Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DSLDAPv3PlugInConfig.plist is not updating


On 29/05/2008, at 2:16 AM, Chris McFarling wrote:
I've got two 10.3.9 OS X Servers, 1 OD Master and 1 OD Replica. These are serving 15 or so 10.3 & 10.4 desktop machines. Server01 is running DHCP which is configured to provide LDAP info to clients. Server Admin for DHCP >> LDAP is setup as follows:
 
Server Name: server01.mydomain.com
Search Base: cn=config,dc=mydomain,dc=com
 
I've checked all of the documentation and forum posts I can find on this matter and everything appears to be setup correctly.
 
- DNS is configured properly, forward and reverse resolution woks for both servers
- hostname command returns proper FQDN
- Config/ldapreplicas contains proper entries for read & write replicas
- Replication is working between server01 & server02
- DHCP is supplying clients with the correct LDAPv3 config for Directory Access
 
(on client)
-- Use DHCP-supplied LDAP Server is checked
-- Supplied Configuration Name = 127.0.0.1, Server Name or IP Address = server01.mydomain.com, LDAP Mappings = From Server, Enabled checkbox is checked
- Clients are able to authenticate to the OD
 
So here's the problem... For failover purposes, Directory Services on the client machines is supposed to keep track of all OD master and replica servers in a replication group. After connecting to to OD it's supposed to write this info to /Library/Preferences/DirectoryService/DSLDAPv3PlugInConfig.plist. However none of my client machines are doing that. In fact that file has not been modified in 2+ years on every machine I've checked. The DSLDAPv3PlugInConfig.plist file contains:
 
Utilising statically configured binding with an "Open Directory" template in Directory Access populates the full preference file including the references to read-only and writable replicas.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>LDAP PlugIn Version</key>
        <string>DSLDAPv3PlugIn Version 1.5</string>
</dict>
</plist>
 

The above is an expected behaviour with DHCP deployment of the preferences - so that your computers can roam to other locations and receive their configurations dynamically without any pre-existing configurations clouding the way they behave.

A suggestion to facilitate failover could be to use a DNS hostname A records for each of your OD servers (replica and master).  Then send that hostname to your DHCP-configured clients.  For example:

Instead of using: server01.mydomain.com

Use:

ldap.mydomain.com

Which resolves to server01.mydomain.com as well as replica01.mydomain.com.

Because the Password server is multi-master, and the Kerberos KDC password changes are performed only through the OD Master's Kerberos KDC, you should still be able to change passwords etc as you used to (as long as the OD Master is running!)



No mention of any servers at all. This has been this way for a long time apparently. It obviously hasn't been a huge problem since I'm just now looking into it. However I'd like to get this working properly so I have a better understanding of what to be aware of when/if I upgrade these servers.
 
Chris
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

-----------------------------------------------
David Colville
Technical Director
Key Options Technology Pty Ltd
11/78 Reserve Road  Artarmon   NSW    2064
E: email@hidden T:  1300 721 769 - F:  +61 2 9475 0837 - M: +61 412 200 855
iChat: email@hidden
 

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >DSLDAPv3PlugInConfig.plist is not updating (From: "Chris McFarling" <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.