OD replica creation keeps failing

[MacDave]

I’ve got two 10.4.11 servers, one properly set up as OD master (serving OD accounts, homes, etc properly). The second server is set to standalone, and I’m trying to promote it to OD replica. Each time I try to do the promotion, it fails and the replica machine reverts back to standalone. I’ve verified many times that I can ssh as root from replica to master without any trouble.

Here’s what I get the in the replica machine’s /Library/Logs/slapconfig.log:

=====

2007-12-28 16:23:50 -0800 – slapconfig -setmacosxodpolicy
2007-12-28 16:23:50 -0800 – slapconfig -createreplica
2007-12-28 16:23:50 -0800 – command: ssh [email protected] /usr/sbin/slapconfig -checkmaster diradmin 0 3 3
2007-12-28 16:23:54 -0800 – 1 Destroying local LDAP server
2007-12-28 16:24:09 -0800 – command: /usr/sbin/sso_util remove -k -d -s -c -n -v 1
2007-12-28 16:24:20 -0800 – sso_util command output:
shutting down kadmind
kadmind shut down
shutting down kdc
No such process
No such process
kdc shut down
removing kdc database files
2007-12-28 16:24:20 -0800 – Stopping LDAP server (slapd)
2007-12-28 16:24:20 -0800 – Stopping LDAP replicator (slurpd)
2007-12-28 16:24:20 -0800 – Removed file at path /etc/openldap/slapd.conf.
2007-12-28 16:24:20 -0800 – Copied file from /etc/openldap/slapd.conf.default to /etc/openldap/slapd.conf.
2007-12-28 16:24:20 -0800 – command: /usr/sbin/NeST -pwsstandalone
2007-12-28 16:24:28 -0800 – 2 Stopping master LDAP server
2007-12-28 16:24:28 -0800 – command: ssh [email protected] /usr/sbin/slapconfig -stopldapserver
2007-12-28 16:24:33 -0800 – 3 Updating master configuration
2007-12-28 16:24:33 -0800 – command: ssh [email protected] /usr/sbin/slapconfig -addreplica 10.0.0.20
2007-12-28 16:24:36 -0800 – command: ssh [email protected] /usr/bin/db_recover -h /var/db/openldap/openldap-data
2007-12-28 16:24:39 -0800 – command: ssh [email protected] /usr/sbin/slapcat -l /var/db/openldap/openldap-data/backup.ldif
2007-12-28 16:24:44 -0800 – ssh command failed with status 255
2007-12-28 16:24:44 -0800 – Removing replica due to an error copying LDAP database. (error = 69)
2007-12-28 16:24:44 -0800 – command: ssh [email protected] /usr/sbin/slapconfig -removereplica 10.0.0.20
2007-12-28 16:24:46 -0800 – command: ssh [email protected] /usr/sbin/slapconfig -startldapserver

====

On the OD master, I see the following entry in /Library/Logs/CrashReporter/slapcat.crash.log:

====

Host Name: FileServer
Date/Time: 2007-12-28 16:24:41.819 -0800
OS Version: 10.4.11 (Build 8S2169)
Report Version: 4

Command: slapcat
Path: /usr/sbin/slapcat
Parent: sshd [11708]

Version: ??? (???)

PID: 11712
Thread: 0

Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_INVALID_ADDRESS (0x0001) at 0x66696369

Thread 0 Crashed:
0 slapcat 0x00064624 0x1000 + 407076
1 slapcat 0x00064638 0x1000 + 407096
2 slapcat 0x00064654 0x1000 + 407124
3 slapcat 0x00064654 0x1000 + 407124
4 slapcat 0x00064654 0x1000 + 407124
5 slapcat 0x00064654 0x1000 + 407124
6 slapcat 0x0006ac48 0x1000 + 433224
7 slapcat 0x00019224 0x1000 + 98852
8 slapcat 0x0005160c 0x1000 + 329228
9 slapcat 0x00050b84 0x1000 + 326532
10 slapcat 0x00002b30 0x1000 + 6960
11 slapcat 0x00001c7c 0x1000 + 3196
12 slapcat 0x00001980 0x1000 + 2432

Thread 0 crashed with PPC Thread State 64:
srr0: 0x0000000000064624 srr1: 0x100000000200d030 vrsave: 0x0000000000000000
cr: 0x44000444 xer: 0x0000000000000000 lr: 0x0000000000064638 ctr: 0x0000000000000001
r0: 0x0000000000064638 r1: 0x00000000bffff660 r2: 0x0000000000000000 r3: 0x0000000000000000
r4: 0x0000000000023e9c r5: 0x00000000bffff6a8 r6: 0x000000000042f941 r7: 0x0000000000000004
r8: 0x0000000000000001 r9: 0x0000000000033690 r10: 0x00000000a0005f80 r11: 0x0000000044000442
r12: 0x0000000090005f6c r13: 0x0000000000000000 r14: 0x0000000000000000 r15: 0x0000000000000000
r16: 0x0000000000000000 r17: 0x0000000000000000 r18: 0x0000000000180000 r19: 0x000000000019253c
r20: 0x000000000015cf60 r21: 0x000000000015cf8c r22: 0x000000000015cf80 r23: 0x0000000000000000
r24: 0x00000000bffff9ec r25: 0x0000000000192730 r26: 0x0000000000192730 r27: 0x0000000000000000
r28: 0x0000000000000000 r29: 0x0000000000023e9c r30: 0x0000000066696361 r31: 0x000000000042ea80

Binary Images Description:
0x1000 – 0x17dfff slapcat /usr/sbin/slapcat
0x1ae000 – 0x1b2fff libgssapiv2.2.so /usr/lib/sasl2/openldap/libgssapiv2.2.so
0x1b5000 – 0x1b8fff libpscrammd5.2.so /usr/lib/sasl2/openldap/libpscrammd5.2.so
0x8fe00000 – 0x8fe50fff dyld 46.16 /usr/lib/dyld
0x90000000 – 0x901c0fff libSystem.B.dylib /usr/lib/libSystem.B.dylib
0x90218000 – 0x9021dfff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib
0x907e7000 – 0x908befff com.apple.CoreFoundation 6.4.8 (368.31) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x90905000 – 0x90905fff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x90907000 – 0x90a10fff libicucore.A.dylib /usr/lib/libicucore.A.dylib
0x90a61000 – 0x90ae4fff libobjc.A.dylib /usr/lib/libobjc.A.dylib
0x90b0d000 – 0x90b7ffff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib
0x90bf2000 – 0x90bfdfff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib
0x90c02000 – 0x90c77fff com.apple.framework.IOKit 1.4.8 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x90c8d000 – 0x90ca1fff libauto.dylib /usr/lib/libauto.dylib
0x90ca7000 – 0x90f72fff com.apple.CoreServices.CarbonCore 682.28 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x90fcf000 – 0x91048fff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x9108b000 – 0x910ccfff com.apple.CFNetwork 129.22 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0x910e0000 – 0x910f4fff com.apple.WebServices 1.1.3 (1.1.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore
0x91100000 – 0x91192fff com.apple.SearchKit 1.0.7 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x911ce000 – 0x911eefff com.apple.Metadata 10.4.4 (121.36) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x911fb000 – 0x9120afff libz.1.dylib /usr/lib/libz.1.dylib
0x9120d000 – 0x913c2fff com.apple.security 4.5.2 (29774) /System/Library/Frameworks/Security.framework/Versions/A/Security
0x914bf000 – 0x914c8fff com.apple.DiskArbitration 2.1.2 /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x914cf000 – 0x914d7fff libbsm.dylib /usr/lib/libbsm.dylib
0x914db000 – 0x91503fff com.apple.SystemConfiguration 1.8.6 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x91a74000 – 0x91b37fff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib
0x91d15000 – 0x91e03fff libxml2.2.dylib /usr/lib/libxml2.2.dylib
0x92a20000 – 0x92b0ffff libiconv.2.dylib /usr/lib/libiconv.2.dylib
0x92bda000 – 0x92e0efff com.apple.Foundation 6.4.9 (567.36) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x94bca000 – 0x94be9fff com.apple.NetInfo 1.0.0 (???) /System/Library/PrivateFrameworks/NetInfo.framework/Versions/A/NetInfo
0x94ecc000 – 0x94edcfff libsasl2.2.dylib /usr/lib/libsasl2.2.dylib
0x94ee0000 – 0x94f0cfff libssl.0.9.7.dylib /usr/lib/libssl.0.9.7.dylib
0x94f1b000 – 0x94f39fff libresolv.9.dylib /usr/lib/libresolv.9.dylib
0x950f8000 – 0x951d2fff edu.mit.Kerberos 5.5.25 /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos
0x95e7a000 – 0x95e9bfff com.apple.DirectoryService.PasswordServerFramework 2.1.2 /System/Library/PrivateFrameworks/PasswordServer.framework/Versions/A/PasswordServer

====

Can anyone shed light here?

Many thanks…

[musicofnote]

really stupid question:

Have you checked to see that the system clock on both machines are within 5 minutes of each other? I just got bck from a clients office where I had the same issue. The XServe I was trying to change from standalone to OD-Replica behaved the same way, until I noticed that the clocks where 9 hours apart from ech other. The OD Master was correct, but the would-be OD Replica was set to the Cupertino, CA time zone. I changed this to the same time zone as the OD-MAster and all was well, the change to OD Replica worked just fine!

[MacDave]

Thanks for the suggestion – both servers are set to same time zone, and are within a few seconds of each other. Anything else I might try?

[MacDave]

One more clue – if I manually run:

sudo /usr/sbin/slapcat -l /Users/localadmin/Desktop/backup.ldif

on the OD master, it returns “Segmentation Fault.”

I’m all ears to any suggestions. 🙂

[MacDave]

[QUOTE][u]Quote by: MacTroll[/u][p]Well the segfault with the slapcat is where this is all failing?

Are you using SSL with LDAP? More specifically SSL with a private key that has a passphrase?[/p][/QUOTE]

Well, I thought the segment fault was the problem, since I couldn’t do the slapcat on the replica without getting that error.

*But* – I just tried disabling LDAP SSL on the master (it was using the “Default” certificate), and whamo – OD replication worked, 1st time. Is there a reason that the ever helpful MacTroll can tell me this in 2 seconds but the directory service logs on the replica couldn’t have given me a clue about this?

Thanks MacTroll – you and Josh and this site rule. 🙂

[Author]

Posts