DirectoryService Troubleshooting


Max OS X includes command-line tools that are useful in confirming that DirectoryService is responding to requests and that those requests contain correct information. As you saw earlier, you can use dscl to find out how DirectoryService responds to requests. This tool will retrieve information from any of the DirectoryService plug-ins.

When troubleshooting, it may be necessary for you to view or edit the contents of your data stores. Again, you can use Workgroup Manager or dscl to view and modify the local NetInfo database, and you can use any text editor to view and modify the BDS flat files (located in the /etc directory), which are all owned by root.

You will follow a basic workflow to solve directory-service issues. For example, suppose you are unable to log in using an account that you set up in either the local NetInfo database or in the BDS flat files. Take these general steps to resolve the issue:

1.

Plan.

Before making any configuration changes, decide on the approach you will use to resolve the problem.

2.

Configure.

Open Directory Access and verify that the path for authentication includes the data store that contains the user account record. Oftentimes changes made to the plug-in require that the directory be removed from the authentication path and added back in, thus allowing DirectoryService to reread the authentication list.

3.

Test.

Use dscl to see how the DirectoryService process responds to requests. If you are trying to log in from a BDS utility (such as ssh), then use lookupd -q or lookupd -configuration to see how requests are handled.

4.

Modify.

If the requests return incorrect information or no information, then take a look at the data stores using Workgroup Manager and dscl for the local NetInfo database, or a text editor for the BDS flat files.

Using the DirectoryService Debug Log

Another good resource for looking at DirectoryService activity is the DirectoryService debug log. To enable the log, go to Terminal and type sudo killall -USR1 DirectoryService.

Once the log is enabled, you can use Console to view the results. With Console, you can filter local logs by command, error codes, or anything that is contained in the log. You can also clear the screen or add flags to track new entries. If you need to locate information in the debug logs of remote computers (using ssh, for example), you can use the command-line utilities tail and grep to filter information found in /Library/Logs/ DirectoryService/DirectoryService.debug.log.

The debug log will continue to log information until disabled. To disable the log, use the same command you used to enable it.

You can also use the following command to turn on API logging:

sudo killall -USR2 DirectoryService


The result is that any calls to the API will be logged in the /var/log/system.log. The USR2 logging will automatically turn itself off after 5 minutes.

More Info

The man pages for DirectoryService provide a list of error codes that you may see in the log files.


You can also log DirectoryService activity at startup by creating two files:

  • /Library/Preferences/DirectoryService/.DSLogDebugAtStart

  • /Library/Preferences/DirectoryService/.DSLogAPIAtStart

When DirectoryService detects these files at startup, log entries will be added to them. This is useful in evaluating what the computer is doing when it boots.

Enabling the DirectoryService Debug Log

By default, the DirectoryService debug log is not enabled. Use Terminal to enable the debug log on the DirectoryService process:

1.

Log in as Apple Admin.

2.

Open Terminal.

3.

Send a USR1 signal to the DirectoryService process by entering sudo killall -USR1 DirectoryService.

Viewing and Marking Logs With Console

You can use Console to view and mark the debug log to track events that take place in the Finder:

1.

Log out and log back in as Apple Admin so that the log contains information about the login.

2.

Open Console (/Applications/Utilities).

3.

Click the Logs button to display the list of logs.

4.

Select DirectoryService.debug.log, located in the DirectoryService entry in /Library/Logs.

Note the entries for the different processes that use DirectoryService.

5.

Click Mark.

This sets a time marker in the log display, enabling you to differentiate new log entries from the previous entries.

6.

In the Finder, navigate to ~/Public/Drop Box.

7.

Press Command-I to get info for the Drop Box folder.

8.

Expand Ownership & Permissions.

9.

Expand Details.

10.

Close the Drop Box Info window.

11.

In Console, view the DirectoryService.debug.log.

12.

In the Filter field, type dsGetRecordList.

13.

Locate an entry that contains Client:Finder.

The Client portion of the entries indicates what process is making the requests. This enables you to see what processes are making directory service requests.

14.

To disable the debug log for the DirectoryService process, send it the USR1 signal again.

15.

In Terminal, send another USR1 signal to the DirectoryService process by typing sudo killall -USR1 DirectoryService.

16.

Clear Console.

17.

Perform some lookups in dscl and verify that debug messages are not being logged anymore.




Apple Training Series. Mac OS X System Administration Reference, Volume 1
Apple Training Series: Mac OS X System Administration Reference, Volume 1
ISBN: 032136984X
EAN: 2147483647
Year: 2005
Pages: 258
Authors: Schoun Regan

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net