I am running OpenLDAP version 2.3.27 as distributed with CentOS 5.2.
I want to set 'loglevel' in slapd.conf so that I will be able to see the details of what a client is sending to slapd when it modifies entries for a dn. Specifically I would like to see which attributes the client is requesting to modify for the dn and the values it is sending for those attributes.
What value for 'loglevel' results in the least verbose logging but would still show me that information?
Sincerely,
Scott
On Mon, 13 Apr 2009, Scott Koranda wrote:
I want to set 'loglevel' in slapd.conf so that I will be able to see the details of what a client is sending to slapd when it modifies entries for a dn. Specifically I would like to see which attributes the client is requesting to modify for the dn and the values it is sending for those attributes.
What value for 'loglevel' results in the least verbose logging but would still show me that information?
modify.c: Statslog( LDAP_DEBUG_STATS, "%s MOD attr=%s\n",
so loglevel stats.
On Mon, 13 Apr 2009, Scott Koranda wrote:
I want to set 'loglevel' in slapd.conf so that I will be able to see the details of what a client is sending to slapd when it modifies entries for a dn. Specifically I would like to see which attributes the client is requesting to modify for the dn and the values it is sending for those attributes.
What value for 'loglevel' results in the least verbose logging but would still show me that information?
modify.c: Statslog( LDAP_DEBUG_STATS, "%s MOD attr=%s\n",
so loglevel stats.
Thanks for the quick response.
I changed 'loglevel' to 'stats' and restarted slapd and then made a test modification using the ldapmodify command line tool. Specifically I modified the 'mail' attribute for
dn: employeeNumber=882,ou=people,dc=myorg,dc=org
and then I checked using ldapsearch that the attribute was indeed modified.
I see this in the log file for the modification:
Apr 13 18:03:05 oregano slapd[3803]: conn=10383 op=1 MOD dn="employeeNumber=882,ou=people,dc=myorg,dc=org" Apr 13 18:03:05 oregano slapd[3803]: conn=10383 op=1 MOD attr=mail Apr 13 18:03:06 oregano slapd[3803]: conn=10383 op=1 RESULT tag=103 err=0 text= Apr 13 18:03:06 oregano slapd[3803]: conn=10383 op=2 UNBIND Apr 13 18:03:06 oregano slapd[3803]: conn=10383 fd=17 closed
So I can see that a modification is being made to the attribute 'mail' but I cannot see what modification the client is sending in.
Is there a loglevel that will show me the value being sent by the client for the attribute that is being modified?
Thanks,
Scott
On Mon, 13 Apr 2009, Scott Koranda wrote:
Is there a loglevel that will show me the value being sent by the client for the attribute that is being modified?
Well, yeah, loglevel packets ;)
Suggest you consider slapo-accesslog(5). Try http://www.openldap.org/lists/openldap-software/200901/msg00102.html for a real world example.
On Mon, 13 Apr 2009, Scott Koranda wrote:
Is there a loglevel that will show me the value being sent by the client for the attribute that is being modified?
Well, yeah, loglevel packets ;)
I modified slapd.conf so that
loglevel 16 256
I believe from the man page of slapd.conf that should cover "packets"
16 (0x10 BER) print out packets sent and received
and "stats"
256 (0x100 stats) stats log connections/operations/results
I then restarted slapd and made a modification again to the 'mail' attribute for a particular DN and verified that the modification worked. In the log file I see this:
Apr 13 18:03:05 oregano slapd[3803]: conn=10383 op=1 MOD dn="employeeNumber=882, ou=people,dc=myorg,dc=org" Apr 13 18:03:05 oregano slapd[3803]: conn=10383 op=1 MOD attr=mail Apr 13 18:03:06 oregano slapd[3803]: conn=10383 op=1 RESULT tag=103 err=0 text= Apr 13 18:03:06 oregano slapd[3803]: conn=10383 op=2 UNBIND Apr 13 18:03:06 oregano slapd[3803]: conn=10383 fd=17 closed
So I am still not seeing the value for the attribute that the client is being passed.
Suggest you consider slapo-accesslog(5). Try http://www.openldap.org/lists/openldap-software/200901/msg00102.html for a real world example.
Thanks. I will indeed look into that module.
Still, since not all the OpenLDAP slapd servers I would like to support are under my direct administrative control I would still be interested in hearing of configurations to loglevel that would show the values for attributes being modified or added.
Thanks,
Scott
Scott Koranda wrote:
On Mon, 13 Apr 2009, Scott Koranda wrote:
Is there a loglevel that will show me the value being sent by the client for the attribute that is being modified?
Well, yeah, loglevel packets ;)
I modified slapd.conf so that
loglevel 16 256
I believe from the man page of slapd.conf that should cover "packets"
packet tracing never goes to syslog. It's only usable with the slapd -d debug switch.
openldap-software@openldap.org
-
Aaron Richton -
Howard Chu -
Scott Koranda