Configuration de MacOS X Server
Annexes

• Problèmes lors de la restoration d'une sauvegarde de la configuration Open Directory
• Configurer Apple Remote Desktop en ligne de commande
• Changement d'adresse IP d'un serveur
• Connexion ssh sur un client utilisant l'authentification LDAP et le montage afp et mnthome.
• En cas de problème d'authentification
• En cas d'impossibilité de créer un nouvel utilisateur
• Log lors de l'authentification le Password Service Server
• lors du démarrage de la machine, le montage des partitions et l'authentification
• ldapsearch -v -x -h serveur.lip6.fr -b "cn=config,dc=lip6,dc=fr"
• ldapsearch -v -x -h serveur.lip6.fr -b "dc=lip6,dc=fr" "uid=tp1"
• Serveur : sudo mkpassdb -dump
• Mappage LDAPv3 RFC 2307

Impossibilité de créer un nouvel utilisateur [Juin 2008] 10.5.3

Lors de la création d'un nouvel utilisateur par le gestionnaire de groupe de travail (workgroup Manager), juste au début :

Erreur de type eDSRecordAlreadyExists (-14135) sur la ligne 1189 de /SourceCache/WorkgroupManager/WorkgroupManager-319.1.1/PMMUGMainView.mm

Cela semble venir du numéro d'uid attribué qui semble déjà utilisé. Il suffit de recommencer plusieurs fois et ça remarche ! Cela m'est arrivé lorsque j'ai supprimé des utilisateurs puis créé d'autres utilisateurs.

Encore impossibilité de créer un nouvel utilisateur [Juin 2008] 10.5.3

Lors de la création d'un nouvel utilisateur par le gestionnaire de groupe de travail (workgroup Manager) : au moment ou on clique sur save, plusieurs messages :

Error of type eDSRecordNotFound (-14136) on line 255 of /SourceCache/WorkgroupManager/WorkgroupManager-319.1.1/Plugins/UserAccounts/../../Plugins/UserAccounts/UserGroupPluginView.mm

Error of type eDSRecordNotFound (-14136) on line 2002 of /SourceCache/WorkgroupManager/WorkgroupManager-319.1.1/Plugins/UserAccounts/UserAdvancedPluginView.mm

Error of type eDSRecordNotFound (-14136) on line 1347 of /SourceCache/WorkgroupManager/WorkgroupManager-319.1.1/Plugins/UserAccounts/UserVolumesPluginView.mm

L'uid a pris la valeur Untitled_1, chose très étrange, l'aborescence LDAP n'a pas créé uid=login sous cn=users puis mais au niveau au même niveau que cn=user, il y a un uid=login,cn=users et il est impossible de le détruire. Impossible non plus de renommer Untitled_1.

Solution temporaire, ne plus utiliser ce login

Sauvegarde de la configuration des MacOS X Server

Sauvegarde de MacOS X Server 10.4:

L'application de Server Admin permet de sauvegarder tous les paramètres du serveur dans une image disque protégée par un mot de passe. Il est possible de faire la meme chose en ligne de commande. Voir article sur afp548.

Sauvegarde de MacOS X Server 10.3:

Voir le script ODback.

Migration des comptes et mots de passe de MacOS X v10.3 à v10.4.

Sauvegarde des comptes et mots de passe (issu de la référence précédente)

sudo mkdir /path/to/backup_directory
sudo chmod og-rxw /path/to/backup_directory
sudo slapcat -l /path/to/backup_directory/server.ldif
sudo mkpassdb -backupdb /path/to/backup_directory

Configurer Apple Remote Desktop en ligne de commande

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent

FireWall

Ouverture des ports pour l'authentification LDAP SSL

1. Lors du démarrage, le poste client fait des accès au port TCP 636 (Secure LDAP). Voir ici pour la mise en place de SSL sur LDAP.
2. Lors de l'authentification, accès au port TCP 106 (Password Server 106 et 3659).

Montage du répertoire utilisateur

1. Accès au port 548 (Apple File service).

Ouverture des ports pour le Workgroup Manager

1. Accès au port 625 (Remote Directory Access)

Ouverture des ports pour le Remote Desktop

1. Voir ici pour les ports 3283 et 5900

Connexion ssh sur un client utilisant l'authentification LDAP et le montage afp [février 2005]

Voici le compte lorsque qu'on se connecte en ssh sur une machine (autre que le serveur) utilisant un montage afp pour le compte :

d--------- 3 tp1 unknown 264 11 Jan 15:03 Desktop
d--------- 9 tp1 unknown 264 1 Feb 10:24 Documents
d--------- 18 tp1 unknown 568 24 Jan 11:33 Library
d--------- 3 tp1 unknown 264 11 Jan 15:03 Movies
d--------- 3 tp1 unknown 264 11 Jan 15:03 Music
d--------- 3 tp1 unknown 264 11 Jan 15:03 Pictures
dr-xr-xr-x 4 tp1 unknown 264 11 Jan 15:03 Public
dr-xr-xr-x 6 tp1 unknown 264 11 Jan 15:03 Sites

Quand on ne voit pas que ceci !

machine:~ tp1$ ls -al
drwxr-xr-x 4 tp1 staff 136 1 Feb 23:28 Library

Bref, on ne peut rien faire car le montage de la partition a été faite (au démarrage de la machine ?) en invité. Pour obtenir les droit corrects il faut utiliser la commande mnthome (exécutable livré avec MacOS X server qui fonctionne très bien sur MacOS 'non server').

tp1$ mnthome
Password:
AFP mount information for /private/Network/Servers/serveur.lip6.fr/Volumes/D1/Utilisateurs/Invites
The sharepoint (Invites) was mounted with authentication by: tp1

On obtient ceci

drwx------ 8 tp1 staff 264 2 Jun 2004 Desktop
drwx------ 4 tp1 staff 264 5 Jul 2004 Documents
drwx------ 22 tp1 staff 704 1 Oct 18:28 Library
drwx------ 3 tp1 staff 264 14 May 2004 Movies
drwx------ 3 tp1 staff 264 14 May 2004 Music
drwx------ 3 tp1 staff 264 14 May 2004 Pictures
drwxr-xr-x 5 tp1 staff 264 21 May 2004 Public
drwxr-xr-x 6 tp1 staff 264 14 May 2004 Sites

C'est bien mais ce n'est pas vraiment prévu pour le multi-utilisateur dans la mesure où la partition est monté par le dernier qui tape mnthome !

Du coup, il faudrait par exemple que chacun ait son point de montage (alors que par défaut, le point de montage est sur le répertoire au dessus du répertoire de départ). Il faut aussi rajouter un bit 's' sinon on obtient ceci pour un autre utilisateur :

un_autre$ mnthome
Unmounting of share point at /private/Network/Servers/serveur.lip6.fr/Volumes/D1/Utilisateurs/Perm failed (1 Operation not permitted).
AFP mount information for /private/Network/Servers/serveur.lip6.fr/Volumes/D1/Utilisateurs/Perm
The sharepoint (Perm) was mounted by: tp1
Sharepoint was mounted without authentication.
Sharepoint is using synthetic permissions bits mapped from 'effective' permissions.

bref, il faudrait autre chose pour MacOS X Server 10.4 !

PS: Ca marche par contre correctement via NFS mais on ne peut pas vraiment déployer du NFS entre sous-réseaux (problèmes de routage et de sécurité).

Problèmes d'authentification [Juin 2008]

Après une mise à jour de MacOS X Server 10.5.3 certains postes client ne retrouvent pas le serveur LDAP avec des messages :

DirectoryService[48]: DSLDAPv3PlugIn: [machine] LDAP server config not updated with server mappings due to server mappings error.
DirectoryService[48]: LDAPv3: SafeOpen Can't retrieve server mappings from search base of .
DirectoryService[48]: LDAPv3: SafeOpen Cannot retrieve server mappings at this time.

Le problème provenait de l'utilitaire Utilitaire d'annuaire (Directory Utility) qui garde visiblement une mauvaise configuration. Pour corriger cela il faut :

1. Supprimer le contenu du répertoire /Library/Preferences/DirectoryService.

Ensuite, (redémarrer ?) et recommencer la configuration de Format du Répertoire sans erreur :)

Problèmes d'authentification [Février 2005]

Je viens de passer très longtemps sur un poste client ne retrouvant pas le serveur LDAP avec des messages :

/System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher: DSOpenNode(): dsOpenDirNode("/LDAPv3/mon.server.fr") == -14002

Le problème provenait de l'utilitaire Format du Répertoire (Directory Access) qui garde visiblement une mauvaise configuration même si on la corrige. Pour corriger cela il faut :

1. Supprimer le contenu du répertoire /Library/Preferences/DirectoryService.
2. Supprimer tout le contenu de /config/mcx-cache dans le Gestionnaire NetInfo (NetInfo Manager).

Ensuite, (redémarrer ?) et recommencer la configuration de Format du Répertoire sans erreur :)

Sur le serveur, lors de l'authentification le Password Service Server Log contient :

• May 21 2004 11:31:30 RSAPUBLIC: ok
May 21 2004 11:31:30 RSAVALIDATE: success.
May 21 2004 11:31:30 AUTH: {0x40a4df72564595b70000000800000008, tp1} requested mechanism DIGEST-MD5.
May 21 2004 11:31:30 AUTH2: {0x40a4df72564595b70000000800000008, tp1} authentication succeeded.
May 21 2004 11:31:32 RSAPUBLIC: ok
May 21 2004 11:31:32 RSAVALIDATE: success.
May 21 2004 11:31:32 AUTH: {0x40a4df72564595b70000000800000008, tp1} requested mechanism DIGEST-MD5.
May 21 2004 11:31:32 AUTH2: {0x40a4df72564595b70000000800000008, tp1} authentication succeeded.
May 21 2004 11:31:32 QUIT: {0x40a4df72564595b70000000800000008, tp1} has disconnected.
May 21 2004 11:31:32 RSAPUBLIC: ok
May 21 2004 11:31:32 RSAVALIDATE: success.
May 21 2004 11:31:32 AUTH: {0x40a4df72564595b70000000800000008, tp1} requested mechanism DIGEST-MD5.
May 21 2004 11:31:32 AUTH2: {0x40a4df72564595b70000000800000008, tp1} authentication succeeded.
May 21 2004 11:31:32 QUIT: {0x40a4df72564595b70000000800000008, tp1} has disconnected.

Changement d'adresse IP d'un serveur

Cela doit se faire avec la commande changeip.

Sur le client, lors du démarrage de la machine, le montage des partitions et l'authentification, le fichier system.log contient :

May 21 11:29:24 localhost init: kernel security level changed from 0 to 1
May 21 11:29:27 localhost configd[89]: posting notification com.apple.system.config.network_change
May 21 11:29:27 localhost configd[89]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-network
May 21 11:29:27 localhost mach_init[2]: Server 22a3 in bootstrap d03 uid 0: "/usr/sbin/lookupd": exited as a result of signal 1 [pid 119]
May 21 11:29:28 localhost lookupd[201]: lookupd (version 324) starting - Fri May 21 11:29:28 2004
May 21 11:29:28 localhost ConsoleMessage: Starting network file system
May 21 11:29:29 localhost automount[234]: automount version 57
May 21 11:29:30 localhost automount[237]: automount version 57
May 21 11:29:31 localhost automount[234]: logout notification received.
May 21 11:29:31 localhost automount[234]: requesting logout processing.
May 21 11:29:31 localhost automount[237]: logout notification received.
May 21 11:29:31 localhost automount[237]: requesting logout processing.
May 21 11:29:31 localhost automount[234]: handle_deferred_requests: user logged out.
May 21 11:29:31 localhost automount[237]: handle_deferred_requests: user logged out.
May 21 11:29:31 localhost loginwindow[199]: Sent launch request message to DirectoryService mach_init port
May 21 11:29:31 localhost DirectoryService[243]: Launched version 1.6 (v255.1.1)
May 21 11:30:04 localhost DirectoryService[243]: InitLDAPConnection or ldap_init failure: Logging Failed LDAP connection with incomplete data
May 21 11:30:05 localhost configd[89]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/set-hostname
May 21 11:30:05 localhost configd[89]: posting notification com.apple.system.config.network_change
May 21 11:30:05 localhost mach_init[2]: Server 0 in bootstrap d03 uid 0: "/usr/sbin/lookupd": exited as a result of signal 1 [pid 201]
May 21 11:30:06 localhost lookupd[255]: lookupd (version 324) starting - Fri May 21 11:30:06 2004
May 21 11:30:06 localhost ConsoleMessage: Loading Shared IP extension
May 21 11:30:06 localhost ConsoleMessage: Starting printing services
May 21 11:30:07 localhost set-hostname[301]: setting hostname to admin7.lip6.fr
May 21 11:30:07 localhost ConsoleMessage: Loading IP Firewall extension
May 21 11:30:08 localhost kernel: IP packet filtering initialized, divert enabled, rule-based forwarding enabled, default to accept, logging disabled
May 21 11:30:08 localhost kernel: IPv6 packet filtering initialized, default to accept, logging disabled
May 21 11:30:08 localhost kernel: IP firewall loaded
May 21 11:30:08 localhost ConsoleMessage: Starting internet services
May 21 11:30:08 localhost xinetd[309]: 309 {init_services} no services. Exiting...
May 21 11:30:18 localhost /System/Library/CoreServices/ARD Agent.app/Contents/MacOS/ARD Agent: ********Launched Agent********
May 21 11:30:22 localhost loginwindow[199]: DSOpenNode(): dsOpenDirNode("/LDAPv3/serveur.lip6.fr") == -14002
May 21 11:30:40 localhost DirectoryService[243]: saving replica list to file.
May 21 11:30:43 localhost kernel: AFP_VFS afpfs_mount: /private/var/automount/Network/Servers/serveur.lip6.fr/Volumes/D1/Utilisateurs/..., pid 327
May 21 11:30:44 localhost kernel: AFP_VFS afpfs_unmount: /private/var/automount/Network/Servers/serveur.lip6.fr/Volumes/D1/Utilisateurs/
May 21 11:30:44 localhost kernel: &=&Mac240;..., flags 524288, pid 199
May 21 11:30:44 localhost kernel: AFP_VFS afpfs_unmount: succeeded
May 21 11:30:44 localhost kernel: AFP_VFS afpfs_mount: /private/var/automount/Network/Servers/serveur.lip6.fr/Volumes/D1/Utilisateurs/..., pid 199
May 21 11:31:23 localhost /usr/libexec/fix_prebinding: fix_prebinding quitting for now.
May 21 11:49:51 localhost kernel: AFP_VFS afpfs_unmount: /private/var/automount/Network/Servers/serveur.lip6.fr/Volumes/D1/Utilisateurs/..., flags 0, pid 199
May 21 11:49:51 localhost kernel: AFP_VFS afpfs_unmount: succeeded
May 21 11:49:51 localhost loginwindow[199]: halting
May 21 11:49:51 localhost shutdown: halt by tp1:
May 21 11:49:54 localhost syslogd: exiting on signal 15

Depuis le poste client, ldapsearch -v -x -h serveur.lip6.fr -b "cn=config,dc=lip6,dc=fr" donne ceci (un extrait) :

• ldap_init( serveur.lip6.fr, 0 )
filter: (objectclass=*)
requesting: ALL
# extended LDIF
#
# LDAPv3
# filter: (objectclass=*)
# requesting: ALL
#

# config, lip6.fr
dn: cn=config,dc=lip6,dc=fr
cn: config
objectClass: container

# macosxodconfig, config, lip6.fr
dn: ou=macosxodconfig,cn=config,dc=lip6,dc=fr
ou: macosxodconfig
objectClass: top
objectClass: organizationalUnit
description:: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCFET0NUWVBF
IHBsaXN0IFBVQkxJQyAiLS8vQXBwbGUgQ29tcHV0ZXIvL0RURCBQTElTVCAxLjAvL0VOIiAiaHR0c
....
IFN1ZmZpeDwva2V5PgoJPHN0cmluZz5kYz1saXA2LGRjPWZyPC9zdHJpbmc+Cgk8a2V5PlVJIE5hb
WU8L2tleT4KCTxzdHJpbmc+MTMyLjIyNy43My4xOTwvc3RyaW5nPgo8L2RpY3Q+CjwvcGxpc3Q+Cg
==

# mcx_cache, config, lip6.fr
dn: cn=mcx_cache,cn=config,dc=lip6,dc=fr
cn: mcx_cache
objectClass: apple-configuration
objectClass: top
apple-config-realname: 55AD9A52-67B5-11D8-B668-000A95D7BCD4
apple-data-stamp: A0C94C66-A5C3-11D8-8EA8-000A95D7BCD4

# ldapreplicas, config, lip6.fr
dn: cn=ldapreplicas,cn=config,dc=lip6,dc=fr
cn: ldapreplicas
apple-ldap-replica: ldap://132.227.73.19
apple-ldap-writable-replica: ldap://132.227.73.19
objectClass: apple-configuration
objectClass: top

# passwordserver, config, lip6.fr
dn: cn=passwordserver,cn=config,dc=lip6,dc=fr
cn: passwordserver
objectClass: apple-configuration
objectClass: top
apple-password-server-location: 132.227.73.19

# search result
search: 2
result: 0 Success

# numResponses: 6
# numEntries: 5

Dans l'exemple au dessus, le champs description que j'ai tronqué est codé en base 64. Il correspond au fichier macosxodconfig.xml.

ldapsearch -v -x -h serveur.lip6.fr -b "dc=lip6,dc=fr" "uid=tp1"

• ldap_init( serveur.lip6.fr, 0 )
filter: uid=tp1
requesting: ALL
# extended LDIF
#
# LDAPv3
# filter: uid=tp1
# requesting: ALL
#

# tp1, users, lip6.fr
dn: uid=tp1,cn=users,dc=lip6,dc=fr
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: apple-user
objectClass: extensibleObject
objectClass: organizationalPerson
objectClass: top
objectClass: person
sn: 99
apple-generateduid: 9960CE3E-A5B7-11D8-8EA8-000A95D7BCD4
uidNumber: 1027
apple-mcxflags:: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPCFET0NUW
VBFIHBsaXN0IFBVQkxJQyAiLS8vQXBwbGUgQ29tcHV0ZXIvL0RURCBQTElTVCAxLjAvL0VOIiAiaH
R0cDovL3d3dy5hcHBsZS5jb20vRFREcy9Qcm9wZXJ0eUxpc3QtMS4wLmR0ZCI+CjxwbGlzdCB2ZXJ
zaW9uPSIxLjAiPgo8ZGljdD4KCTxrZXk+c2ltdWx0YW5lb3VzX2xvZ2luX2VuYWJsZWQ8L2tleT4K
CTx0cnVlLz4KPC9kaWN0Pgo8L3BsaXN0Pgo=
loginShell: /bin/bash
gidNumber: 20
uid: tp1
cn: TP1
authAuthority: ;ApplePasswordServer;0x40a4df72564595b70000000800000008,1024 35
1305596879610493126200478988963058876027273869176889841054994305932083963611
48897657156271228234946516283549630662784870911272661412275740367738244755425
81618084989547079797762827656548298568294590971365300021471988426050200815797
98199283132558949204414746009315687569748527394025767259474093836434139162995
43 root@serveur.lip6.fr:132.227.73.19
userPassword:: KioqKioqKio=
apple-user-homeurl:: PGhvbWVfZGlyPjx1cmw+YWZwOi8veC1zZXJ2ZXIubGlwNi5mci9JbnZpd
GVzPC91cmw+PHBhdGg+dHAxPC9wYXRoPjwvaG9tZV9kaXI+
homeDirectory: /Network/Servers/serveur.lip6.fr/Volumes/D1/Utilisateurs/Invit
es/tp1

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Dans l'exemple au dessus, les champs apple-mcxflags , userPassword et apple-user-homeurl sont codés en base 64.

• apple-mcxflags =
  



simultaneous_login_enabled



• userPassword = ********
• apple-user-homeurl = afp://serveur.lip6.fr/Invitestp1

Grace au programme suivant, il est possible de les décoder.

• #!/usr/bin/perl -w
#
# decode-base64

use MIME::Base64;

while (<>) {
chomp;
my ($res) = decode_base64($_);
print $res;
print "\n";
}

Côté serveur (serveur.lip6.fr), le password manager contient ceci :

sudo mkpassdb -dump

signature: pwfi
version: 1
entrySize: 0
sequenceNumber: 8
numberOfSlotsCurrentlyInFile: 512
deepestSlotUsed: 8
deepestSlotUsedByThisServer: 8

Access Features:
usingHistory=0 usingExpirationDate=0 usingHardExpirationDate=0 requiresAlpha=0 requiresNumeric=0
expirationDateGMT=4294967295 hardExpireDateGMT=4294967295 maxMinutesUntilChangePassword=0
maxMinutesUntilDisabled=0 maxMinutesOfNonUse=0 maxFailedLoginAttempts=0 minChars=0 maxChars=0 passwordCannotBeName=0

Weak Authentication Methods:
SMB-NT
SMB-LAN-MANAGER
CRYPT
APOP

Public Key: 1024 35 1305596879610493126200478988963058876027273869176889841054994305932083963611488976571562712
282349465162835496306627848709112726614122757403677382447554258161808498954707979776282765654829856829459097
136530002147198842605020081579798199283132558949204414746009315687569748527394025767259474093836434139162995
43 root@serveur.lip6.fr


Replica Name: (Parent)

slot 0001: 0x00000000000000000000000000000001 admin 05/24/2004 09:36:49 AM
slot 0002: 0x40115d5f112f55290000000200000002 admin 05/21/2004 11:45:45 AM
slot 0003: 0x40115d600fe428490000000300000003 root 05/22/2004 10:43:36 AM
slot 0004: 0x40115d6d14fb652e0000000400000004 vpn_000a958b4d06 01/23/2004 06:44:13 PM
slot 0005: 0x403cd6c461ad0aa00000000500000005 utilisateur_1 02/25/2004 06:09:24 PM
slot 0006: 0x403cd7830e72f0060000000600000006 05/14/2004 05:00:32 PM
slot 0007: 0x40a4df430b0459c90000000700000007 utilisateur_2 05/14/2004 05:01:24 PM
slot 0008: 0x40a4df72564595b70000000800000008 tp1 05/21/2004 10:16:55 PM

Sur un autre serveur w.lip6.fr :

w.lip6.fr

sudo mkpassdb -dump
Password:
signature: pwfi
version: 1
entrySize: 0
sequenceNumber: 3
numberOfSlotsCurrentlyInFile: 512
deepestSlotUsed: 3
deepestSlotUsedByThisServer: 3

Access Features:
usingHistory=0 usingExpirationDate=0 usingHardExpirationDate=0 requiresAlpha=0 requiresNumeric=0 expirationDateGMT=4294967295
hardExpireDateGMT=4294967295 maxMinutesUntilChangePassword=0 maxMinutesUntilDisabled=0 maxMinutesOfNonUse=0
maxFailedLoginAttempts=0 minChars=0 maxChars=0 passwordCannotBeName=0

Weak Authentication Methods:
SMB-NT
SMB-LAN-MANAGER
CRYPT
APOP

Public Key: 1024 35 1297090389197064319770206016993765487320805829509649297478528290763328224909
317648865642061732779432801655538131918830692522503951111053473287666225015062384578389932774
916079791985710091912019663348789396199178339367936280698912774575922475973107350154918653124
02416624925697385845157029010860441376219706001 root@w


Replica Name: (Parent)

slot 0001: 0x00000000000000000000000000000001 admin 02/05/2004 04:35:27 PM
slot 0002: 0x402262d82fdf09500000000200000002 admin 05/24/2004 09:42:17 AM
slot 0003: 0x402262e05e7636e40000000300000003 vpn_000a958b4d06 02/05/2004 04:36:01 PM

Interface LDAP RFC 2307
Utilisation des posixAccount et posixGroup.

• dn: cn=machine:/users/nom,dc=lip6,dc=fr
objectclass: mount
cn: machine:/users/nom
mountDirectory: /home/nom
mountType: nfs
mountOption: -P
mountOption: -T

Mappage LDAPv3 RFC 2307

Default Attribute Types
Record Types and Attributes -> Map to any items in list

• RecordName -> cn
• Users -> posixAccount, inetOrgPerson, shadowAccount
  • RecordName -> uid ou cn
  • RealName -> cn
  • UniqueID -> uidNumber
  • PrimaryGroupID -> gidNumber
  • NFSHomeDirectory -> homeDirectory
  • Password -> userPassword
  • UserShell -> loginShell
  • Comment -> description
  • Change -> shadowLastChange
  • Expire -> shadowExpire
  • AuthenticationAuthority -> authAuthority
• Groups -> posixGroup
  • GroupMembership -> memberUid
  • Member -> memberUid
  • PrimaryGroupID -> gidNumber
• Mounts -> mount
  • VFSLinkDir -> mountDirectory
  • VFSOpts -> mountOption
  • VFSType -> mountType
  • VFSDumpFreq -> mountDumpFrequency
  • VFSPassNo -> mountPassNo
• People -> inetOrgPerson
  • RecordName -> cn
  • RealName -> cn
  • LastName -> sn
  • FirstName -> givenName
  • EMailAddress -> mail
  • PhoneNumber -> telephoneNumber
  • FAXNumber -> fax
  • MobileNumber -> mobile
  • PagerNumber -> pager
  • AddressLine1 -> street
  • PostalAddress -> postalAddress
  • Street -> street
  • City -> locality
  • State -> st
  • PostalCode -> postalCode
  • Country -> c
  • OrganizationName -> o
  • Department -> departmentNumber
  • JobTitle -> title
  • Building -> buildingName

Log de création d'un Directory Master, login diradmin, realm SERVEUR.LIP6.FR /Library/Logs/slapconfig.log

2008-07-07 17:26:26 +0200 - slapconfig -createldapmasterandadmin
2008-07-07 17:26:26 +0200 - Creating password server slot
2008-07-07 17:26:26 +0200 - command: /usr/sbin/mkpassdb -a -u diradmin -p -q
2008-07-07 17:26:26 +0200 - command: /usr/sbin/mkpassdb -a -u root -p -q
2008-07-07 17:26:26 +0200 - command: /usr/sbin/mkpassdb -a -u nouveauserveur.lip6.fr$ -p -q
2008-07-07 17:26:26 +0200 - command: /usr/sbin/mkpassdb -setcomputeraccount 0x487235a26b8b45670000000400000004
2008-07-07 17:26:26 +0200 - Setting SASL realm to
2008-07-07 17:26:26 +0200 - command: /usr/sbin/mkpassdb -setrealm nouveauserveur.lip6.fr
2008-07-07 17:26:27 +0200 - Copied file from /etc/openldap/slapd.conf to /etc/openldap/slapd.conf.backup.
2008-07-07 17:26:29 +0200 - Starting LDAP server (slapd)
2008-07-07 17:26:29 +0200 - command: /usr/bin/ldapadd -c -x -D uid=root,cn=users,dc=lip6,dc=fr -w ****
2008-07-07 17:26:30 +0200 - command: /usr/sbin/slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
2008-07-07 17:26:30 +0200 - slaptest command output:
config file testing succeeded
2008-07-07 17:26:30 +0200 - Stopping LDAP server (slapd)
2008-07-07 17:26:31 +0200 - Starting LDAP server (slapd)
2008-07-07 17:26:32 +0200 - command: /usr/bin/ldapmodify -c -x -D uid=root,cn=users,dc=lip6,dc=fr -w ****
2008-07-07 17:26:32 +0200 - Stopping LDAP server (slapd)
2008-07-07 17:26:32 +0200 - Starting LDAP server (slapd)
2008-07-07 17:26:32 +0200 - command: /usr/bin/ldapadd -c -x -D uid=root,cn=users,dc=lip6,dc=fr -w ****
2008-07-07 17:26:32 +0200 - Attempting to open /LDAPv3/127.0.0.1 node
2008-07-07 17:26:32 +0200 - Opened /LDAPv3/127.0.0.1 node
2008-07-07 17:26:32 +0200 - Configuring Kerberos server, realm is SERVEUR.LIP6.FR
2008-07-07 17:26:32 +0200 - Removed directory at path /var/db/krb5kdc.
2008-07-07 17:26:32 +0200 - command: /sbin/kerberosautoconfig -r SERVEUR.LIP6.FR -m nouveauserveur.lip6.fr -u -v 1
2008-07-07 17:26:32 +0200 - command: /usr/sbin/kdcsetup -f /LDAPv3/127.0.0.1 -w -a diradmin -p **** -v 1 SERVEUR.LIP6.FR
2008-07-07 17:26:36 +0200 - kdcsetup command output:
Contacting the Directory Server
Authenticating to the Directory Server
Creating Kerberos directory
Creating KDC Config File
Creating Admin ACL File
Creating Kerberos Master Key
Creating Kerberos Database
Creating Kerberos Admin user
WARNING: no policy specified for diradmin@SERVEUR.LIP6.FR; defaulting to no policy
Adding kerberos auth authority to admin user
Creating keytab for the admin tools
Adding KDC & kadmind to launchd
Adding the new KDC into the KerberosClient config record
Finished
2008-07-07 17:26:36 +0200 - command: /usr/sbin/sso_util configure -x -r SERVEUR.LIP6.FR -f /LDAPv3/127.0.0.1 -a diradmin -p **** -v 1 all
2008-07-07 17:26:37 +0200 - sso_util command output:
Contacting the directory server
Creating the service list
Creating the service principals
WARNING: no policy specified for vnc/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for cifs/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for ldap/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for xgrid/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for vpn/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for ipp/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for xmpp/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for XMPP/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for host/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for smtp/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for nfs/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for http/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for HTTP/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for pop/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for imap/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for ftp/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for afpserver/nouveauserveur.lip6.fr@SERVEUR.LIP6.FR; defaulting to no policy
Creating the keytab file
Configuring services
WriteSetupFile: setup file path = /temp.JkFx/setup

2008-07-07 17:26:37 +0200 - command: /sbin/kerberosautoconfig -f /LDAPv3/127.0.0.1 -u -v 1
2008-07-07 17:26:37 +0200 - command: /usr/sbin/mkpassdb -kerberize
2008-07-07 17:26:37 +0200 - mkpassdb command output:
WARNING: no policy specified for nouveauserveur.lip6.fr$@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for root@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for diradmin@SERVEUR.LIP6.FR; defaulting to no policy
add_principal: Principal or policy already exists while creating "diradmin@SERVEUR.LIP6.FR".
WARNING: no policy specified for disabled-slot-0x1@SERVEUR.LIP6.FR; defaulting to no policy
WARNING: no policy specified for nouveauserveur.lip6.fr$@SERVEUR.LIP6.FR; defaulting to no policy
add_principal: Principal or policy already exists while creating "nouveauserveur.lip6.fr$@SERVEUR.LIP6.FR".
WARNING: no policy specified for root@SERVEUR.LIP6.FR; defaulting to no policy
add_principal: Principal or policy already exists while creating "root@SERVEUR.LIP6.FR".
WARNING: no policy specified for diradmin@SERVEUR.LIP6.FR; defaulting to no policy
add_principal: Principal or policy already exists while creating "diradmin@SERVEUR.LIP6.FR".
WARNING: no policy specified for disabled-slot-0x1@SERVEUR.LIP6.FR; defaulting to no policy
add_principal: Principal or policy already exists while creating "disabled-slot-0x1@SERVEUR.LIP6.FR".
2008-07-07 17:26:37 +0200 - command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi
2008-07-07 17:26:37 +0200 - Stopping LDAP server (slapd)
2008-07-07 17:26:37 +0200 - Starting LDAP server (slapd)
2008-07-07 17:26:37 +0200 - command: /usr/sbin/vpnaddkeyagentuser -q /LDAPv3/127.0.0.1
2008-07-07 17:26:38 +0200 - slapconfig -selfwrite
2008-07-07 17:26:38 +0200 - slapconfig -setldapconfig
2008-07-07 17:26:38 +0200 - command: /usr/sbin/mkpassdb -setreplicationinterval 300 SyncDefault
2008-07-07 17:26:38 +0200 - command: /usr/bin/ldapmodify -c -x -H ldapi://%2Fvar%2Frun%2Fldapi

Lorsqu'un Directory master est créé, le seul compte local est admin (comme avant), et trois comptes sont créés sur le LDAP : root (uid 0), diradmin(uid 1000) et vpn_124b2...5e (uid 57)
Les groupes admin (gid 80:root,diradmin), staff (gid 20:root) et com.apple.limited_admin (gid 106)

Log d'exportation d'un Directory Master

2008-07-07 17:37:59 +0200 - slapconfig -backupdb
2008-07-07 17:37:59 +0200 - 1 Backing up LDAP database
2008-07-07 17:38:00 +0200 - popen: /usr/sbin/slapcat -l /tmp/slapconfig_backup_stage68225F6H82/backup.ldif, "r"
2008-07-07 17:38:00 +0200 - Error: Command failed with exit code 256: /usr/sbin/slapcat -l /tmp/slapconfig_backup_stage68225F6H82/backup.ldif
2008-07-07 17:38:00 +0200 - popen: /bin/cp /var/db/openldap/openldap-data/DB_CONFIG /tmp/slapconfig_backup_stage68225F6H82/DB_CONFIG, "r"
2008-07-07 17:38:00 +0200 - popen: /bin/cp -r /etc/openldap /tmp/slapconfig_backup_stage68225F6H82/, "r"
2008-07-07 17:38:01 +0200 - 2 Backing up password server database
2008-07-07 17:38:01 +0200 - popen: /usr/sbin/mkpassdb -backupdb /tmp/slapconfig_backup_stage68225F6H82/passwordserver_backup/ > /dev/null, "r"
2008-07-07 17:38:02 +0200 - popen: /bin/cp -r /Library/Preferences/com.apple.passwordserver.plist /tmp/slapconfig_backup_stage68225F6H82/, "r"
2008-07-07 17:38:02 +0200 - popen: /usr/sbin/mkpassdb -list > /tmp/slapconfig_backup_stage68225F6H82/sasl-plugin-list, "r"
2008-07-07 17:38:02 +0200 - popen: /bin/hostname > /tmp/slapconfig_backup_stage68225F6H82/hostname, "r"
2008-07-07 17:38:02 +0200 - 3 Backing up Kerberos database
2008-07-07 17:38:02 +0200 - popen: /usr/sbin/kdb5_util -r LKDC:SHA1.2F4DD3294CC72602997517EAF7959E7A7AC1C605 dump > /tmp/slapconfig_backup_stage68225F6H82/kdb5dump.LKDC:SHA1.2F4DD3294CC72602997517EAF7959E7A7AC1C605.bak, "r"
2008-07-07 17:38:02 +0200 - popen: /usr/sbin/kdb5_util -r SERVEUR.LIP6.FR dump > /tmp/slapconfig_backup_stage68225F6H82/kdb5dump.SERVEUR.LIP6.FR.bak, "r"
2008-07-07 17:38:02 +0200 - popen: /usr/sbin/sso_util info -pr /LDAPv3/127.0.0.1 > /tmp/slapconfig_backup_stage68225F6H82/local_odkrb5realm, "r"
2008-07-07 17:38:02 +0200 - popen: /usr/sbin/sso_util info -pr /Local/Default > /tmp/slapconfig_backup_stage68225F6H82/local_krb5realm, "r"
2008-07-07 17:38:02 +0200 - popen: /usr/bin/tar czpf /tmp/slapconfig_backup_stage68225F6H82/krb5backup.tar.gz /var/db/krb5kdc/kdc.conf /var/db/krb5kdc/kadm5.acl /var/db/krb5kdc/kadm5.keytab /var/db/krb5kdc/.k5.* /Library/Preferences/edu.mit.Kerberos /etc/krb5.keytab , "r"
2008-07-07 17:38:03 +0200 - popen: /bin/cp /var/db/dslocal/nodes/Default/config/KerberosKDC.plist /tmp/slapconfig_backup_stage68225F6H82/KerberosKDC.plist, "r"
2008-07-07 17:38:03 +0200 - 4 Backing up configuration files
2008-07-07 17:38:03 +0200 - popen: /bin/cp /System/Library/LaunchDaemons/com.apple.PasswordService.plist /tmp/slapconfig_backup_stage68225F6H82/LaunchDaemons/, "r"
2008-07-07 17:38:03 +0200 - popen: /bin/cp /System/Library/LaunchDaemons/org.openldap.slapd.plist /tmp/slapconfig_backup_stage68225F6H82/LaunchDaemons/, "r"
2008-07-07 17:38:03 +0200 - popen: /bin/cp /System/Library/LaunchDaemons/org.openldap.slurpd.plist /tmp/slapconfig_backup_stage68225F6H82/LaunchDaemons/, "r"
2008-07-07 17:38:03 +0200 - popen: /bin/cp /System/Library/LaunchDaemons/com.apple.kdcmond.plist /tmp/slapconfig_backup_stage68225F6H82/LaunchDaemons/, "r"
2008-07-07 17:38:03 +0200 - popen: /bin/cp /System/Library/LaunchDaemons/edu.mit.kadmind.plist /tmp/slapconfig_backup_stage68225F6H82/LaunchDaemons/, "r"
2008-07-07 17:38:03 +0200 - popen: /bin/cp /System/Library/LaunchDaemons/smbd.plist /tmp/slapconfig_backup_stage68225F6H82/LaunchDaemons/, "r"
2008-07-07 17:38:03 +0200 - popen: /bin/cp -r /Library/Preferences/DirectoryService /tmp/slapconfig_backup_stage68225F6H82/, "r"
2008-07-07 17:38:03 +0200 - 5 Backing up local directory database
2008-07-07 17:38:03 +0200 - popen: /bin/cp /Library/Preferences/com.apple.openldap.plist /tmp/slapconfig_backup_stage68225F6H82/, "r"
2008-07-07 17:38:03 +0200 - popen: /usr/bin/sw_vers > /tmp/slapconfig_backup_stage68225F6H82/version.txt, "r"
2008-07-07 17:38:03 +0200 - popen: /bin/cp -r /var/db/dslocal /tmp/slapconfig_backup_stage68225F6H82/, "r"
2008-07-07 17:38:06 +0200 - popen: /usr/bin/tar czpf /tmp/slapconfig_backup_stage68225F6H82/shadowbackup.tar.gz /var/db/shadow, "r"
2008-07-07 17:38:06 +0200 - popen: /usr/bin/tar czpf /tmp/slapconfig_backup_stage68225F6H82/sambabackup.tar.gz /var/db/samba /etc/smb.conf, "r"
2008-07-07 17:38:06 +0200 - Backed Up Keycahin
2008-07-07 17:38:06 +0200 - 6 Creating archive
2008-07-07 17:38:06 +0200 - command: /usr/bin/hdiutil create -ov -quiet -plist -puppetstrings -layout UNIVERSAL CD -fs HFS+ -volname ldap_bk -srcfolder /tmp/slapconfig_backup_stage68225F6H82 -format SPARSE -encryption AES-256 -stdinpass /Volumes/D1/Configurations/2008-07-07/sauv
2008-07-07 17:38:19 +0200 - Removed directory at path /tmp/slapconfig_backup_stage68225F6H82.

Log d'importation d'un Open Directory Master (qui ne fonctionne pas)

2008-07-07 17:48:15 +0200 - slapconfig -mergedb
2008-07-07 17:48:15 +0200 - command: /usr/bin/hdiutil attach /Volumes/Sans titre/sauv.sparseimage -readonly
2008-07-07 17:48:16 +0200 - hdiutil command output:
hdiutil: attach failed - Erreur d'authentification
2008-07-07 17:48:16 +0200 - hdiutil command failed with status 1
2008-07-07 17:48:16 +0200 - command: /usr/bin/hdiutil attach -stdinpass /Volumes/Sans titre/sauv.sparseimage -readonly
2008-07-07 17:48:17 +0200 - Disk name disk3
2008-07-07 17:48:17 +0200 - 1 Merging Kerberos database
2008-07-07 17:48:17 +0200 - popen: cd /tmp/slapconfig_restore_stage2023eT5lWo;/usr/bin/tar xzpf /Volumes/ldap_bk/krb5backup.tar.gz, "r"
2008-07-07 17:48:17 +0200 - Copied file from /Volumes/ldap_bk/kdb5dump.SERVEUR.LIP6.FR.bak to /tmp/slapconfig_restore_stage2023eT5lWo/kdb5dump.SERVEUR.LIP6.FR.bak.
2008-07-07 17:48:17 +0200 - command: /usr/sbin/kdb5_util -r SERVEUR.LIP6.FR dump -new_mkey_file /tmp/slapconfig_restore_stage2023eT5lWo/var/db/krb5kdc/.k5.SERVEUR.LIP6.FR /tmp/slapconfig_restore_stage2023eT5lWo/kdb5backup.bak
2008-07-07 17:48:17 +0200 - Copied directory from /var/db/krb5kdc to /var/db/krb5kdc.pre-merge.
2008-07-07 17:48:17 +0200 - command: /bin/cp /tmp/slapconfig_restore_stage2023eT5lWo/var/db/krb5kdc/.k5.SERVEUR.LIP6.FR /var/db/krb5kdc/
2008-07-07 17:48:17 +0200 - command: /usr/sbin/kdb5_util -r SERVEUR.LIP6.FR load -update /tmp/slapconfig_restore_stage2023eT5lWo/kdb5dump.SERVEUR.LIP6.FR.bak
2008-07-07 17:48:18 +0200 - command: /usr/sbin/kdb5_util -r SERVEUR.LIP6.FR load -update /tmp/slapconfig_restore_stage2023eT5lWo/kdb5backup.bak
2008-07-07 17:48:18 +0200 - 2 Merging Password Server data
2008-07-07 17:48:18 +0200 - command: /usr/sbin/mkpassdb -mergeparent /Volumes/ldap_bk/passwordserver_backup/ /Volumes/ldap_bk/id_omitfile
2008-07-07 17:48:18 +0200 - 3 Merging LDAP database
2008-07-07 17:48:18 +0200 - Stopping LDAP server (slapd)
2008-07-07 17:48:18 +0200 - popen: /usr/sbin/slapadd -c -l /tmp/slapconfig_stage2023WJmgjh/backup2023.ldif, "w"
2008-07-07 17:48:18 +0200 - Error: command failed with exit code 256: /usr/sbin/slapadd -c -l /tmp/slapconfig_stage2023WJmgjh/backup2023.ldif
2008-07-07 17:48:18 +0200 - Starting LDAP server (slapd)
2008-07-07 17:48:18 +0200 - popen: cd /;/usr/bin/tar xzpf /Volumes/ldap_bk/sambabackup.tar.gz, "w"
2008-07-07 17:48:18 +0200 - Copied file from /Volumes/ldap_bk/LaunchDaemons/smbd.plist to /System/Library/LaunchDaemons/smbd.plist.
2008-07-07 17:48:18 +0200 - command: /bin/launchctl load /System/Library/LaunchDaemons/smbd.plist
2008-07-07 17:48:18 +0200 - Removed directory at path /tmp/slapconfig_stage2023WJmgjh.
2008-07-07 17:48:18 +0200 - command: /usr/bin/hdiutil detach disk3

Contournement de l'erreur

Je n'ai pas trouvé le script qui est lancé lors de l'importation d'un Open Directory Master, c'est en fait dans la commande slapconfig -mergedb
J'ai donc lancé la commande slapconfig -mergedb en lui donnant le fichier .sparseimage en paramètre.
Cela se plante donc sur la commande /usr/sbin/slapadd
Pour connaître le paramètre passé à cette commande, j'ai stoppé le script en cours de route afin d'éviter la dernièer commande qui supprime /tmp
Finalement, le contenu du fichier passé en paramètre n'est que la création de deux éléments racines de la base LDAP.

dn: dc=lip6,dc=fr
dc: lip6
objectClass: domain
entryUUID: 327815e6-5904-1029-934d-e672c51492e1
creatorsName: uid=root,cn=users,dc=lip6,dc=fr
createTimestamp: 20050514204048Z
entryCSN: 2005051420:40:48Z#0x0001#0#0000
modifiersName: uid=root,cn=users,dc=lip6,dc=fr
modifyTimestamp: 20050514204048Z
structuralObjectClass: domain

dn: cn=config,dc=lip6,dc=fr
cn: config
objectClass: container
entryUUID: 32794d3a-5904-1029-934e-e672c51492e1
creatorsName: uid=root,cn=users,dc=lip6,dc=fr
createTimestamp: 20050514204048Z
entryCSN: 2005051420:40:48Z#0x0002#0#0000
modifiersName: uid=root,cn=users,dc=lip6,dc=fr
modifyTimestamp: 20050514204048Z
structuralObjectClass: container

Je crée un faux slapadd qui fait appel au vrai (c'était un lien symbolique vers ../libexec/slapd) et qui rend un code d'erreur 0 pour laisser continuer le script.

remplacement du #!/bin/sh
# remplacant de /usr/sbin/slapadd
echo patch slapadd
echo $*
../libexec/slapd -v $*
exit 0

Enfin, j'ai pu faire l'importation qui a bien pris les mots de passe mais pas les comptes, j'ai donc utilisé ldapbrowser pour exporter users.ldif et groups.ldif et je les ai importé dans le nouveau serveur. Dans le fichier users, j'ai supprimé le compte root pour éviter le doublon. Dans le fichier groups, j'ai supprimé admin.
On peut peut-être en profiter pour corriger les sn=99 créés par une ancienne version de MacOS X Server !
sn devrait être le nom de famille et givenName le prénom

Log d'importation d'un Open Directory Master (qui fonctionne)

2009-07-24 14:59:59 +0200 - 1 Merging Kerberos database
2009-07-24 14:59:59 +0200 - popen: cd /tmp/slapconfig_restore_stage1686VdygU1;/usr/bin/tar xzpf /Volumes/ldap_bk/krb5backup.tar.gz, "r"
2009-07-24 15:00:00 +0200 - Copied file from /Volumes/ldap_bk/kdb5dump.SERVEUR.LIP6.FR.bak to /tmp/slapconfig_restore_stage1686VdygU1/kdb5dump.SERVEUR.LIP6.FR.bak.
2009-07-24 15:00:00 +0200 - command: /usr/sbin/kdb5_util -r SERVEUR.LIP6.FR dump -new_mkey_file /tmp/slapconfig_restore_stage1686VdygU1/var/db/krb5kdc/.k5.SERVEUR.LIP6.FR /tmp/slapconfig_restore_stage1686VdygU1/kdb5backup.bak
2009-07-24 15:00:00 +0200 - Copied directory from /var/db/krb5kdc to /var/db/krb5kdc.pre-merge.
2009-07-24 15:00:00 +0200 - command: /bin/cp /tmp/slapconfig_restore_stage1686VdygU1/var/db/krb5kdc/.k5.SERVEUR.LIP6.FR /var/db/krb5kdc/
2009-07-24 15:00:00 +0200 - command: /usr/sbin/kdb5_util -r SERVEUR.LIP6.FR load -update /tmp/slapconfig_restore_stage1686VdygU1/kdb5dump.SERVEUR.LIP6.FR.bak
2009-07-24 15:00:00 +0200 - command: /usr/sbin/kdb5_util -r SERVEUR.LIP6.FR load -update /tmp/slapconfig_restore_stage1686VdygU1/kdb5backup.bak
2009-07-24 15:00:00 +0200 - 2 Merging Password Server data
2009-07-24 15:00:00 +0200 - command: /usr/sbin/mkpassdb -mergeparent /Volumes/ldap_bk/passwordserver_backup/ /Volumes/ldap_bk/id_omitfile
2009-07-24 15:00:00 +0200 - 3 Merging LDAP database
2009-07-24 15:00:00 +0200 - Stopping LDAP server (slapd)
2009-07-24 15:00:00 +0200 - popen: /usr/sbin/slapadd -c -l /tmp/slapconfig_stage16869W6yN3/backup1686.ldif, "w"
2009-07-24 15:00:01 +0200 - Starting LDAP server (slapd)
2009-07-24 15:00:02 +0200 - popen: cd /;/usr/bin/tar xzpf /Volumes/ldap_bk/sambabackup.tar.gz, "w"
2009-07-24 15:00:02 +0200 - Copied file from /Volumes/ldap_bk/LaunchDaemons/smbd.plist to /System/Library/LaunchDaemons/smbd.plist.
2009-07-24 15:00:02 +0200 - command: /bin/launchctl load /System/Library/LaunchDaemons/smbd.plist
2009-07-24 15:00:02 +0200 - launchctl command output:
nothing found to load
2009-07-24 15:00:02 +0200 - launchctl command failed with status 1
2009-07-24 15:00:02 +0200 - Removed directory at path /tmp/slapconfig_stage16869W6yN3.
2009-07-24 15:00:02 +0200 - command: /usr/bin/hdiutil detach disk1

Log de passage Open Directory Master -> Open Directory Standalone

2008-07-07 17:54:24 +0200 - slapconfig -destroyldapserver
2008-07-07 17:54:24 +0200 - removing GUID F64E6F87-EC53-4274-8492-9AB29BE9A4B1 from local admin group.
2008-07-07 17:54:24 +0200 - removing short name diradmin from local admin group.
2008-07-07 17:54:24 +0200 - command: /usr/sbin/sso_util remove -k -d -s -c -n -r SERVEUR.LIP6.FR -v 1
2008-07-07 17:54:27 +0200 - sso_util command output:
shutting down kadmind
kadmind shut down
shutting down kdc
kdc shut down
Not removing the admin user as admin name entered is NULL
removing kdc database files
2008-07-07 17:54:28 +0200 - Stopping LDAP server (slapd)
2008-07-07 17:54:28 +0200 - Stopping LDAP replicator (slurpd)
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/__db.001.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/__db.002.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/__db.003.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/__db.004.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/__db.005.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/apple-serviceinfo.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/apple-serviceslocator.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/cn.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/dn2id.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/givenName.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/id2entry.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/log.0000000001.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/macAddress.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/memberUid.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/objectClass.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/ou.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/sn.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/uid.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb.
2008-07-07 17:54:28 +0200 - Removed file at path /etc/openldap/slapd_macosxserver.conf.
2008-07-07 17:54:28 +0200 - Removed file at path /etc/openldap/slapd.conf.
2008-07-07 17:54:28 +0200 - Copied file from /etc/openldap/slapd.conf.default to /etc/openldap/slapd.conf.
2008-07-07 17:54:28 +0200 - Removed file at path /etc/openldap/rootDSE.ldif.
2008-07-07 17:54:28 +0200 - Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist.
2008-07-07 17:54:28 +0200 - Removed directory at path /etc/openldap/slapd.d/cn=config.
2008-07-07 17:54:28 +0200 - Removed file at path /etc/openldap/slapd.d/cn=config.ldif.
2008-07-07 17:54:28 +0200 - Removed directory at path /etc/openldap/slapd.d.
2008-07-07 17:54:28 +0200 - Removed directory at path /etc/openldap/slapd.d.backup/cn=config.
2008-07-07 17:54:28 +0200 - Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif.
2008-07-07 17:54:28 +0200 - Removed directory at path /etc/openldap/slapd.d.backup.
2008-07-07 17:54:28 +0200 - command: /usr/sbin/kdcsetup -e
2008-07-07 17:54:33 +0200 - command: /usr/sbin/mkpassdb -u disabled-slot-0x1 -p -q
2008-07-07 17:54:34 +0200 - command: /usr/sbin/mkpassdb -key
2008-07-07 17:54:40 +0200 - Removed file at path /Library/Preferences/com.apple.passwordserver.plist.
2008-07-07 17:54:40 +0200 - slapconfig -setstandalone
2008-07-07 17:54:40 +0200 - slapconfig -setmacosxodpolicy

2004-2008

FutureShare  |  Glossaire  |