slapd, which I always imagine as a daemon that constantly slaps you in the face) can't start, everything that relies on it will fail. That's usually bad.
You see errors like this:
8/9/10 12:11:55 PM com.apple.launchd (org.openldap.slapd) Exited with exit code: 1
8/9/10 12:11:55 PM com.apple.launchd (org.openldap.slapd) Throttling respawn: Will start in 10 seconds
If you run slapd in Tool mode, you can figure out the exact problem, and it'll probably look something like this:
$ /usr/libexec/slapd -Tt
bdb(dc=example,dc=com): PANIC: fatal region error detected; run recovery
bdb_db_open: Database cannot be opened, err -30978. Restore from backup!
bdb(dc=example,dc=com): DB_ENV->lock_id_free interface requires an environment configured for the locking subsystem
backend_startup_one: bi_db_open failed! (-30978)
The problem is that the Berkeley DB that holds all of OpenLDAP's information has become corrupted. It happens, and it's what the
db_recovercommand is for.
First things first: make sure slapd is not running before trying to recover the database.
$ sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist
By default, db_recover uses the current working directory as the home for the database environment. You can specify that with the -h flag, or you can just go there first.
$ cd /var/db/openldap/openldap-data
You should probably back up the contents of this folder before continuing. You can just copy the openldap-data folder to another folder, or use tar, but you should back it up. Just in case.
db_recoverto fix whatever is broken.
$ sudo /usr/bin/db_recover
Once that's done (and it shouldn't take long), run
slapd -Ttagain to make sure it did the trick. It should just tell you that it verified the config file. Reload the slapd launchdaemon, and (hopefully) it will launch.
$ sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist
I should point out that you should absolutely be taking periodic archives of Open Directory. You can do that from Server Admin, or you can script it using the
serveradmincommand, but you need to do it. The OpenLDAP database isn't the only thing that can get corrupted, and sometimes restoring from an Open Directory Archive is the only way you'll get things working again.