I worked on an Open Directory problem on a Leopard server for 5 hours straight yesterday. With the help of an Apple’s consultant, the system is finally fixed. The computer setup is like this. We have two Leopard servers, one is the Open Directory Master (ODM), the other works as a client for the Open Directory. We noticed that the changes made on the ODM don’t reflect on the client. I tried to unbind the client from the OD and re-bind it again. After re-binding, the ODM shows up in the Directory Utility windows with a red light and the message “The server is not resonding.” .
It turns out this client was an Open Directory Replica. Somehow, it was not demoted to a regular client properly, therefore a copy of Open Directory is running on this client. Here are the steps that we took to fix this problem.
- On the client, use Directory Utility to unbind it from the server. You might need to force unbind it.
- On the client, type the command to delete the Directory Service preference. If you have other settings in there, you might want to write them down first.
sudo rm -R -v /Library/Preferences/DirectoryService
- On the client, use Keychain Access to search the items related to kerberos and delete them.
- On the client, type the following commands to delete the setting related to kerberos and them again.
sudo rm -fr /var/db/krb5kdc
- The client was previously setup as an OD replica. We want to delete all the previous settings related to the replica. You do not need to do this, if your situation is different. On the client, type the following command.
sudo slapconfig -destroyldapserver
- Reboot the client.
- On the server, use the Workgroup Manager to delete the computer accounts related to the client.
- On the client, use the Directory Utility to bind the machine to OD.
If this does not fix your problem, google “Open Directory Administation” and read the PDF docuement from Apple. It has some troubleshooting tips about OD.