Contribute  :  Advanced Search  :  Directory  :  Forum  :  FAQ's  :  My Downloads  :  Links  :  Polls  
AFP548 Changing the world one server at a time.

advanced search 

Sections

Home
AFP548 Site News (107/2)
Articles (282/26)
Apple (50/2)
Extended KB (3/1)
Ask AFP548 (16/42)
Reviews (5/1)
Security (16/2)
Tips (130/8)
Third Party Applications (53/6)
Odds and Ends (28/1)
Podcasts (2/0)

User Functions

:

:

Don't have an account yet? Sign up as a New User
Lost your password?

Poll

Do you want push services for the iPhone on Mac OS X Server?
Yes! Expand the existing stuff!
Yes! Apple should add EAS support!
No! I just use another service that already has push.
Results
80 votes | 0 comments
Welcome to AFP548
Thursday, July 29 2010 @ 09:33 am MDT
   

WTF? More info on the 10.3.9 Server Update

Friday, April 22 2005 @ 01:59 pm MDT
Contributed by: macshome
Views: 6,159
AppleSo, you installed 10.3.9 and your OD setup went crazy? It took them a while, but Apple has posted the info you need to know before you update your server.

Read on for more...

OK, here is the deal.

The 10.3.9 update makes some changes to the OD schema for Tiger compatibility. After these changes the database needs to be reindexed. Here is how it is supposed to happen:

1. The server takes the update and reboots.
2. On the first reboot the server removes 127.0.0.1 from it's authentication path, reindexes the LDAP DB --by means of slapconfig calling slapindex to do its bidding--, and re-adds localhost to the authentication path when it is done.

One problem is that this can take a while to run (Indeed, the slapindex man page notes, "This command provides ample opportunity for the user to obtain and drink their favorite beverage.".) and Apple doesn't warn you about it before it happens. The more users you have the longer it takes, and sysadmins start to freak out all across the Mac universe.

Another problem is that slapindex might crash and the only hints you have are it's crash log and a busted OD database. If this has happened you can do the reindex manually.

1. sudo SystemStarter stop LDAP
2. sudo slapindex
3. sudo SystemStarter start LDAP

Once you have that taken care of you need to check and make sure that /LDAPv3/127.0.0.1 is in your server's authentication path.

If you have replicas you must take even more precautions. Make sure that you update your replicas first then, and only then, do the master. If you did them out of sync you will need to demote the replicas to standalone and then re-promote them to replica status so they can pull the updated schema from the master.

You can find more info on the reindexing issue in KB 301384

You can find more info on the replica issue in KB 301295

Fun stuff.
 

What's Related

Story Options

Advertising

WTF? More info on the 10.3.9 Server Update | 11 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
WTF? More info on the 10.3.9 Server Update
Authored by: bcirvin on Friday, April 22 2005 @ 02:48 pm MDT
i think with behavior like that, the beverage in question might be something
from mr. daniels...

blake/

---
systems engineer, tribune review publishing company, pittsburgh, pa

"What guy would call his company 'micro' and 'soft'?"
WTF? More info on the 10.3.9 Server Update
Authored by: chiefgeek on Sunday, April 24 2005 @ 07:28 pm MDT
This marks the last time I ride the bleeding edge of Apple updates. How about some release notes WITH the update instead of a week later?

This was an absolute disaster at our place and I even DID the replica FIRST (though it was purely by chance).

Somehow SLAPIndex died on the master and all attempts to get it to rebuild went nowhere. We stopped SLAPD and let SLAPIndex run for 45 minutes on a dual G4 with fewer than 50 user accounts. And we did it TWICE. Nadda.

It may well be that our database was corrupt to begin with, but it would have been nice to get some kind of feedback on this rather than two processors pegged at 100% for 45 minutes.

Many thanks to Joel and Arek for their assistance in getting us back on our feet.

C'mon Apple! I'm all for fixing bugs, but this is ridiculous. With updates like this, you won't have to worry about prepping systems for future OS releases. Sheesh.
WTF? More info on the 10.3.9 Server Update
Authored by: Anonymous on Sunday, April 24 2005 @ 08:12 pm MDT
So I did the update before reading AFP548.com.
Before the update completed - it stopped responding.
And now I have an xServe 250 miles away that will not respond via SSH, ARD,
or anything other than a ping.
WTF?

All I have left to do is get my provider to physically reboot it.

I really hope it comes back.

This sucks Apple.

jeffnantais@gmail.com
WTF? More info on the 10.3.9 Server Update
Authored by: nigelkersten on Monday, April 25 2005 @ 05:29 pm MDT
I was wondering why I wasn't having these problems, and I realised it
was because I had already added these 'new' fields to be slapindexed, so
the process barely took any time. (thank god memberUID is now
indexed... boy was that an oversight)

Messing around with my dev box produced another bad situation. :)

* OD Master running 10.3.8 (not updated yet, but other replicas have
been)
* Update dev box (which is just connected to the domain) to 10.3.9.
* Make dev box a replica of the 10.3.8 server
* ba-bow! You end up with an /etc/openldap/slapd_macosxserver.conf
file that references attributes that aren't in your /etc/openldap/schema
(which has been grabbed from the 10.3.8 server)
* copying the correct schema folder across fixes this.

WTF? More info on the 10.3.9 Server Update
Authored by: siddhartha on Tuesday, April 26 2005 @ 02:12 am MDT
so what are the schema changes for tiger?

 Copyright © 2010 AFP548
 All trademarks and copyrights on this page are owned by their respective owners.		 Powered By Geeklog 
Created this page in 0.20 seconds