On Wednesday, 2 February 2011 21:48:00 John Espiro wrote:
On 2/2/2011 8:13 PM, Dieter Kluenter wrote:
Am Wed, 02 Feb 2011 19:43:27 +0100
schrieb John Espiro john_espiro@yahoo.com:
I have tied in a few things such as openid-ldap and openfire to use my ldap backend for authentication. I am wondering if it is possible to collect error logs for any invalid attempt that a user tries with these various applications. Rather than handling it at the application level, can I get openldap to log these events? If so, can someone point me to a link that explains it?
OpenLDAP logs to local4, thus you may configure syslog to print slapd logs to a particular logfile. Next set a decent loglevel, stats or acl, grep slapd.log for err=49
-Dieter
Thanks for this, it makes sense. Where do I put the loglevel paramter? I don't have a slapd.conf, but I do have /etc/ldap.conf -- but putting it in there doesn't seem to have any effect.
1)Please see your distributions documentation for how they configure OpenLDAP by default.
2)If I were to guess (since you didn't supply much useful information, such as whether this is Ubuntu, Fedora, or RHEL6), it would be that you should read 'man slapd-config' and search for olcLoglevel, and that you may have an /etc/ldap/slapd.d or /etc/openldap/slapd.d directory (which you shouldn't modify, slapd is supposed to do that), you *may* be able to modify this by default over the "wire" with with a SASL EXTERNAL bind to the URI ldapi:/// as the root user.
So, this may work:
# echo -e 'URI ldapi:///\nSASL_MECH EXTERNAL' > ~/.ldaprc # echo -e 'dn: cn=config\nreplace: olcLogLevel\nolcLogLevel: stats'|ldapmodify
Or not.
But, they should have made this abundantly clear to you.
(I personally feel that distributions defaulting to back-config at present is premature, or under-documented in the distribution.)
Regards, Buchan