I was wondering whether it is possible to create an openldap log file as a regular user.
I have already tried editing syslog.conf with local4.* and restarting syslogd. This works fine, but requires root access and I am interested in enabling ldap logging as a non-root user.
I have compiled openldap 2.3.27 as a regular user on Redhat Enterprise Linux 5.2 with the following configuration:
./configure --prefix=/home/myuser/local/ --enable-syslog --sysconfdir=/home/myuser/local
I found some information about a "logfile" directive that can be used in slapd.conf (http://www.zytrax.com/books/ldap/ch6/#logfile), but I do not know if it is valid.
I added the following in my slapd.conf and restarted slapd (I had already created the slapd.log file before restarting slapd):
#define the logfile logfile /home/myuser/local/openldap/slapd.log
#define the level of detail in the logs loglevel 256
However this configuration does not seem to work.
Any advise on this issue would be more than welcomed.
Thank you and best regards,
Kostas
On 01/07/2010 04:22 AM, Konstantinos Tripolitis wrote:
However this configuration does not seem to work.
Doesn't work how?
If the configuration file is not being created, check the user that runs slapd. Does that user have the appropriate permission to write to the directory?
Running slapd from the command-line with -d 1 may prove helpful as well.
Most importantly, however -- 2.3.27 is *extremely* old. Upgrade.
On Thu, 7 Jan 2010, Konstantinos Tripolitis wrote:
I have already tried editing syslog.conf with local4.* and restarting syslogd. This works fine, but requires root access and I am interested in enabling ldap logging as a non-root user.
Well, to configure, yes; but typically not to actually use...try as a normal user:
$ logger -t IMightBeSlapd -p local4.error AndImWritingALogWithNoPrivileges
I get:
Jan 7 11:21:20 psx IMightBeSlapd: AndImWritingALogWithNoPrivileges
If you don't see something like that, you need to work on your syslog configuration (admittedly as root).
I added the following in my slapd.conf and restarted slapd (I had already created the slapd.log file before restarting slapd):
#define the logfile logfile /home/myuser/local/openldap/slapd.log
#define the level of detail in the logs loglevel 256
However this configuration does not seem to work.
logfile is valid, but it just mirrors what goes to stderr (which is not necessarily the same as what would go to syslog). IMO you'd be better off going through syslog, but you were probably trying to get something along the lines of:
$ slapd -d 256 > logfile 2>&1 &
(note that I'm using bash there, you may need to adjust for your shell.) The final "&" is because -d command line option causes no-fork (see slapd(8) man page).
openldap-software@openldap.org
-
Aaron Richton -
Konstantinos Tripolitis -
Owen Marshall