Le 10/03/2019 à 00:58, Howard Chu a écrit :
Abdelkader Chelouah wrote:
Hi,

slapd 2.4.44

OpenLDAP instance configure as a proxy (back-ldap)


>From time to time, bind operations can take more than 5 sec. These latencies do not seem to come from a CPU or memory problem. I'm trying to see if the network
can be the root cause of the issue. To debug the fonction ldap_sasl_bind (libraries/libldap/sasl.c), I activated trace loglevel (logs are manage by rsyslog). In
the definition of ldap_sasl_bind, there is

Debug( LDAP_DEBUG_TRACE, "ldap_sasl_bind\n", 0, 0, 0 );

A least the message "ldap_sasl_bind" should appear in logs, which is not the case. Actually, Debug (which is first defined in include/ldap_log.h) is redefined
in libraries/libldap/ldap-int.h

...

#include "ldap_log.h"

#undef Debug

#ifdef LDAP_DEBUG

#define DebugTest( level ) \
        ( ldap_debug & level )

#define Debug( level, fmt, arg1, arg2, arg3 ) \
        do { if ( ldap_debug & level ) \
        ldap_log_printf( NULL, (level), (fmt), (arg1), (arg2), (arg3) ); \
        } while ( 0 )

#define LDAP_Debug( subsystem, level, fmt, arg1, arg2, arg3 )\
        ldap_log_printf( NULL, (level), (fmt), (arg1), (arg2), (arg3) )
configure
#else

#define DebugTest( level )                                    (0 == 1)
#define Debug( level, fmt, arg1, arg2, arg3 )                 ((void)0)
#define LDAP_Debug( subsystem, level, fmt, arg1, arg2, arg3 ) ((void)0)

#endif /* LDAP_DEBUG */

...

A a result, the message is send to standard output. By using rsyslog, it is not possible to catch any message inside ldap_sasl_bind.


How to get stdout and stderr messages and still use rsyslog to manage openldap logs ?
syslog is not fast enough to handle the debug traffic.

You could use ber_set_option() to override the log output functions, and have them write
messages both to rsyslog and stderr. But using syslog on every debug message will slow
things down more than 10x.

Hello Howard,


Thanks to your help, I'm now able to send slapd messages both to rsyslog and stderr when I use the '-d' option of slapd. For information, the latencies were due to a DNS resolution problem. In detached mode, ie, without the '-d' option, messages are redirected to /dev/null.

$ grep -B 1 dup2 libraries/liblutil/detach.c
                        /* redirect stdin, stdout, stderr to /dev/null */
                        dup2( sd, STDIN_FILENO );
                        dup2( sd, STDOUT_FILENO );
                        dup2( sd, STDERR_FILENO );


For debugging purpose, I want to be able to switch back and forth from "stats" to "stats trace" log levels, which is not possible when slapd starts in background. Is there any way to to this ?


Thanks in advance.