Tuesday, November 3, 2009

Slapconfig, MacOSX Leopard Server and Frustration!

For the past several years, I have been the admin of my children's school, which subscribes to the Apple model of one-to-one and employs X-Servers as their infrastructure model of choice.  While I think the Mac OS client is an awesome platform full of features and functions, I also find that the tapestry of technical prowess required to circumnavigate around an Open Directory implementation is known to a few key architects at Apple and no one else.  Open Directory has got to be one of the most fragile and complex beasts known to man - (note to Apple: Simplify it, make it work, then add features).

It goes beyond frustration that I have a brand new 10.5 server (patched to 10.5.8) as an Open Directory Master, but for the life of me, cannot create a replica on another system (also 10.5.8).

After much splunking and searching, I have determined that the error lies within the launchd process that is not being elevated enough to run the slapconfig utility properly.  Why?  Don't know.

I try to run the GUI application to promote a system to replica and I am greeted with an 1077 error (which relates to an incorrect Directory Administrator User and Password issue).  I have changed my diradmin user and password about 2 dozen times and nothing suffices.

The username/password combo I am employing works from Workgroup Manager just fine. 

So I dug a lot deeper and found that during the process, I get two SSHD error logs on my master server:

com.apple.launchd(1)       (0x10fa90.sshd[1237]) Could not setup Mach task special port 9: (os/kern) no access

Hmmm....  So I then, from the 'replica-to-be' run the command line version for creating the replica:

slapconfig -createreplica servername diradminname

and it asks me for my root password and I enter it - it works, then it gets to the part where it wants the Directory Admin password and then it part of the replica initiation process re-runs the slapconfig process with a -checkmaster and the parameters I just specified.... and it fails with a:

Error: Incorrect username or password. You must enter a directory administrator username and password. (errror=77)

But the combination I am using, does work.

Still working on it...


  1. Does your password contain non alpha-numeric characters? I've run into this a few times recently when creating replicas.

  2. Yes, it does... I will have to try resetting the password to something simple and trying that.

    I love Mac OS X and the Server is very unique - but I work with one day-in and day-out and it is integrated (at my work, not the school) with Active Directory and that is problematic. Upgraded to Snow Leopard and I hope that works better.

    Good Point - I will give it a shot!