mnthome
.
ldapsearch -v -x -h serveur.lip6.fr -b "cn=config,dc=lip6,dc=fr"
ldapsearch -v -x -h serveur.lip6.fr -b "dc=lip6,dc=fr" "uid=tp1"
sudo mkpassdb -dump
Lors de la création d'un nouvel utilisateur par le gestionnaire de groupe de travail (workgroup Manager), juste au début :
Erreur de type eDSRecordAlreadyExists (-14135) sur la ligne 1189 de /SourceCache/WorkgroupManager/WorkgroupManager-319.1.1/PMMUGMainView.mm
Cela semble venir du numéro d'uid attribué qui semble déjà utilisé. Il suffit de recommencer plusieurs fois et ça remarche ! Cela m'est arrivé lorsque j'ai supprimé des utilisateurs puis créé d'autres utilisateurs.
Lors de la création d'un nouvel utilisateur par le gestionnaire de groupe de travail (workgroup Manager) : au moment ou on clique sur save, plusieurs messages :
Error of type eDSRecordNotFound (-14136) on line 255 of /SourceCache/WorkgroupManager/WorkgroupManager-319.1.1/Plugins/UserAccounts/../../Plugins/UserAccounts/UserGroupPluginView.mm
Error of type eDSRecordNotFound (-14136) on line 2002 of /SourceCache/WorkgroupManager/WorkgroupManager-319.1.1/Plugins/UserAccounts/UserAdvancedPluginView.mm
Error of type eDSRecordNotFound (-14136) on line 1347 of /SourceCache/WorkgroupManager/WorkgroupManager-319.1.1/Plugins/UserAccounts/UserVolumesPluginView.mm
L'uid a pris la valeur Untitled_1, chose très étrange, l'aborescence LDAP n'a pas créé uid=login sous cn=users puis mais au niveau au même niveau que cn=user, il y a un uid=login,cn=users et il est impossible de le détruire. Impossible non plus de renommer Untitled_1.
Solution temporaire, ne plus utiliser ce login
L'application de Server Admin permet de sauvegarder tous les paramètres du serveur dans une image disque protégée par un mot de passe. Il est possible de faire la meme chose en ligne de commande. Voir article sur afp548.
Voir le script ODback.
Migration des comptes et mots de passe de MacOS X v10.3 à v10.4.
Sauvegarde des comptes et mots de passe (issu de la référence précédente)
sudo mkdir /path/to/backup_directory sudo chmod og-rxw /path/to/backup_directory sudo slapcat -l /path/to/backup_directory/server.ldif sudo mkpassdb -backupdb /path/to/backup_directory
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent
Voici le compte lorsque qu'on se connecte en ssh sur une machine (autre que le serveur) utilisant un montage afp pour le compte :
d--------- 3 tp1 unknown 264 11 Jan 15:03 Desktop d--------- 9 tp1 unknown 264 1 Feb 10:24 Documents d--------- 18 tp1 unknown 568 24 Jan 11:33 Library d--------- 3 tp1 unknown 264 11 Jan 15:03 Movies d--------- 3 tp1 unknown 264 11 Jan 15:03 Music d--------- 3 tp1 unknown 264 11 Jan 15:03 Pictures dr-xr-xr-x 4 tp1 unknown 264 11 Jan 15:03 Public dr-xr-xr-x 6 tp1 unknown 264 11 Jan 15:03 Sites
Quand on ne voit pas que ceci !
machine:~ tp1$ ls -al drwxr-xr-x 4 tp1 staff 136 1 Feb 23:28 Library
Bref, on ne peut rien faire car le montage de la partition a été faite (au démarrage de la machine ?) en invité. Pour obtenir les droit corrects il faut utiliser la commande mnthome
(exécutable livré avec MacOS X server qui fonctionne très bien sur MacOS 'non server').
tp1$ mnthome Password: AFP mount information for /private/Network/Servers/serveur.lip6.fr/Volumes/D1/Utilisateurs/Invites The sharepoint (Invites) was mounted with authentication by: tp1
On obtient ceci
drwx------ 8 tp1 staff 264 2 Jun 2004 Desktop drwx------ 4 tp1 staff 264 5 Jul 2004 Documents drwx------ 22 tp1 staff 704 1 Oct 18:28 Library drwx------ 3 tp1 staff 264 14 May 2004 Movies drwx------ 3 tp1 staff 264 14 May 2004 Music drwx------ 3 tp1 staff 264 14 May 2004 Pictures drwxr-xr-x 5 tp1 staff 264 21 May 2004 Public drwxr-xr-x 6 tp1 staff 264 14 May 2004 Sites
C'est bien mais ce n'est pas vraiment prévu pour le multi-utilisateur dans la mesure où la partition est monté par le dernier qui tape mnthome
!
Du coup, il faudrait par exemple que chacun ait son point de montage (alors que par défaut, le point de montage est sur le répertoire au dessus du répertoire de départ). Il faut aussi rajouter un bit 's' sinon on obtient ceci pour un autre utilisateur :
un_autre$ mnthome Unmounting of share point at /private/Network/Servers/serveur.lip6.fr/Volumes/D1/Utilisateurs/Perm failed (1 Operation not permitted). AFP mount information for /private/Network/Servers/serveur.lip6.fr/Volumes/D1/Utilisateurs/Perm The sharepoint (Perm) was mounted by: tp1 Sharepoint was mounted without authentication. Sharepoint is using synthetic permissions bits mapped from 'effective' permissions.
bref, il faudrait autre chose pour MacOS X Server 10.4 !
PS: Ca marche par contre correctement via NFS mais on ne peut pas vraiment déployer du NFS entre sous-réseaux (problèmes de routage et de sécurité).
Après une mise à jour de MacOS X Server 10.5.3 certains postes client ne retrouvent pas le serveur LDAP avec des messages :
DirectoryService[48]: DSLDAPv3PlugIn: [machine] LDAP server config not updated with server mappings due to server mappings error.
DirectoryService[48]: LDAPv3: SafeOpen Can't retrieve server mappings from search base of
DirectoryService[48]: LDAPv3: SafeOpen Cannot retrieve server mappings at this time.
Le problème provenait de l'utilitaire Utilitaire d'annuaire (Directory Utility) qui garde visiblement une mauvaise configuration. Pour corriger cela il faut :
Ensuite, (redémarrer ?) et recommencer la configuration de Format du Répertoire sans erreur :)
Je viens de passer très longtemps sur un poste client ne retrouvant pas le serveur LDAP avec des messages :
/System/Library/LoginPlugins/MCX.loginPlugin/Contents/MacOS/MCXCacher: DSOpenNode(): dsOpenDirNode("/LDAPv3/mon.server.fr") == -14002
Le problème provenait de l'utilitaire Format du Répertoire (Directory Access) qui garde visiblement une mauvaise configuration même si on la corrige. Pour corriger cela il faut :
Ensuite, (redémarrer ?) et recommencer la configuration de Format du Répertoire sans erreur :)
May 21 2004 11:31:30 RSAPUBLIC: ok
May 21 2004 11:31:30 RSAVALIDATE: success.
May 21 2004 11:31:30 AUTH: {0x40a4df72564595b70000000800000008, tp1} requested mechanism DIGEST-MD5.
May 21 2004 11:31:30 AUTH2: {0x40a4df72564595b70000000800000008, tp1} authentication succeeded.
May 21 2004 11:31:32 RSAPUBLIC: ok
May 21 2004 11:31:32 RSAVALIDATE: success.
May 21 2004 11:31:32 AUTH: {0x40a4df72564595b70000000800000008, tp1} requested mechanism DIGEST-MD5.
May 21 2004 11:31:32 AUTH2: {0x40a4df72564595b70000000800000008, tp1} authentication succeeded.
May 21 2004 11:31:32 QUIT: {0x40a4df72564595b70000000800000008, tp1} has disconnected.
May 21 2004 11:31:32 RSAPUBLIC: ok
May 21 2004 11:31:32 RSAVALIDATE: success.
May 21 2004 11:31:32 AUTH: {0x40a4df72564595b70000000800000008, tp1} requested mechanism DIGEST-MD5.
May 21 2004 11:31:32 AUTH2: {0x40a4df72564595b70000000800000008, tp1} authentication succeeded.
May 21 2004 11:31:32 QUIT: {0x40a4df72564595b70000000800000008, tp1} has disconnected.
Cela doit se faire avec la commande changeip
.
May 21 11:29:24 localhost init: kernel security level changed from 0 to 1 May 21 11:29:27 localhost configd[89]: posting notification com.apple.system.config.network_change May 21 11:29:27 localhost configd[89]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-network May 21 11:29:27 localhost mach_init[2]: Server 22a3 in bootstrap d03 uid 0: "/usr/sbin/lookupd": exited as a result of signal 1 [pid 119] May 21 11:29:28 localhost lookupd[201]: lookupd (version 324) starting - Fri May 21 11:29:28 2004 May 21 11:29:28 localhost ConsoleMessage: Starting network file system May 21 11:29:29 localhost automount[234]: automount version 57 May 21 11:29:30 localhost automount[237]: automount version 57 May 21 11:29:31 localhost automount[234]: logout notification received. May 21 11:29:31 localhost automount[234]: requesting logout processing. May 21 11:29:31 localhost automount[237]: logout notification received. May 21 11:29:31 localhost automount[237]: requesting logout processing. May 21 11:29:31 localhost automount[234]: handle_deferred_requests: user logged out. May 21 11:29:31 localhost automount[237]: handle_deferred_requests: user logged out. May 21 11:29:31 localhost loginwindow[199]: Sent launch request message to DirectoryService mach_init port May 21 11:29:31 localhost DirectoryService[243]: Launched version 1.6 (v255.1.1) May 21 11:30:04 localhost DirectoryService[243]: InitLDAPConnection or ldap_init failure: Logging Failed LDAP connection with incomplete data May 21 11:30:05 localhost configd[89]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/set-hostname May 21 11:30:05 localhost configd[89]: posting notification com.apple.system.config.network_change May 21 11:30:05 localhost mach_init[2]: Server 0 in bootstrap d03 uid 0: "/usr/sbin/lookupd": exited as a result of signal 1 [pid 201] May 21 11:30:06 localhost lookupd[255]: lookupd (version 324) starting - Fri May 21 11:30:06 2004 May 21 11:30:06 localhost ConsoleMessage: Loading Shared IP extension May 21 11:30:06 localhost ConsoleMessage: Starting printing services May 21 11:30:07 localhost set-hostname[301]: setting hostname to admin7.lip6.fr May 21 11:30:07 localhost ConsoleMessage: Loading IP Firewall extension May 21 11:30:08 localhost kernel: IP packet filtering initialized, divert enabled, rule-based forwarding enabled, default to accept, logging disabled May 21 11:30:08 localhost kernel: IPv6 packet filtering initialized, default to accept, logging disabled May 21 11:30:08 localhost kernel: IP firewall loaded May 21 11:30:08 localhost ConsoleMessage: Starting internet services May 21 11:30:08 localhost xinetd[309]: 309 {init_services} no services. Exiting... May 21 11:30:18 localhost /System/Library/CoreServices/ARD Agent.app/Contents/MacOS/ARD Agent: ********Launched Agent******** May 21 11:30:22 localhost loginwindow[199]: DSOpenNode(): dsOpenDirNode("/LDAPv3/serveur.lip6.fr") == -14002 May 21 11:30:40 localhost DirectoryService[243]: saving replica list to file. May 21 11:30:43 localhost kernel: AFP_VFS afpfs_mount: /private/var/automount/Network/Servers/serveur.lip6.fr/Volumes/D1/Utilisateurs/..., pid 327 May 21 11:30:44 localhost kernel: AFP_VFS afpfs_unmount: /private/var/automount/Network/Servers/serveur.lip6.fr/Volumes/D1/Utilisateurs/ May 21 11:30:44 localhost kernel: &=&Mac240;..., flags 524288, pid 199 May 21 11:30:44 localhost kernel: AFP_VFS afpfs_unmount: succeeded May 21 11:30:44 localhost kernel: AFP_VFS afpfs_mount: /private/var/automount/Network/Servers/serveur.lip6.fr/Volumes/D1/Utilisateurs/..., pid 199 May 21 11:31:23 localhost /usr/libexec/fix_prebinding: fix_prebinding quitting for now. May 21 11:49:51 localhost kernel: AFP_VFS afpfs_unmount: /private/var/automount/Network/Servers/serveur.lip6.fr/Volumes/D1/Utilisateurs/..., flags 0, pid 199 May 21 11:49:51 localhost kernel: AFP_VFS afpfs_unmount: succeeded May 21 11:49:51 localhost loginwindow[199]: halting May 21 11:49:51 localhost shutdown: halt by tp1: May 21 11:49:54 localhost syslogd: exiting on signal 15
Dans l'exemple au dessus, le champs description
que j'ai tronqué est codé en base 64. Il correspond au fichier macosxodconfig.xml.
Dans l'exemple au dessus, les champs apple-
mcxflags
, userPassword
et apple-user-homeurl
sont codés en base 64.
apple-mcxflags
=
simultaneous_login_enabled
userPassword
= ********
apple-user-homeurl
= afp://serveur.lip6.fr/Invites tp1
Grace au programme suivant, il est possible de les décoder.
#!/usr/bin/perl -w
#
# decode-base64
use MIME::Base64;
while (<>) {
chomp;
my ($res) = decode_base64($_);
print $res;
print "\n";
}
sudo mkpassdb -dump signature: pwfi version: 1 entrySize: 0 sequenceNumber: 8 numberOfSlotsCurrentlyInFile: 512 deepestSlotUsed: 8 deepestSlotUsedByThisServer: 8 Access Features: usingHistory=0 usingExpirationDate=0 usingHardExpirationDate=0 requiresAlpha=0 requiresNumeric=0 expirationDateGMT=4294967295 hardExpireDateGMT=4294967295 maxMinutesUntilChangePassword=0 maxMinutesUntilDisabled=0 maxMinutesOfNonUse=0 maxFailedLoginAttempts=0 minChars=0 maxChars=0 passwordCannotBeName=0 Weak Authentication Methods: SMB-NT SMB-LAN-MANAGER CRYPT APOP Public Key: 1024 35 1305596879610493126200478988963058876027273869176889841054994305932083963611488976571562712 282349465162835496306627848709112726614122757403677382447554258161808498954707979776282765654829856829459097 136530002147198842605020081579798199283132558949204414746009315687569748527394025767259474093836434139162995 43 root@serveur.lip6.fr Replica Name: (Parent) slot 0001: 0x00000000000000000000000000000001 admin 05/24/2004 09:36:49 AM slot 0002: 0x40115d5f112f55290000000200000002 admin 05/21/2004 11:45:45 AM slot 0003: 0x40115d600fe428490000000300000003 root 05/22/2004 10:43:36 AM slot 0004: 0x40115d6d14fb652e0000000400000004 vpn_000a958b4d06 01/23/2004 06:44:13 PM slot 0005: 0x403cd6c461ad0aa00000000500000005 utilisateur_1 02/25/2004 06:09:24 PM slot 0006: 0x403cd7830e72f0060000000600000006 05/14/2004 05:00:32 PM slot 0007: 0x40a4df430b0459c90000000700000007 utilisateur_2 05/14/2004 05:01:24 PM slot 0008: 0x40a4df72564595b70000000800000008 tp1 05/21/2004 10:16:55 PM
Sur un autre serveur w.lip6.fr :
w.lip6.fr sudo mkpassdb -dump Password: signature: pwfi version: 1 entrySize: 0 sequenceNumber: 3 numberOfSlotsCurrentlyInFile: 512 deepestSlotUsed: 3 deepestSlotUsedByThisServer: 3 Access Features: usingHistory=0 usingExpirationDate=0 usingHardExpirationDate=0 requiresAlpha=0 requiresNumeric=0 expirationDateGMT=4294967295 hardExpireDateGMT=4294967295 maxMinutesUntilChangePassword=0 maxMinutesUntilDisabled=0 maxMinutesOfNonUse=0 maxFailedLoginAttempts=0 minChars=0 maxChars=0 passwordCannotBeName=0 Weak Authentication Methods: SMB-NT SMB-LAN-MANAGER CRYPT APOP Public Key: 1024 35 1297090389197064319770206016993765487320805829509649297478528290763328224909 317648865642061732779432801655538131918830692522503951111053473287666225015062384578389932774 916079791985710091912019663348789396199178339367936280698912774575922475973107350154918653124 02416624925697385845157029010860441376219706001 root@w Replica Name: (Parent) slot 0001: 0x00000000000000000000000000000001 admin 02/05/2004 04:35:27 PM slot 0002: 0x402262d82fdf09500000000200000002 admin 05/24/2004 09:42:17 AM slot 0003: 0x402262e05e7636e40000000300000003 vpn_000a958b4d06 02/05/2004 04:36:01 PM
Interface LDAP RFC 2307 Utilisation des posixAccount et posixGroup.
dn: cn=machine:/users/nom,dc=lip6,dc=fr
objectclass: mount
cn: machine:/users/nom
mountDirectory: /home/nom
mountType: nfs
mountOption: -P
mountOption: -T
Default Attribute Types Record Types and Attributes -> Map to any items in list
2008-07-07 17:26:26 +0200 - slapconfig -createldapmasterandadmin
2008-07-07 17:26:26 +0200 - Creating password server slot
2008-07-07 17:26:26 +0200 - command: /usr/sbin/mkpassdb -a -u diradmin -p -q
2008-07-07 17:26:26 +0200 - command: /usr/sbin/mkpassdb -a -u root -p -q
2008-07-07 17:26:26 +0200 - command: /usr/sbin/mkpassdb -a -u nouveauserveur.lip6.fr$ -p -q
2008-07-07 17:26:26 +0200 - command: /usr/sbin/mkpassdb -setcomputeraccount 0x487235a26b8b45670000000400000004
2008-07-07 17:26:26 +0200 - Setting SASL realm to
Lorsqu'un Directory master est créé, le seul compte local est admin (comme avant), et trois comptes sont créés sur le LDAP : root (uid 0), diradmin(uid 1000) et vpn_124b2...5e (uid 57) Les groupes admin (gid 80:root,diradmin), staff (gid 20:root) et com.apple.limited_admin (gid 106)
2008-07-07 17:37:59 +0200 - slapconfig -backupdb 2008-07-07 17:37:59 +0200 - 1 Backing up LDAP database 2008-07-07 17:38:00 +0200 - popen: /usr/sbin/slapcat -l /tmp/slapconfig_backup_stage68225F6H82/backup.ldif, "r" 2008-07-07 17:38:00 +0200 - Error: Command failed with exit code 256: /usr/sbin/slapcat -l /tmp/slapconfig_backup_stage68225F6H82/backup.ldif 2008-07-07 17:38:00 +0200 - popen: /bin/cp /var/db/openldap/openldap-data/DB_CONFIG /tmp/slapconfig_backup_stage68225F6H82/DB_CONFIG, "r" 2008-07-07 17:38:00 +0200 - popen: /bin/cp -r /etc/openldap /tmp/slapconfig_backup_stage68225F6H82/, "r" 2008-07-07 17:38:01 +0200 - 2 Backing up password server database 2008-07-07 17:38:01 +0200 - popen: /usr/sbin/mkpassdb -backupdb /tmp/slapconfig_backup_stage68225F6H82/passwordserver_backup/ > /dev/null, "r" 2008-07-07 17:38:02 +0200 - popen: /bin/cp -r /Library/Preferences/com.apple.passwordserver.plist /tmp/slapconfig_backup_stage68225F6H82/, "r" 2008-07-07 17:38:02 +0200 - popen: /usr/sbin/mkpassdb -list > /tmp/slapconfig_backup_stage68225F6H82/sasl-plugin-list, "r" 2008-07-07 17:38:02 +0200 - popen: /bin/hostname > /tmp/slapconfig_backup_stage68225F6H82/hostname, "r" 2008-07-07 17:38:02 +0200 - 3 Backing up Kerberos database 2008-07-07 17:38:02 +0200 - popen: /usr/sbin/kdb5_util -r LKDC:SHA1.2F4DD3294CC72602997517EAF7959E7A7AC1C605 dump > /tmp/slapconfig_backup_stage68225F6H82/kdb5dump.LKDC:SHA1.2F4DD3294CC72602997517EAF7959E7A7AC1C605.bak, "r" 2008-07-07 17:38:02 +0200 - popen: /usr/sbin/kdb5_util -r SERVEUR.LIP6.FR dump > /tmp/slapconfig_backup_stage68225F6H82/kdb5dump.SERVEUR.LIP6.FR.bak, "r" 2008-07-07 17:38:02 +0200 - popen: /usr/sbin/sso_util info -pr /LDAPv3/127.0.0.1 > /tmp/slapconfig_backup_stage68225F6H82/local_odkrb5realm, "r" 2008-07-07 17:38:02 +0200 - popen: /usr/sbin/sso_util info -pr /Local/Default > /tmp/slapconfig_backup_stage68225F6H82/local_krb5realm, "r" 2008-07-07 17:38:02 +0200 - popen: /usr/bin/tar czpf /tmp/slapconfig_backup_stage68225F6H82/krb5backup.tar.gz /var/db/krb5kdc/kdc.conf /var/db/krb5kdc/kadm5.acl /var/db/krb5kdc/kadm5.keytab /var/db/krb5kdc/.k5.* /Library/Preferences/edu.mit.Kerberos /etc/krb5.keytab , "r" 2008-07-07 17:38:03 +0200 - popen: /bin/cp /var/db/dslocal/nodes/Default/config/KerberosKDC.plist /tmp/slapconfig_backup_stage68225F6H82/KerberosKDC.plist, "r" 2008-07-07 17:38:03 +0200 - 4 Backing up configuration files 2008-07-07 17:38:03 +0200 - popen: /bin/cp /System/Library/LaunchDaemons/com.apple.PasswordService.plist /tmp/slapconfig_backup_stage68225F6H82/LaunchDaemons/, "r" 2008-07-07 17:38:03 +0200 - popen: /bin/cp /System/Library/LaunchDaemons/org.openldap.slapd.plist /tmp/slapconfig_backup_stage68225F6H82/LaunchDaemons/, "r" 2008-07-07 17:38:03 +0200 - popen: /bin/cp /System/Library/LaunchDaemons/org.openldap.slurpd.plist /tmp/slapconfig_backup_stage68225F6H82/LaunchDaemons/, "r" 2008-07-07 17:38:03 +0200 - popen: /bin/cp /System/Library/LaunchDaemons/com.apple.kdcmond.plist /tmp/slapconfig_backup_stage68225F6H82/LaunchDaemons/, "r" 2008-07-07 17:38:03 +0200 - popen: /bin/cp /System/Library/LaunchDaemons/edu.mit.kadmind.plist /tmp/slapconfig_backup_stage68225F6H82/LaunchDaemons/, "r" 2008-07-07 17:38:03 +0200 - popen: /bin/cp /System/Library/LaunchDaemons/smbd.plist /tmp/slapconfig_backup_stage68225F6H82/LaunchDaemons/, "r" 2008-07-07 17:38:03 +0200 - popen: /bin/cp -r /Library/Preferences/DirectoryService /tmp/slapconfig_backup_stage68225F6H82/, "r" 2008-07-07 17:38:03 +0200 - 5 Backing up local directory database 2008-07-07 17:38:03 +0200 - popen: /bin/cp /Library/Preferences/com.apple.openldap.plist /tmp/slapconfig_backup_stage68225F6H82/, "r" 2008-07-07 17:38:03 +0200 - popen: /usr/bin/sw_vers > /tmp/slapconfig_backup_stage68225F6H82/version.txt, "r" 2008-07-07 17:38:03 +0200 - popen: /bin/cp -r /var/db/dslocal /tmp/slapconfig_backup_stage68225F6H82/, "r" 2008-07-07 17:38:06 +0200 - popen: /usr/bin/tar czpf /tmp/slapconfig_backup_stage68225F6H82/shadowbackup.tar.gz /var/db/shadow, "r" 2008-07-07 17:38:06 +0200 - popen: /usr/bin/tar czpf /tmp/slapconfig_backup_stage68225F6H82/sambabackup.tar.gz /var/db/samba /etc/smb.conf, "r" 2008-07-07 17:38:06 +0200 - Backed Up Keycahin 2008-07-07 17:38:06 +0200 - 6 Creating archive 2008-07-07 17:38:06 +0200 - command: /usr/bin/hdiutil create -ov -quiet -plist -puppetstrings -layout UNIVERSAL CD -fs HFS+ -volname ldap_bk -srcfolder /tmp/slapconfig_backup_stage68225F6H82 -format SPARSE -encryption AES-256 -stdinpass /Volumes/D1/Configurations/2008-07-07/sauv 2008-07-07 17:38:19 +0200 - Removed directory at path /tmp/slapconfig_backup_stage68225F6H82.
2008-07-07 17:48:15 +0200 - slapconfig -mergedb 2008-07-07 17:48:15 +0200 - command: /usr/bin/hdiutil attach /Volumes/Sans titre/sauv.sparseimage -readonly 2008-07-07 17:48:16 +0200 - hdiutil command output: hdiutil: attach failed - Erreur d'authentification 2008-07-07 17:48:16 +0200 - hdiutil command failed with status 1 2008-07-07 17:48:16 +0200 - command: /usr/bin/hdiutil attach -stdinpass /Volumes/Sans titre/sauv.sparseimage -readonly 2008-07-07 17:48:17 +0200 - Disk name disk3 2008-07-07 17:48:17 +0200 - 1 Merging Kerberos database 2008-07-07 17:48:17 +0200 - popen: cd /tmp/slapconfig_restore_stage2023eT5lWo;/usr/bin/tar xzpf /Volumes/ldap_bk/krb5backup.tar.gz, "r" 2008-07-07 17:48:17 +0200 - Copied file from /Volumes/ldap_bk/kdb5dump.SERVEUR.LIP6.FR.bak to /tmp/slapconfig_restore_stage2023eT5lWo/kdb5dump.SERVEUR.LIP6.FR.bak. 2008-07-07 17:48:17 +0200 - command: /usr/sbin/kdb5_util -r SERVEUR.LIP6.FR dump -new_mkey_file /tmp/slapconfig_restore_stage2023eT5lWo/var/db/krb5kdc/.k5.SERVEUR.LIP6.FR /tmp/slapconfig_restore_stage2023eT5lWo/kdb5backup.bak 2008-07-07 17:48:17 +0200 - Copied directory from /var/db/krb5kdc to /var/db/krb5kdc.pre-merge. 2008-07-07 17:48:17 +0200 - command: /bin/cp /tmp/slapconfig_restore_stage2023eT5lWo/var/db/krb5kdc/.k5.SERVEUR.LIP6.FR /var/db/krb5kdc/ 2008-07-07 17:48:17 +0200 - command: /usr/sbin/kdb5_util -r SERVEUR.LIP6.FR load -update /tmp/slapconfig_restore_stage2023eT5lWo/kdb5dump.SERVEUR.LIP6.FR.bak 2008-07-07 17:48:18 +0200 - command: /usr/sbin/kdb5_util -r SERVEUR.LIP6.FR load -update /tmp/slapconfig_restore_stage2023eT5lWo/kdb5backup.bak 2008-07-07 17:48:18 +0200 - 2 Merging Password Server data 2008-07-07 17:48:18 +0200 - command: /usr/sbin/mkpassdb -mergeparent /Volumes/ldap_bk/passwordserver_backup/ /Volumes/ldap_bk/id_omitfile 2008-07-07 17:48:18 +0200 - 3 Merging LDAP database 2008-07-07 17:48:18 +0200 - Stopping LDAP server (slapd) 2008-07-07 17:48:18 +0200 - popen: /usr/sbin/slapadd -c -l /tmp/slapconfig_stage2023WJmgjh/backup2023.ldif, "w" 2008-07-07 17:48:18 +0200 - Error: command failed with exit code 256: /usr/sbin/slapadd -c -l /tmp/slapconfig_stage2023WJmgjh/backup2023.ldif 2008-07-07 17:48:18 +0200 - Starting LDAP server (slapd) 2008-07-07 17:48:18 +0200 - popen: cd /;/usr/bin/tar xzpf /Volumes/ldap_bk/sambabackup.tar.gz, "w" 2008-07-07 17:48:18 +0200 - Copied file from /Volumes/ldap_bk/LaunchDaemons/smbd.plist to /System/Library/LaunchDaemons/smbd.plist. 2008-07-07 17:48:18 +0200 - command: /bin/launchctl load /System/Library/LaunchDaemons/smbd.plist 2008-07-07 17:48:18 +0200 - Removed directory at path /tmp/slapconfig_stage2023WJmgjh. 2008-07-07 17:48:18 +0200 - command: /usr/bin/hdiutil detach disk3
Je n'ai pas trouvé le script qui est lancé lors de l'importation d'un Open Directory Master, c'est en fait dans la commande slapconfig -mergedb J'ai donc lancé la commande slapconfig -mergedb en lui donnant le fichier .sparseimage en paramètre. Cela se plante donc sur la commande /usr/sbin/slapadd Pour connaître le paramètre passé à cette commande, j'ai stoppé le script en cours de route afin d'éviter la dernièer commande qui supprime /tmp Finalement, le contenu du fichier passé en paramètre n'est que la création de deux éléments racines de la base LDAP.
Je crée un faux slapadd qui fait appel au vrai (c'était un lien symbolique vers ../libexec/slapd) et qui rend un code d'erreur 0 pour laisser continuer le script.
Enfin, j'ai pu faire l'importation qui a bien pris les mots de passe mais pas les comptes, j'ai donc utilisé ldapbrowser pour exporter users.ldif et groups.ldif et je les ai importé dans le nouveau serveur. Dans le fichier users, j'ai supprimé le compte root pour éviter le doublon. Dans le fichier groups, j'ai supprimé admin. On peut peut-être en profiter pour corriger les sn=99 créés par une ancienne version de MacOS X Server ! sn devrait être le nom de famille et givenName le prénom
2009-07-24 14:59:59 +0200 - 1 Merging Kerberos database 2009-07-24 14:59:59 +0200 - popen: cd /tmp/slapconfig_restore_stage1686VdygU1;/usr/bin/tar xzpf /Volumes/ldap_bk/krb5backup.tar.gz, "r" 2009-07-24 15:00:00 +0200 - Copied file from /Volumes/ldap_bk/kdb5dump.SERVEUR.LIP6.FR.bak to /tmp/slapconfig_restore_stage1686VdygU1/kdb5dump.SERVEUR.LIP6.FR.bak. 2009-07-24 15:00:00 +0200 - command: /usr/sbin/kdb5_util -r SERVEUR.LIP6.FR dump -new_mkey_file /tmp/slapconfig_restore_stage1686VdygU1/var/db/krb5kdc/.k5.SERVEUR.LIP6.FR /tmp/slapconfig_restore_stage1686VdygU1/kdb5backup.bak 2009-07-24 15:00:00 +0200 - Copied directory from /var/db/krb5kdc to /var/db/krb5kdc.pre-merge. 2009-07-24 15:00:00 +0200 - command: /bin/cp /tmp/slapconfig_restore_stage1686VdygU1/var/db/krb5kdc/.k5.SERVEUR.LIP6.FR /var/db/krb5kdc/ 2009-07-24 15:00:00 +0200 - command: /usr/sbin/kdb5_util -r SERVEUR.LIP6.FR load -update /tmp/slapconfig_restore_stage1686VdygU1/kdb5dump.SERVEUR.LIP6.FR.bak 2009-07-24 15:00:00 +0200 - command: /usr/sbin/kdb5_util -r SERVEUR.LIP6.FR load -update /tmp/slapconfig_restore_stage1686VdygU1/kdb5backup.bak 2009-07-24 15:00:00 +0200 - 2 Merging Password Server data 2009-07-24 15:00:00 +0200 - command: /usr/sbin/mkpassdb -mergeparent /Volumes/ldap_bk/passwordserver_backup/ /Volumes/ldap_bk/id_omitfile 2009-07-24 15:00:00 +0200 - 3 Merging LDAP database 2009-07-24 15:00:00 +0200 - Stopping LDAP server (slapd) 2009-07-24 15:00:00 +0200 - popen: /usr/sbin/slapadd -c -l /tmp/slapconfig_stage16869W6yN3/backup1686.ldif, "w" 2009-07-24 15:00:01 +0200 - Starting LDAP server (slapd) 2009-07-24 15:00:02 +0200 - popen: cd /;/usr/bin/tar xzpf /Volumes/ldap_bk/sambabackup.tar.gz, "w" 2009-07-24 15:00:02 +0200 - Copied file from /Volumes/ldap_bk/LaunchDaemons/smbd.plist to /System/Library/LaunchDaemons/smbd.plist. 2009-07-24 15:00:02 +0200 - command: /bin/launchctl load /System/Library/LaunchDaemons/smbd.plist 2009-07-24 15:00:02 +0200 - launchctl command output: nothing found to load 2009-07-24 15:00:02 +0200 - launchctl command failed with status 1 2009-07-24 15:00:02 +0200 - Removed directory at path /tmp/slapconfig_stage16869W6yN3. 2009-07-24 15:00:02 +0200 - command: /usr/bin/hdiutil detach disk1
2008-07-07 17:54:24 +0200 - slapconfig -destroyldapserver 2008-07-07 17:54:24 +0200 - removing GUID F64E6F87-EC53-4274-8492-9AB29BE9A4B1 from local admin group. 2008-07-07 17:54:24 +0200 - removing short name diradmin from local admin group. 2008-07-07 17:54:24 +0200 - command: /usr/sbin/sso_util remove -k -d -s -c -n -r SERVEUR.LIP6.FR -v 1 2008-07-07 17:54:27 +0200 - sso_util command output: shutting down kadmind kadmind shut down shutting down kdc kdc shut down Not removing the admin user as admin name entered is NULL removing kdc database files 2008-07-07 17:54:28 +0200 - Stopping LDAP server (slapd) 2008-07-07 17:54:28 +0200 - Stopping LDAP replicator (slurpd) 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/__db.001. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/__db.002. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/__db.003. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/__db.004. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/__db.005. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/apple-generateduid.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/apple-group-memberguid.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/apple-group-nestedgroup.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/apple-group-realname.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/apple-serviceinfo.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/apple-serviceslocator.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/cn.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/DB_CONFIG. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/dn2id.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/gidNumber.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/givenName.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/id2entry.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/ipHostNumber.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/log.0000000001. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/macAddress.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/memberUid.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/objectClass.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/ou.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/sn.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/uid.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/openldap/openldap-data/uidNumber.bdb. 2008-07-07 17:54:28 +0200 - Removed file at path /etc/openldap/slapd_macosxserver.conf. 2008-07-07 17:54:28 +0200 - Removed file at path /etc/openldap/slapd.conf. 2008-07-07 17:54:28 +0200 - Copied file from /etc/openldap/slapd.conf.default to /etc/openldap/slapd.conf. 2008-07-07 17:54:28 +0200 - Removed file at path /etc/openldap/rootDSE.ldif. 2008-07-07 17:54:28 +0200 - Removed file at path /var/db/dslocal/nodes/Default/groups/com.apple.access_dsproxy.plist. 2008-07-07 17:54:28 +0200 - Removed directory at path /etc/openldap/slapd.d/cn=config. 2008-07-07 17:54:28 +0200 - Removed file at path /etc/openldap/slapd.d/cn=config.ldif. 2008-07-07 17:54:28 +0200 - Removed directory at path /etc/openldap/slapd.d. 2008-07-07 17:54:28 +0200 - Removed directory at path /etc/openldap/slapd.d.backup/cn=config. 2008-07-07 17:54:28 +0200 - Removed file at path /etc/openldap/slapd.d.backup/cn=config.ldif. 2008-07-07 17:54:28 +0200 - Removed directory at path /etc/openldap/slapd.d.backup. 2008-07-07 17:54:28 +0200 - command: /usr/sbin/kdcsetup -e 2008-07-07 17:54:33 +0200 - command: /usr/sbin/mkpassdb -u disabled-slot-0x1 -p -q 2008-07-07 17:54:34 +0200 - command: /usr/sbin/mkpassdb -key 2008-07-07 17:54:40 +0200 - Removed file at path /Library/Preferences/com.apple.passwordserver.plist. 2008-07-07 17:54:40 +0200 - slapconfig -setstandalone 2008-07-07 17:54:40 +0200 - slapconfig -setmacosxodpolicy
2004-2008
|