Glad You're Ready. Let's Get Started!

Let us know how we can contact you.

Thank you!

We'll respond shortly.

  • Blog Navigation
Recovering OS X Open Directory from Backup

Lost Open Directory Database

You’ve lost your Open Directory server database. You need to recover it, but you don’t have an Open Directory Archive, and you don’t have a replica that you can promote. And you don’t want to restore the entire server, either.

This blog post covers how to restore an Open Directory database from backup.


This blog post is directed towards system administrators

  • who have an Open Directory Server that is running OS X Snow Leopard 10.6.8 (this procedure would probably run under other versions of Snow Leopard, but we haven’t tested it)
  • who do not have a replica that they can promote
  • who do not have a conventional Open Directory backup (i.e. Server Admin → Open Directory → Archive)
  • who want to do a surgical restore of just the Open Directory; who do not want to touch the other parts of the system
  • who have backed up their files.


This procedure worked for us; it may not work for you. YMMV. There is no warranty, express or implied. This is by no means an Apple-approved procedure.

Open Directory

Open Directory is a tightly integrated application that includes OpenLDAP, kerberos, and Apple’s password service. For a successful recovery, you need to restore the records for all 3 services.


Your Open Directory Server needs to be configured as a server (not replica). If it’s configured as a replica, re-configure it as a standalone server before you begin.

First, shut down the relevant daemons (slapd/OpenLDAP, kerberos, Password Service).

sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist
sudo launchctl unload /System/Library/LaunchDaemons/
sudo launchctl unload /System/Library/LaunchDaemons/
sudo launchctl unload /System/Library/LaunchDaemons/

Check to make sure the processes aren’t running (we’re being very careful, maybe even paranoid):

ps auxwww | egrep "slapd|kadmin|krb5|Pass"

Move the old files out of the way:

sudo mv -i /var/db/openldap{,-broke}
sudo mv -i /var/db/krb5kdc{,-broke}
sudo mv -i /var/db/authserver{,-broke}
sudo mv -i /etc/krb5.keytab{,-broke}
sudo mv -i /Library/Preferences/{,-broke}

Restore the files from backup (your backup directory, e.g. “/Volumes/Backup/yesterday”, may differ):

sudo rsync -avH /Volumes/Backup/yesterday/private/var/db/openldap /var/db/
sudo rsync -avH /Volumes/Backup/yesterday/private/var/db/krb5kdc /var/db/
sudo rsync -avH /Volumes/Backup/yesterday/private/var/db/authserver /var/db/
sudo rsync -avH /Volumes/Backup/yesterday/private/etc/krb5.keytab /etc/
sudo rsync -avH /Volumes/Backup/yesterday/Library/Preferences/ /Library/Preferences/

Double-check that they’re in place (yes, paranoia again):

sudo ls -l /var/db/{krb5kdc,openldap,authserver} /etc/krb5.keytab /Library/Preferences/

Reboot the machine:

sudo shutdown -r now

When the machine comes up, you should have recovered your Open Directory database to the same state as it was when you performed your backup.

Good luck.

  • Roland

    Thank you very much!
    That helped a lot and works also on OS 10.8

  • This saved my day! Thanks!

    Gil Anspacher, Technology Coordinator
    Virgin Islands Montessori School & Peter Gruber International Academy

  • Brian Cunnie

    Roland & Gil:

    I’m glad that this procedure worked for you, and Roland thanks for the tip that it still works under OS 10.8.

    I forget exactly what led up to losing our Open Directory database (it was something I had done), but I had an extremely uncomfortable 48 hours while I struggled to bring everything back up, and I’m happy that I was able to spare you some of that discomfort.



  • Simon Bevan

    Thank you very much.

    A clients 10.8.5 locked up during a restart corrupting the open directory.

    These instructions helped me recover the OD from a recent backup.


  • Robert Hartshorn

    Awesome tutorial!

    What backup scheme do you use that is compatible with this method of recovery? Aside from archiving via server admin, what is the best method of backing up open directory dbs on Snow Leopard Server?


    • Brian Cunnie

      Hi Robert,

      We use for our backups, and we’ve been fairly pleased with it. If you use FreeBSD, you may already be familiar with tarsnap. It was created by Colin Percival, IIRC, who also wrote rsync, IIRC.

      Tarsnap doesn’t guarantee that the backup is consistent, but our Open Directory database is not very volatile (no one is adding records to at 3 a.m. when our backup is running), so we’re fairly sure that our database is effectively quiesced during backup,



  • Worked also on a 10.10 Yosemite Server, the paths are different:




    • Brian Cunnie

      Thanks Norbert! Your hard work may one day save someone’s job.

Share This