I've found that on some servers, the 10.6.5 update kills LDAP. If you have run the update and are still able to login to the server via filesharing, mail, or other services that require authentication, your server probably does not have the problem.
If you cannot login using a username and password from LDAP, perform the following steps:
(do not attempt if you are not comfortable using the command line)
1. open /Applications/Terminal.app
2. type "sudo su" and hit return. enter your admin password when asked and hit return.
3. type "cp /etc/openldap/slapd.d/cn\=config.ldif /" and hit return (creates a backup of the file)
4. type "pico /etc/openldap/slapd.d/cn\=config.ldif" and hit return.
5. search for and delete the following 5 lines: (some lines might be split into multiple lines)
olcTLSCertificateFile: /etc/certificates/www.mydomain.com.crt
olcTLSCertificateKeyFile: /etc/certificates/www.mydomain.com.key
olcTLSCACertificateFile: /etc/certificates/www.mydomain.com.chcrt
olcTLSCertificatePassphraseTool: /usr/sbin/certadmin --get-private-key-passphr
ase /etc/certificates/www.mydomain.com.key
6. hold Control and hit X to save and close the document
7. reboot the server
If you haven't run the update yet, be sure to create an archive of Open Directory first (you should do this on a regular basis anyway). This would also be a good time to make sure your backups are working.
To create an Open Directory Archive:
1. Open Server Admin
2. Select your server and click on Open Directory
3. Click on the Archive icon near the top of the window
4. Click "Choose" to select where you want to save the archive
5. Click on "Archive." Enter a name for the archive and a password. Click on OK.
Note: I found this solution at
Apple Support Discussions.
Tod's Blog
Comments