Eric, thanks for this information. I’ve ended up needing to go through pretty much the same process yesterday and this was a great help.
A flaw I discovered was that Kerberos would not accept the login credentials of the diradmin account after the mergedb had been done. (OpenDirectory would, but not Kerberos.) What was happening is that the old db also had a “diradmin” account which was overwriting the new account information.
My solution was to create the new diradmin account under a different name. I used “diradmin1” and picked a uid of 3000 (which I knew was unused — obviously people with more than 2000 user accounts need to hike the number further.)
In other words (changes underlined):
sudo slapconfig -createldapmasterandadmin [u]diradmin1[/u] “Directory Admin” [u]3000[/u] “dc=YOUR,dc=DOMAIN,dc=com”
Once the mergedb has completed, delete the old “diradmin” account.
I hope this helps someone out there. cost me too many hours of sleep two nights back.
-Kanthan.
Recent Comments