OS X Server: Steps to take before upgrading or migrating the Open Directory database
Follow these best practice steps before upgrading or migrating your Open Directory database.
Verify DNS mappings exist
Verify that both A and PTR (forward and reverse) DNS mappings exist, and will exist for the computer's hostname during the upgrade process. The interface with the IP address that the hostname resolves to must be active during the upgrade process.
Do not take the computer offline for the upgrade process. If this is necessary, move the computer to a private network with a working DNS, where it can keep its IP address, but is not accessible to the world.
To verify the hostname, execute this command in Terminal on the server:
scutil --get HostName
This will display the hostname as configured on your Open Directory Directory Server, such as "server.com".
Use the host command with the hostname to verify that DNS resolves both directions:
- Verify that the fully-qualified DNS name of the server matches its public IP address using the host hostname command.
For example, entering host server.com returns:
10.0.2.199. $ host server.com server.com has address 10.0.2.199
- Verify that the reverse DNS record of the controller matches its fully-qualified DNS name using the host command.
For example, entering host 10.0.2.199 returns:
server.com. $ host 10.0.2.199 22.214.171.124.in-addr.arpa domain name pointer server.com.
Check the System keychain (Mac OS X Server v10.6.8 or earlier)
If you are moving the data from Mac OS X Server v10.6.8 or earlier, ensure there is an entry in the System keychain for service com.apple.opendirectory.
Ensure the keychain has the username of the hostname above with a "$" symbol appended.
If you have SSL enabled, disable it before upgrading.