Resolve a corrupt OD LDAP database on a 10.5 Leopard Server
Thought I would share this with fellow Mac admins running 10.5 server.
Had an issue with our Mac server recently where it froze so the only way of rebooting the server was forcefully shutting it down via the power button. This in return caused even bigger issues at bootup. None of our users could login to any of the 45 iMacs we have in school using their open directory account.
After lots of researching on the web and talks with Apple professionals at the support line, I was able to fix the corrupt DB. Apparantly it likely happened when the server had a force shutdown.
if you run open directory to manage your logins for Mac users and in server admin if the LDAP server and password server is not running you need to do the following to first to check the db.
Checking the DB in terminal
sudo /usr/libexec/slapd -Tt
if it says database cannot be opened or something along these lines, then try
sudo db_recover -h /var/db/openldap/openldap-data/ - this will try to recover the db.
We found even after this it still didnt work, if we tried to use workgroup manager it would come up with an error
"The workgroup manager would popup a window saying "Error of type eDSRecord Not Found (-14136) on line 1189 of /SourceCache/WorkgroupManager/WorkgroupManager-319.1.1/PMMUGMainView.mm". The Xserve's /var/log/slapd.log would start displaying the message "slapd73: bdb(dc=xxx,dc=xxx,dc=com): PANIC: fatal region error detected; run recovery" every second or so. Nobody could login to the box, not even local users at the console, and no service that required authentication would work (eg Mail, iChat server, etc)."
So another admin suggested running the following in terminal as root user and after doing this it worked!
1) sudo to root
2) shutdown the open directory server
service org.openldap.slapd stop
3) dump a copy of the Open Directory database to an LDIF format text file
slapcat -l dir.ldif
4) move the old (corrupt) database files out of the way (or remove them).
mv *.bdb SAVE/
be sure you don't move, rename or delete the file named DB_CONFIG. It's needed.
5) recreate the database from the LDIF format file
slapadd -l dir.ldif
You will see some harmless warnings during slapadd. Ignore them.
6) restart open directory
service org.openldap.slapd start
Voila! It began running again. You should check the users/groups in workgroup manager for stray unrecognizable objects, as the corruption may have left some fragments of whatever was broken there. Just remove them in the usual way.