How to fix failing Open Directory (database "cn=authdata" cannot be opened, err 12) after hang
Check if the OD database is the problem
$ sudo /usr/libexec/slapd -Tt
No further action is needed if the output tells something like:
...
bdb_db_open: database "dc=hostname,dc=domainname,dc=tldname": recovery skipped in read-only mode. Run manual recovery if errors are encountered.
...
Try repair
To repair the Open Directory authdata database:
$ sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist
Now start the database recovery using the command below that matches your OS version.
$ sudo db_recover -h /var/db/openldap/authdata/ # Mac OS X 10.7
$ sudo db_recover -h /var/db/openldap/openldap-data/ # Mac OS X 10.6
Now slapd in tool mode outputs:
$ sudo /usr/libexec/slapd -Tt
bdb_db_open: database "dc=nl2,dc=probackup,dc=nl": unclean shutdown detected; attempting recovery.
bdb_db_open: database "dc=nl2,dc=probackup,dc=nl": recovery skipped in read-only mode. Run manual recovery if errors are encountered.
bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
config file testing succeeded
Now turn back on Open Directory:
$ sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist
And issue another restart to be better safe than sorry:
$ sudo reboot
Open Directory should now be up and running again. In case it isn't running, try below.
Try Time Machine restore
First have a look at the available back-upped versions:
$ ls /Volumes/Time\ Machine/Backups.backupdb/*/
Pick the most recent version when Open Directory was still running correctly, for example 2018-07-22-091106.
Start again with unloading the daemon.
$ sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist
Then remove (or rename) the database directory (when it is available Time Machine won't restore correctly) and start restore:
$ sudo rm -rf /var/db/openldap/ && sudo tmutil restore -v /Volumes/Time\ Machine/Backups.backupdb/*/2018-07-22-091106/Macintosh\ HD/var/db/openldap/ /var/db/
Force repair the database:
$ sudo db_recover -cv -h /var/db/openldap/openldap-data/
Repair permissions and reboot:
$ sudo diskutil repairPermissions / && sudo reboot
This is how I usually repair a broken LDAP/OD
1. check if this is the problem
sudo /usr/libexec/slapd -Tt*
You might get: bdb_db_open: database "cn=authdata": db_open(/var/db/openldap/authdata/id2entry.bdb) failed: Invalid argument (22).
2. Stop LDAP on OD Master
sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist
3. Repair Permissions
diskutil repairPermissions /
4. backup openldap db
sudo cp /var/db/openldap/authdata/id2entry.bdb /var/db/openldap/authdata/id2entry.bdb.backup
5. repair
sudo db_recover -cv -h /var/db/openldap/openldap-data/
6. run repair again to check
sudo db_recover -cv -h /var/db/openldap/openldap-data/
7. do it one more time so things are repaired correctly
sudo /usr/libexec/slapd -Tt
8. restart the service
sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist
9. If the above does not work, try:
sudo db_recover -cv -h /var/db/openldap/authdata/
then I restart the service with step 8.
sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist
This usually fixes the problem... but in some cases you need to restore like llange explaines in his post.
First best is to check the disk you may do so either using the recovery partition or single user (cmd - S at startup) then type :
fsck -fy
QWERTY keyboard the dash is 2 key left from backspace.
To re-import a corrupted database from a backup you should backup and replace the following files/ folders :
- var/db/openldap/
- usr/bin/db_recover
Not sure it's necessary but if you have removed the LDAPv3 entry in the System keychain :
- Library/Keychains/System.keychain
The try a recovery…
Then you should repair disk permissions from a terminal (not single user) :
diskutil repairPermissions /
If after the recovery you experience problem connecting to services check the configuration under "Services" tab in Directory Utility.