Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: stephan (Germany)
stephan (Germany) Author
User level: Level 1
13 points

After Updating to Server 4.1 Open directory and LPAD gone

Hello,


two days ago I discovered that Open directory was not working on our Server (Mac Mini 2012). I suspect it stopped working after updating to 10.10.3 and OS-X Server 4.1. When I try to start Open directory in the Server App the Server App prompts: Unable to load Replica List. When I try to recreate my Open directory Server I Get: OD Server already exists.


I get the following log entries:


LDAP Log


Apr 11 22:03:02 server.seju.eu slapd[925]: @(#) $OpenLDAP: slapd 2.4.28 (Feb 24 2015 21:45:59) $


root@osx202.apple.com:/BinaryCache/OpenLDAP/OpenLDAP-499.32.4~1/Objects/servers/slapd

Apr 11 22:03:02 server.seju.eu slapd[925]: daemon: SLAP_SOCK_INIT: dtblsize=8192

Apr 11 22:03:02 server.seju.eu slapd[925]: TLS: OPENDIRECTORY_SSL_IDENTITY identity preference overrode configured olcTLSIdentity "APPLE:server.seju.eu"

Apr 11 22:03:02 server.seju.eu slapd[925]: slap_add_listener: opened additional listener 'ldaps:///'

Apr 11 22:03:02 server.seju.eu slapd[925]: bdb(dc=server,dc=seju,dc=eu): unable to allocate memory for mutex; resize mutex region

Apr 11 22:03:02 server.seju.eu slapd[925]: bdb_db_open: database "dc=server,dc=seju,dc=eu" cannot be opened, err 12. Restore from backup!

Apr 11 22:03:02 server.seju.eu slapd[925]: bdb(dc=server,dc=seju,dc=eu): txn_checkpoint interface requires an environment configured for the transaction subsystem

Apr 11 22:03:02 server.seju.eu slapd[925]: bdb_db_close: database "dc=server,dc=seju,dc=eu": txn_checkpoint failed: Invalid argument (22).

Apr 11 22:03:02 server.seju.eu slapd[925]: backend_startup_one (type=bdb, suffix="dc=server,dc=seju,dc=eu"): bi_db_open failed! (12)

Apr 11 22:03:02 server.seju.eu slapd[925]: bdb_db_close: database "dc=server,dc=seju,dc=eu": alock_close failed

Apr 11 22:03:02 server.seju.eu slapd[925]: slapd stopped.




Open Directory Log


2015-04-11 21:57:10.624284 CEST - AID: 0x0000000000000000 - opendirectoryd (build 382.20.2) launched...

2015-04-11 21:57:10.752590 CEST - AID: 0x0000000000000000 - Logging level limit changed to 'error'

2015-04-11 21:57:10.916732 CEST - AID: 0x0000000000000000 - Initialize trigger support

2015-04-11 21:57:10.951833 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/SystemCache.bundle'

2015-04-11 21:57:10.958469 CEST - AID: 0x0000000000000000 - Module: SystemCache - failed to load persistent state - Input/output error

2015-04-11 21:57:10.962533 CEST - AID: 0x0000000000000000 - Registered node with name '/Active Directory' as hidden

2015-04-11 21:57:10.962833 CEST - AID: 0x0000000000000000 - Registered node with name '/Configure' as hidden

2015-04-11 21:57:10.963182 CEST - AID: 0x0000000000000000 - Discovered configuration for node name '/Contacts' at path '/Library/Preferences/OpenDirectory/Configurations//Contacts.plist'

2015-04-11 21:57:10.963194 CEST - AID: 0x0000000000000000 - Registered node with name '/Contacts'

2015-04-11 21:57:10.963438 CEST - AID: 0x0000000000000000 - Registered node with name '/LDAPv3' as hidden

2015-04-11 21:57:10.966901 CEST - AID: 0x0000000000000000 - Registered node with name '/Local' as hidden

2015-04-11 21:57:10.968600 CEST - AID: 0x0000000000000000 - Registered node with name '/NIS' as hidden

2015-04-11 21:57:11.031990 CEST - AID: 0x0000000000000000 - Discovered configuration for node name '/Search' at path '/Library/Preferences/OpenDirectory/Configurations//Search.plist'

2015-04-11 21:57:11.032007 CEST - AID: 0x0000000000000000 - Registered node with name '/Search'

2015-04-11 21:57:12.343838 CEST - AID: 0x0000000000000000 - Discovered configuration for node name '/LDAPv3/127.0.0.1' at path '/Library/Preferences/OpenDirectory/Configurations/LDAPv3/127.0.0.1.plist'

2015-04-11 21:57:12.343888 CEST - AID: 0x0000000000000000 - Registered subnode with name '/LDAPv3/127.0.0.1'

2015-04-11 21:57:13.549377 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/legacy.bundle'

2015-04-11 21:57:13.551131 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/search.bundle'

2015-04-11 21:57:13.554053 CEST - AID: 0x0000000000000000 - '/Search' has registered, loading additional services

2015-04-11 21:57:13.554064 CEST - AID: 0x0000000000000000 - Initialize augmentation support

2015-04-11 21:57:13.557920 CEST - AID: 0x0000000000000000 - Successfully registered for Kernel identity service requests

2015-04-11 21:57:13.557940 CEST - AID: 0x0000000000000000 - Adjusting kernel ID cache (100 -> 250) and membership cache (100 -> 500)

2015-04-11 21:57:13.575235 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/PlistFile.bundle'

2015-04-11 21:57:13.578418 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/FDESupport.bundle'

2015-04-11 21:57:13.583810 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleID.bundle'

2015-04-11 21:57:13.615788 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ConfigurationProfiles.bundle'

2015-04-11 21:57:13.619666 CEST - AID: 0x0000000000000000 - Registered subnode with name '/Local/Default'

2015-04-11 21:57:13.632498 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ldap.bundle'

2015-04-11 21:57:13.845588 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClientLDAP.bundle'

2015-04-11 21:57:13.849664 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClientPWS.bundle'

Mac mini, OS X Yosemite (10.10.3), Server 4.1

Posted on Apr 11, 2015 1:45 PM

Reply
Question marked as Best reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
117,181 points

Posted on Apr 11, 2015 4:20 PM

Looks like there's a corruption, and that can mean restoring from backups.


That written, it's possible there are some DNS issues here as your host has a public CNAME (alias) and what might be a dynamic DNS provider. DNS configuration issues can cause LDAP to become confused.

View in context
17 replies
User profile for user: essandess
essandess
User level: Level 1
41 points

Apr 22, 2015 12:49 AM in response to MrHoffman

I'm going to disagree with MrHoffman's good DNS advice. Assuming that you don't really, really need to isolate your public facing services in a DMZ (I expect most OS X Servers simply reside behind a router firewall), it often makes sense to use the same domain name on the LAN as on the Internet. First, Server.app services are secured with a certificate tied to ONE domain name. You'll want to authenticate to those services whether on the LAN or the Internet, and setting internal DNS to point your domain to a LAN address does this. Second, it's a lot simpler to configure and use clients for a single domain, and let DNS determine whether the packets stay on the LAN, rather than one configuration for LAN and a separate configuration for the Internet.


Also, variable IP addresses can work fine with ddclient, available through Macports or brew. In practice many ISP's variable IP's are don't change for years, and it's easy to configure ddclient to test your IP every few minutes and automatically update your DNS records if your IP changes.


Finally, whether you site your server in a DMZ or on the LAN behind a router firewall, TB hard drives are cheap, so there's no excuse not to keep multiple, independent, offline backups.

Reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
117,181 points

Apr 22, 2015 10:01 AM in response to essandess

Using the same domain name inside and outside does mean you have to track any external DNS changes on your internal servers, such as when a hosted service such as mail or web changes, your local DNS has to be updated to reflect that.


For this specific case and particularly given the external DNS here is a dynamic provider, I would not use that DNS subdomain internally. You may or will change those providers, or that provider can reconfigure or be bought out or reorganized or bankrupt or changes their business names. That then means you get to change all your internal DNS, as well as everything that references that domain externally. Hence my suggestion to get a real and registered domain.


The presence of a DMZ is for security — having the same domain name across the internal network and the DMZ does work correctly. If you're inclined, you can set up the server in the DMZ as a DNS replica, if you're willing to poke a hole through to your primary internal DNS server. Or just run it as a subset DNS server, since all it has to know about is itself.


Rather than ddclient — which is certainly an option — a mid-grade firewall can also deal with dynamic DNS on your behalf, and automatically update the public-facing dynamic DNS server when the ISP address changes.


FWIW, one variety I've had reasonable success with is the ZyXEL ZYWALL USG series. Those USG devices are not going to teach you the basics of IP and DNS and do expect you're familiar with the basics, but the menus are reasonably clear and consistent and complete, and the L2TP VPN can be gotten to work with the OS X clients, and most or all of that series do support DMZ configurations. The mid-grade USG versions support multiple network uplinks for redundancy, and that works. (Other than having purchased various ZyXEL gear, I have no connections with that company.)

Reply

After Updating to Server 4.1 Open directory and LPAD gone

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up