Ranj B Technical Blog

Resolve a corrupt Open Directory LDAP database on a Mac OSX 10.5 Leopard Server

Home  >>  Mac OS  >>  Resolve a corrupt Open Directory LDAP database on a Mac OSX 10.5 Leopard Server

Resolve a corrupt Open Directory LDAP database on a Mac OSX 10.5 Leopard Server

On August 14, 2014, Posted by , In Mac OS, With No Comments

Had an issue with our Mac OSX server recently where it had completley frozen so the only way of rebooting the server was forcefully shutting it down via the power button. This in return caused even bigger issues at bootup. None of our Mac users could login to any Mac.

After lots of reading on the web and talks with an Apple enterprise support person I was able to fix the corrupt DB. Apparently it likely happened when the server had a force shutdown.

if you use Open Directory to manage your logins for Mac users and in Server Admin if the LDAP server and password server is not running you need to do the following to first to check the db.

Checking the DB in terminal:

Open terminal and type: sudo /usr/libexec/slapd -Tt

if it says database cannot be opened or something along these lines, then try

sudo db_recover -h /var/db/openldap/openldap-data/ – this will try to recover the db.

I found even after this it still didn’t work, if we tried to use Workgroup manager it would come up with an error

“The workgroup manager would popup a window saying “Error of type eDSRecord Not Found (-14136) on line 1189 of /SourceCache/WorkgroupManager/WorkgroupManager-319.1.1/PMMUGMainView.mm”. The Xserve’s /var/log/slapd.log would start displaying the message “slapd73: bdb(dc=xxx,dc=xxx,dc=com): PANIC: fatal region error detected; run recovery” every second or so. Nobody could login to the box, not even local users at the console, and no service that required authentication would work (eg Mail, iChat server, etc).”

So I ran the following in terminal as root user and after doing this it worked!

1) sudo to root

sudo -i

2) shutdown the open directory server

service org.openldap.slapd stop

3) dump a copy of the Open Directory database to an LDIF format text file

mkdir /var/root/opendirectory
cd /var/root/opendirectory
slapcat -l dir.ldif

4) move the old (corrupt) database files out of the way (or remove them).

cd /var/db/openldap/openldap-data
mkdir SAVE
mv *.bdb SAVE/

be sure you don’t move, rename or delete the file named DB_CONFIG. It’s needed.

5) recreate the database from the LDIF format file

cd /var/root/opendirectory
slapadd -l dir.ldif
slapindex

You will see some harmless warnings during slapadd. Ignore them.

6) restart open directory

service org.openldap.slapd start

Voila! It should begin running again. You should check the users/groups in workgroup manager for stray unrecognizable objects, as the corruption may have left some fragments of whatever was broken there. Just remove them in the usual way.

Leave a Reply

Your email address will not be published. Required fields are marked *