Recovering A Corrupt LDAP Database On OS X Server

By Richard Mallion

A couple of times recently I have been asked to recover Open Directory running on Mac OS X Server. Each time the server was an Open Directory Master and its LDAP database had become corrupted, causing authentication issues for their clients and services. No replicas or backups where available (Remember to always backup :-) )

For each server I was able to repair the LDAP database using built in tools that Apple supply.

If you find yourself in this situation here is how to recover the database.

Apple supply a command line tool named `db_recover` which we can use to repair the LDAP database.

The database itself can be found here, /var/db/openldap folder. Even thou it is corrupted its always best to make a copy of it before attempting the repair.

To perform the repair run the `db_recover`tool:

sudo db_recover -h /var/db/openldap/openldap-data/

After a few seconds the tool should have finished. Reboot the server and see if its worked. In the past I have had to run this tool a few times in order for the database to be fully recovered.