When Mac OSX forgets it's LDAP

Posted on March 12, 2006

The OSX server I administer is going through a rather rough patch at the moment. First some security updates disrupted the LDAP auth, then I accidentally delete the LDAP database by setting the active directory to Stand Alone, then back to Master replica. Of course it didn't ask if I intended to delete the database, it just did it. But I've come to expect that by now. So the machine went back into service, and a week later there was a power failure, and when the machine came back up LDAP auth was once again broken. After pondering the symptoms for a while I decided that the only possibility could be a corrupted LDAP DB. But that couldn't be. I know BDB, the default back end for openldap is entirely manual when it comes to recovery, but all Linux installs of OpenLDAP I've played with (Debian comes to mind) automatically do a DB check and recovery before starting slapd. Now Mac who have just repackaged these OSS tools would surely have done some hardening and robustness checking… Nope… The DB was broken, easily fixed by a db_recover. But of course the BDB tools weren't shipped with Mac, so Fink to the rescue, and after installing the tools for BDB 4.1, and a quick change to the LDAP startup script (/System/Library/LDAP/LDAP) to do the Linux style DB checks, everything is flying again… Not that I'm on a Mac knocking trip or anything, but I really don't think it was worth the extra money to run with a Mac server. The reason we did was the main computer person on site, who is by no means a technician, knows something about Mac, and we were promised that Mac had built nice, usable, intuitive, and integrated front ends to all the server features. As it has turned out I've spent more time fixing this system, and doing the routine tasks which the on-site person use to do on the previous Linux server. Why? I really do think that Mac is Linux + Hype + Random reorganisation of directories. For what we do, which is a PDC + Print server for a W98+WinXP domain, an SME or even a Debian server would have been less work, with more uptime, and less cost.