I don’t know why the databases that OpenLDAP uses are so fragile, and therefore why Open Directory looses it’s shit nearly every single time you have to force a server to restart, but they are and it does.
In the majority of cases, it’s pretty straightforward to fix – and again I’ve got no idea why this isn’t part of the startup process for OpenLDAP if something goes wrong…
Anyway, if Open Directory won’t load, or isn’t showing you any users, nine times out of ten, it’s one or the other of the OpenLDAP databases that are corrupt.
Fix them like so:
sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist sudo /usr/libexec/slapd -Tt sudo db_recover -cv -h /var/db/openldap/openldap-data/ sudo db_recover -cv -h /var/db/openldap/authdata/ sudo /usr/libexec/slapd -Tt sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist
If this sequence of commands doesn’t fix it, then you will need to restore the LDAP databases from backup, which can generally be done with the following command:
sudo slapconfig -restoredb /private/var/backups/ServerBackup_OpenDirectoryMaster.sparseimage
Edit: September 2018 – I’ve rolled these steps into an AppleScript app that you can download and run to run the db_recover repair automatically.