Q: OD Replica sync issues
Hey there,
I ran into a weird problem with my Open Directory Replica.
We are virtualizing OSX Server Environments on mac pros in Rack Units. It works like a charm.
As it so happens I ran into a weird problem on my replica and so I had to restore the complete System Disk from 1 day before...
Also this worked like charm as intended. When i first setup the Servers ( el capitan) i was surprised you can cange passwords
and add users also on the replica which will sync to the master. That was pretty nice.
After restoring the master didnt promote changes to the slave anymore and no other way around. I tracked the issue
down to the system user _ldap restore could not login on the replica. On the replice you can find the password in cleartext in the openldap
directy in a config files so i took it and set it up on the master...and all changes get instantly promoted to the slave now. I would like to know WHY that can
happen I basically only changed the replica machine one day back ( the system time is ofc actual) . The other way around still does not work. Now you can
also find the password which differs on the master and set it on the replica, then all changes get promoted to the master but the
other way around is not possible. this is really really weird and suggestions ? It worked fantastic both ways and now
the 2 machines have different passwords i dont understand. They do in fact use the SAME user to sync. seems like a dilemma.
Before you suggest destroying and rebuilding the replica. that does not work either the destroyldap command does not
get rid of all information it seems. I also moves /etc/krkb5.keytab. and deleted the sync job folder- On the master in the OD i removed the IDs of the replicas in Computer groups
and also used the terminal command to delete the replica setup.
On recreation I can see all users and groups being loaded from the server. Then when i want to change something on the replica
it says the user diradmin is not an administrator of this node...only after this message: all groups disappear from server app only users stay ( but icant change them either) when i use directory utility i can use DIRADMIN to change things....this is just really killing me becasue this bears no logic.
Any ideas what i can do besides exporting the cert and start from scratch ?
OS X Server
Posted on May 11, 2016 3:28 AM