Symptom: Users cannot log into OD accounts.
If DNS, TCP-IP, physical connections, etc are OK…
Check these items:
1) Go to Directory Utility: See If OD entry shows “Server Unavailable”
2) Go to Server Admin>Open Directory>LDAP: See If Server shows STOPPED
If YES for both you may have OD database corruption.
To Check Database for corruption:
sudo /usr/libexec/slapd -Tt
If this command returns “config file testing succeeded” then the database is not corrupt, you should attempt to troubleshoot elsewhere.
If this command returns an error (i.e.,”run recovery”), then the db is possibly corrupt.
To Repair Database corruption:
sudo db_recover -h /var/db/openldap/openldap-data/
If this command returns ‘succeeded’ status then rebuild was successful.
After reboot of OD Master and Replicas, Kerberos and LDAP should show RUNNING in Server Admin. Network accounts should be available and clients able to log into OD accounts.
If the commands above do not help, and you continue to get errors like:
“slapd73: bdb(dc=xxx,dc=xxx,dc=com): PANIC: fatal region error detected; run recovery”
You can attempt the following:
1) sudo to root
2) shutdown the open directory server
sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist
3) dump a copy of the Open Directory database to an LDIF format text file
slapcat -l dir.ldif
4) move the old (corrupt) database files out of the way (or remove them).
mv *.bdb SAVE/
be sure you don’t move, rename or delete the file named DB_CONFIG. It’s needed.
5) recreate the database from the LDIF format file
slapadd -l dir.ldif
You will see some harmless warnings during slapadd. Ignore them.
6) restart open directory
sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist
-Your OD should be running again.
-Check OD for “stray” objects as the corruption may have left some fragments behind.