Restoring Open Directory from Time Machine on Mountain Lion

 Posted on June 20, 2013  |  Erik

I just ran across an ugly situation where my Open Directory account went bad and was refusing to login to any services.

I was seeing these repeated errors in the System log :

Jun 20 18:40:51 www.infrageeks.com PasswordService[168]: -[AuthDBFile getPasswordRec:putItHere:unObfuscate:]: no entries found for d24bd7b0-d8a7-11e1-ad93-000c29b10837
Jun 20 18:40:51 www.infrageeks.com log[3195]: auth: Error: od(erik,192.168.2.222): Credential operation failed because an invalid parameter was provided.
Jun 20 18:40:51 www.infrageeks.com log[3195]: auth: Error: od(erik,192.168.2.222): authentication failed for user=erik, method=CRAM-MD5

Which were all of my various devices trying to catch up on mail.

So the obvious thing to do is restore Open Directory. But I know that I had made a number of changes since the last archive operation (yes, bad me) so I needed another way to get this back up and running quickly.

I do backup the server using Time Machine, SuperDuper and zfs snapshots, so I could easily do a full rollback to a previous point in time, but I would also lose whatever mail had arrived in the meantime. And the problem is so specific, I should be able to fix it by restoring just the Open Directory data.

So here’s how to restore your Open Directory from a Time Machine backup. Some steps can be accomplished different ways, but this is probably overall the easiest way.

  • On the server, go to the Time Machine menu item and select enter Time Machine. This will mount your Time Machine disk image automatically.

  • On another machine open up an ssh session as an administrator (or you can mount the Time Machine backup image manually and do this locally)

  • sudo bash to get a root shell (the Open Directory files are not accessible to a regular admin account)

  • Stop the Open Directory Service with “serveradmin stop dirserv”

  • cd to /Volumes/Time Machine Backups/Backups.backupdb/servername

  • Here you will find a list of directories with the Time Machine backup sessions. Find one that is just before OD started going south and cd into it and descend to :

  • /Volumes/Time Machine Backups/Backups.backupdb/servername/date/servername/private/var/db

  • Then sync the data from the backup onto the source disk with :

  • rsync -av openldap/ /private/var/db/openldap/

  • Start the Open Directory Service with “serveradmin start dirserv”

You should be back in business.