Sudo db_recover -cv -h /var/db/openldap/authdata/ Sudo db_recover -cv -h /var/db/openldap/openldap-data/ In the majority of cases, it’s pretty straightforward to fix – and again I’ve got no idea why this isn’t part of the startup process for OpenLDAP if something goes wrong…Īnyway, if Open Directory won’t load, or isn’t showing you any users, nine times out of ten, it’s one or the other of the OpenLDAP databases that are corrupt.įix them like so: sudo launchctl unload /System/Library/LaunchDaemons/
I don’t know why the databases that OpenLDAP uses are so fragile, and therefore why Open Directory looses it’s shit nearly every single time you have to force a server to restart, but they are and it does. Long story short however, you need to migrate away from macOS Server. For a robust and scalable MDM solution, do not use Profile Manager, instead I recommend using something like Mosyle as a good MDM solution. These network services can likely also be handled via your router/firewall. Synology can also provide many of the other network services that Server previously supplied – DHCP, DNS etc.
Synology is a far more suitable platform for file services and directory services (via its built-in file sharing and LDAP server). Profile Manager is not a suitable MDM solution for production use, so you really should not be relying on Server for anything at all these days. Server has been pretty much deprecated since then, with Apple pulling out all the useful features (like DHCP, DNS and even robust File Sharing) and reducing it to nothing more than Xsan and Profile Manager. This post was originally written six years ago, when Apple were still promoting the use of Server with Open Directory. If you are still relying on macOS Server however, you need to migrate to another platform with some degree of urgency. People seem to still be hitting this story, and by and large these steps usually work.