Hi guys
In case this helps someone.
I ran into this problem with our 900 user OD database. At first, I assumed that the OD got corrupted, but since all existing users were able to login and did not notice any problems, I successfully tried this:
- Create an OD master archive on the no longer working server through the GUI or CLI (this should still work flawlessly).
- Restore the server to a working state from a backup (TimeMachine or whatever method you have implemented). From my experience, the OD database from the Time Machine backup is not up-to-date, even if you choose the latest backup.
- Destroy the OD Master, then create a new one with the previously created OD sparseimage. All your users and passwords will be restored and can be changed again.
The LDAP database or the server services themselves don't seem to be the problem. Somehow, the connection from the OS to the Server breaks which eventually leads to a password read only database. I (and all my Google-foo) was not able to fix this problem but the above procedure helped to get the system back online within 30 minutes. No user reimport or password reset necessary.
Nevertheless, we've now had it with Apple's toy server. They went from a stable and solid server OS to a useless piece of buggy app-crap. For serious work, we need a reliable and proven LDAP implementation and will therefore switch to AD.
My hearfelt sympathy to all sysadmin night-shifts this obvious bug has created đ
Kevin