST - Initialize trigger support
2014-09-24 10:00:54.947086 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/SystemCache.bundle'
2014-09-24 10:00:55.542745 CEST - Registered node with name '/Active Directory' as hidden
2014-09-24 10:00:55.543076 CEST - Registered node with name '/Configure' as hidden
2014-09-24 10:00:55.543498 CEST - Discovered configuration for node name '/Contacts' at path '/Library/Preferences/OpenDirectory/Configurations//Contacts.plist'
2014-09-24 10:00:55.543512 CEST - Registered node with name '/Contacts'
2014-09-24 10:00:55.543760 CEST - Registered node with name '/LDAPv3' as hidden
2014-09-24 10:00:55.545861 CEST - Registered node with name '/Local' as hidden
2014-09-24 10:00:55.547043 CEST - Registered node with name '/NIS' as hidden
2014-09-24 10:00:55.547441 CEST - Discovered configuration for node name '/Search' at path '/Library/Preferences/OpenDirectory/Configurations//Search.plist'
2014-09-24 10:00:55.547455 CEST - Registered node with name '/Search'
2014-09-24 10:00:55.548416 CEST - Discovered configuration for node name '/Active Directory/COMMARCO' at path '/Library/Preferences/OpenDirectory/Configurations/Active Directory/COMMARCO.plist'
2014-09-24 10:00:55.548473 CEST - Registered subnode with name '/Active Directory/COMMARCO'
2014-09-24 10:00:55.548526 CEST - Registered placeholder subnode with name '/Active Directory/COMMARCO/All Domains'
2014-09-24 10:00:55.549007 CEST - Discovered configuration for node name '/LDAPv3/127.0.0.1' at path '/Library/Preferences/OpenDirectory/Configurations/LDAPv3/127.0.0.1.plist'
2014-09-24 10:00:55.549023 CEST - Registered subnode with name '/LDAPv3/127.0.0.1'
2014-09-24 10:00:55.550412 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/legacy.bundle'
2014-09-24 10:00:55.552421 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/search.bundle'
2014-09-24 10:00:55.555679 CEST - '/Search' has registered, loading additional services
2014-09-24 10:00:55.555690 CEST - Initialize augmentation support
2014-09-24 10:00:55.559214 CEST - Successfully registered for Kernel identity service requests
2014-09-24 10:00:55.559224 CEST - Adjusting kernel ID cache (100 -> 250) and membership cache (100 -> 500)
2014-09-24 10:00:55.572834 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/PlistFile.bundle'
2014-09-24 10:00:55.597615 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/FDESupport.bundle'
2014-09-24 10:00:55.600809 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleID.bundle'
2014-09-24 10:00:55.694171 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ConfigurationProfiles.bundle'
2014-09-24 10:00:55.699276 CEST - Registered subnode with name '/Local/Default'
2014-09-24 10:00:55.705314 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ldap.bundle'
2014-09-24 10:00:55.717692 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClientLDAP.bundle'
2014-09-24 10:00:55.719501 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClientPWS.bundle'
2014-09-24 10:00:55.784459 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ActiveDirectory.bundle'
2014-09-24 10:00:55.796659 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/Kerberosv5.bundle'
2014-09-24 10:00:55.802781 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/NetLogon.bundle'
2014-09-24 10:00:55.803744 CEST - Registered subnode with name '/Active Directory/COMMARCO/commarco.com' as hidden
2014-09-24 10:00:55.804502 CEST - Registered subnode with name '/Active Directory/COMMARCO/All Domains'
2014-09-24 10:00:55.804762 CEST - Registered subnode with name '/Active Directory/COMMARCO/Global Catalog' as hidden
2014-09-24 10:02:06.485102 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/configure.bundle'
2014-09-24 10:02:06.487212 CEST - Loaded bundle at path '/System/Library/OpenDirectory/Modules/keychain.bundle'

I think because of this issue I cant enroll new devices in ProfileManager.

Posted on Sep 24, 2014 2:06 AM

Reply

Answer 1

Patrick Fist Author

Level 1

51 points

Sep 24, 2014 6:51 AM in response to Patrick Fist

One more output:

sh-3.2# serveradmin start dirserv
2014-09-24 15:39:32.394 serveradmin[1892:507] servermgr_dirserv: received request to start the Directory Server
2014-09-24 15:39:32.423 serveradmin[1892:507] servermgr_dirserv: starting Directory Server deamons
2014-09-24 15:40:02.443 serveradmin[1892:507] servermgr_dirserv: Did not receive slapd startup notificaton
2014-09-24 15:40:02.504 serveradmin[1892:507] servermgr_dirserv: binding to ourselves
2014-09-24 15:40:02.656 serveradmin[1892:507] servermgr_dirserv: an error occurred when starting the Directory Server: Unable to bind to 127.0.0.1: Error: Connection failed to the directory server. (2100)
dirserv:error = "Unable to bind to 127.0.0.1: Error: Connection failed to the directory server. (2100)\n"
sh-3.2#

Reply

Answer 2

jepping

Level 3

785 points

Sep 24, 2014 8:55 AM in response to Patrick Fist

Do you have an OpenDirectory archive available? An export of your OpenDirectory stored on a backup?

Timemachine does create an archive but it is rather hard to get to.

You need to use the terminal to get a hidden folder inside your timemachine backup: timemachinefolder/timestamp/yourserverhdname/var/backups/ which contains your OpenDirectory archive. Copy that to your desktop for instance. When you use that to restore from there is a good chance authentication will start to work. Enable OpenDirectory if needed or destroy the current one using:

sudo slapconfig -destroyldapserver

set it up as new and it will ask to restore from an archive.

Goodluck!

Jeffrey

Reply

Answer 3

Patrick Fist Author

Level 1

51 points

Sep 24, 2014 10:00 AM in response to jepping

For everyone else, how to restore the backup:

sh-3.2# slapconfig -restoredb /Users/admin/Desktop/ServerBackup_OpenDirectoryMaster.sparseimage

Of course you have to set your path to the backup image.

Reply

Answer 4

Sep 26, 2014 6:44 AM in response to Patrick Fist

Hi Patrick,

Not too good on the Mac side of things - when i try to run this command it asks for the slapconfig to be run by root.

How do i go about doing that?

Cheers,

Ste

Reply

Answer 5

Patrick Fist Author

Level 1

51 points

Sep 26, 2014 7:23 AM in response to Ste twcnhsft

Hi Ste tecnhsft,

put sudo in front

sudo slapconfig -restoredb $Path

best

Reply

Answer 6

snezak

Level 1

17 points

Dec 6, 2014 10:05 AM in response to jepping

Is it possible that my timemachine did not backup the AD conf. to the folder you listed? I thing i have the exact same issue being resolved here (except that i on SErver 4 and Mac OS X Yosemite), but can't find backup in the --/var/backup folder 😟 ?

Reply

Answer 7

snezak

Level 1

17 points

Dec 7, 2014 12:08 AM in response to snezak

Just to clarify - this is where i get to and after somehow right-clicking and opening this red-marked folder, the contents are seemingly empty 😟

However I tried drag-dropping the folder to the field where you browse for backup and it found contents as it requested passowrd for archive. I input it but then get this:

And If I want to create one, I get the "Invalid hostname" error and can not continue 😟

What now? 😟

Reply

Answer 8

jepping

Level 3

785 points

Dec 7, 2014 5:54 AM in response to snezak

Hi,

The backup has been created, even under Yosemite OSX Server.

This is the path I followed with the Terminal.app, you need to use sudo to view this folder:

cd /Volumes/TimeMachineBU/Backups.backupdb/macserver/2014-12-07-141007/ServerHD/pr ivate/var/backups

Your timemachine backup will be called differently, just follow the path in the Finder as far as you can, then drop that folder in the Terminal with cd in front of it.

Then type ls and inside the /var/backups/ there is a: ServerBackup_OpenDirectoryMaster.sparseimage present, yeah!

You need to copy that sparseimage to your desktop like so, otherwise you won't be able to select it:

cp ServerBackup_OpenDirectoryMaster.sparseimage ~/Desktop/

Then destroy OpenDirectory if needed and point the restore/import from to this version on your desktop.

Reply

Answer 9

snezak

Level 1

17 points

Dec 7, 2014 5:56 AM in response to jepping

Thank you!

Reply

Answer 10

snezak

Level 1

17 points

Dec 7, 2014 8:50 AM in response to jepping

I've done everything and i can connect to server and shares on it without problem.

HOWEVER - I restarted both client and server to see things fresh, and now I DO NOT see server in my client's sidebar no more. I can user CMD+K and mount server shares, but invisible otherwise.

What should I do?! Why had this happened now? 😟 I also still get the following message wanting to login join server at startup:

Reply