Fortunately, the brokenness didn't replicate to my replicas. Here's how I fixed everything: (rebooting in between almost every step)
- promote a Replica (computer #2) to become a Master
- demote original Master (computer #1) to standalone
- set original Master (#1) as a Replica of my new Master (#2)
- promote #1 to Master
- restore OD from backup (http://www.macresearch.org/tutorial-backup-your-open-directory-server-using-launchd)
- demote #2 to standalone
- set #2 as replica of #1
Now those two machines are happy.
Oops, I have two other servers that used to be Replicas of #1. But I didn't destroy the OD Replica before doing all the above steps. Now when I try to set them as standalone in Server Admin, it goes through the motions, and even says that the server has been set up as standalone, but then the OD panel still reports the machine is an OD Replica. Gah!
Google helped. And looking at the slapconfig log. And a little bit of carelessness (aka, "it's already broke, I'm probably not gonna make it worse").
Here's what fixed the Replicas:
sudo slapconfig -destroyldapserver
sudo slapconfig -setstandalone
Then recreate the Replica in Server Admin like normal.
Unfortunate side-effect, hopefully it doesn't mean things are broken again: now nothing shows up in my OD Master's Replica Tree. (Replica Status reports all three Replicas are OK, though)
Lastly, although one of my Replicas does still show up in the Replica Status as OK, when I open WGM on that machine the users and groups are non-editable, same symptom that told me the OD was corrupt in the first place. So running the
slapconfigcommands was still necessary.