Apple - How to fix failing Open Directory (database "cn=authdata" cannot be opened, err 12) after hang
Check if the OD database is the problem
$ sudo /usr/libexec/slapd -Tt
No further action is needed if the output tells something like:
...
bdb_db_open: database "dc=hostname,dc=domainname,dc=tldname": recovery skipped in read-only mode. Run manual recovery if errors are encountered.
...
Try repair
To repair the Open Directory authdata database:
$ sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist
Now start the database recovery using the command below that matches your OS version.
$ sudo db_recover -h /var/db/openldap/authdata/ # Mac OS X 10.7
$ sudo db_recover -h /var/db/openldap/openldap-data/ # Mac OS X 10.6
Now slapd in tool mode outputs:
$ sudo /usr/libexec/slapd -Tt
bdb_db_open: database "dc=nl2,dc=probackup,dc=nl": unclean shutdown detected; attempting recovery.
bdb_db_open: database "dc=nl2,dc=probackup,dc=nl": recovery skipped in read-only mode. Run manual recovery if errors are encountered.
bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
config file testing succeeded
Now turn back on Open Directory:
$ sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist
And issue another restart to be better safe than sorry:
$ sudo reboot
Open Directory should now be up and running again. In case it isn't running, try below.
Try Time Machine restore
First have a look at the available back-upped versions:
$ ls /Volumes/Time\ Machine/Backups.backupdb/*/
Pick the most recent version when Open Directory was still running correctly, for example 2018-07-22-091106
.
Start again with unloading the daemon.
$ sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist
Then remove (or rename) the database directory (when it is available Time Machine won't restore correctly) and start restore:
$ sudo rm -rf /var/db/openldap/ && sudo tmutil restore -v /Volumes/Time\ Machine/Backups.backupdb/*/2018-07-22-091106/Macintosh\ HD/var/db/openldap/ /var/db/
Force repair the database:
$ sudo db_recover -cv -h /var/db/openldap/openldap-data/
Repair permissions and reboot:
$ sudo diskutil repairPermissions / && sudo reboot
This is how I usually repair a broken LDAP/OD
1. check if this is the problem
sudo /usr/libexec/slapd -Tt
*
You might get: bdb_db_open: database "cn=authdata": db_open(/var/db/openldap/authdata/id2entry.bdb) failed: Invalid argument (22).
2. Stop LDAP on OD Master
sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist
3. Repair Permissions
diskutil repairPermissions /
4. backup openldap db
sudo cp /var/db/openldap/authdata/id2entry.bdb /var/db/openldap/authdata/id2entry.bdb.backup
5. repair
sudo db_recover -cv -h /var/db/openldap/openldap-data/
6. run repair again to check
sudo db_recover -cv -h /var/db/openldap/openldap-data/
7. do it one more time so things are repaired correctly
sudo /usr/libexec/slapd -Tt
8. restart the service
sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist
9. If the above does not work, try:
sudo db_recover -cv -h /var/db/openldap/authdata/
then I restart the service with step 8.
sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist
This usually fixes the problem... but in some cases you need to restore like llange explaines in his post.