# Ldap Starting At Wrong Ip



## Finne (Jul 2, 2005)

I have a problem when setting up LDAP/OD on our 10.3 server.

I started the LDAP server through Server Admin by promoting the server from stand alone to directory master. It created an LDAP server, that was listed in the Workgroup Manager under /LDAPv3/<its IP address> instead of /LDAPv3/127.0.0.1/. Because of this during creation the admin user is not copied to the db (it can't find the db on 127.0.0.1) and some attributes are not set either. Kerberos failes too, because of this. See the slapconfig.log at /Library/Logs/:

2005-06-23 17:15:05 +0200 - slapconfig -setstandalone
2005-06-28 12:01:47 +0200 - slapconfig -createldapmaster
2005-06-28 12:01:47 +0200 - Creating password server slot
2005-06-28 12:01:54 +0200 - copying admin user failed with error -14002
2005-06-28 12:01:55 +0200 - Configuring Kerberos server, realm is OSXSERVER.AXEL.NU
2005-06-28 12:01:55 +0200 - kdcsetup command output:
Contacting the Directory Server
dsOpenDirNode failed with error of type -14002
Unable to find the directory node at /LDAPv3/127.0.0.1 error = -14002
Failed to configure error = 2
2005-06-28 12:01:55 +0200 - kdcsetup command failed with status 2
2005-06-28 12:01:55 +0200 - sso_util command output:
DoConfigure: argc = 13
Creating the service list
Creating the service principals
kadmin: Cannot contact any KDC for requested realm while initializing kadmin interface


"resetting' the LDAP server by returning to stand alone mode and back did not solve the problem. 
The LDAP server on <my IP address> is functioning normally when you access it through an LDAP browser such as jxplorer... but showing an empty db.
I cannot find out why the LDAP server is showing on <my IP address> but I know it should have been 127.0.0.1.

A clean install on a test rig shows no problems, and the LDAP server there duly shows up on 127.0.0.1. I can't find differences between these machines that migth cause this behaviour.

any help would be appreciated


----------



## Finne (Jul 4, 2005)

I found out what was wrong myself:

the server is accessible through ldapsearch CLI (ldapsearch -x -H ldap://192.168.42.50 -b dc=mycompany,dc=nu ) on both 127.0.0.1 and 192.168.42.50
dscl shows (dscl localhost -list / ) LDAPv3 with one entry: 127.0.0.1, that is invalid.

I found out it has to do with the LDAPv3 directory services plug-in. This was somehow wrongly configured, probably during the upgrade from 10.2 to 10.3... (or 10.3 to 10.3.9).
When I renamed the /Library/Preferences/DirectoryService folder and rebooted the system recreated a default DirectoryServices folder. In the Server Admin application I could then reset the Open Directory Server Role to Stand Alone and then Directory Master.

Now everything works as expected.

LDAP command line tools that might be helpful:
NeST
slapd
kdcsetup
mkpassdb
kerberosautoconfig
slapconfig
dscl
lookupd
dsperfmonitor
ldapsearch


----------

