Apple - How to fix failing Open Directory (database "cn=authdata" cannot be opened, err 12) after hang

Check if the OD database is the problem

$ sudo /usr/libexec/slapd -Tt

No further action is needed if the output tells something like:

...
bdb_db_open: database "dc=hostname,dc=domainname,dc=tldname": recovery skipped in read-only mode. Run manual recovery if errors are encountered.
...

Try repair

To repair the Open Directory authdata database:

$ sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist

Now start the database recovery using the command below that matches your OS version.

$ sudo db_recover -h /var/db/openldap/authdata/ # Mac OS X 10.7
$ sudo db_recover -h /var/db/openldap/openldap-data/ # Mac OS X 10.6

Now slapd in tool mode outputs:

$ sudo /usr/libexec/slapd -Tt
bdb_db_open: database "dc=nl2,dc=probackup,dc=nl": unclean shutdown detected; attempting recovery.
bdb_db_open: database "dc=nl2,dc=probackup,dc=nl": recovery skipped in read-only mode. Run manual recovery if errors are encountered.
bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
config file testing succeeded

Now turn back on Open Directory:

$ sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist

And issue another restart to be better safe than sorry:

$ sudo reboot

Open Directory should now be up and running again. In case it isn't running, try below.

Try Time Machine restore

First have a look at the available back-upped versions:

$ ls /Volumes/Time\ Machine/Backups.backupdb/*/

Pick the most recent version when Open Directory was still running correctly, for example 2018-07-22-091106.

Start again with unloading the daemon.

$ sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist

Then remove (or rename) the database directory (when it is available Time Machine won't restore correctly) and start restore:

$ sudo rm -rf /var/db/openldap/ && sudo tmutil restore -v /Volumes/Time\ Machine/Backups.backupdb/*/2018-07-22-091106/Macintosh\ HD/var/db/openldap/ /var/db/

Force repair the database:

$ sudo db_recover -cv -h /var/db/openldap/openldap-data/

Repair permissions and reboot:

$ sudo diskutil repairPermissions / && sudo reboot

This is how I usually repair a broken LDAP/OD

1. check if this is the problem

sudo /usr/libexec/slapd -Tt*

You might get: bdb_db_open: database "cn=authdata": db_open(/var/db/openldap/authdata/id2entry.bdb) failed: Invalid argument (22).

2. Stop LDAP on OD Master

sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist

3. Repair Permissions

diskutil repairPermissions /

4. backup openldap db

sudo cp /var/db/openldap/authdata/id2entry.bdb /var/db/openldap/authdata/id2entry.bdb.backup

5. repair

sudo db_recover -cv -h /var/db/openldap/openldap-data/

6. run repair again to check

sudo db_recover -cv -h /var/db/openldap/openldap-data/

7. do it one more time so things are repaired correctly

sudo /usr/libexec/slapd -Tt

8. restart the service

sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist

9. If the above does not work, try:

sudo db_recover -cv -h /var/db/openldap/authdata/

then I restart the service with step 8.

sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist

This usually fixes the problem... but in some cases you need to restore like llange explaines in his post.