3:36 p.m.
Yes. Logging now continues to work after changes to config.
But - adding levels works on the fly, but removing them doesn't.
For instance this works fine:
olcLogLevel: stats
If I change it to "stats ACL" then the ACL data starts getting added to the
log. No restart required.
If I change it back to "stats" I keep getting ACL data until the directory
is restarted.
Nick
On Wed, Sep 29, 2021 at 5:49 PM Quanah Gibson-Mount <quanah(a)symas.com>
wrote:
--On Wednesday, September 29, 2021 9:17 AM -0400 Nick Folino
<nick(a)folino.us> wrote:
>
> I don't know what the expected results should be, but changing
> olcLogLevel while running causes all logging to the specified file to
> stop.
>
> Logging starts with the new level upon restart.
This should now be fixed. :)
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
3:53 p.m.
New subject: OpenLDAP 2.6.0 testing call
Nick Folino wrote:
Yes. Logging now continues to work after changes to config.
But - adding levels works on the fly, but removing them doesn't.
For instance this works fine:
olcLogLevel: stats
If I change it to "stats ACL" then the ACL data starts getting added to the
log. No restart required.
If I change it back to "stats" I keep getting ACL data until the directory is
restarted.
That's the normal way it has always worked. If you want to remove flags, you must
first explicitly
set it to zero, and then set your desired level in a subsequent Modify request.
Nick
On Wed, Sep 29, 2021 at 5:49 PM Quanah Gibson-Mount <quanah(a)symas.com
<mailto:quanah@symas.com>> wrote:
--On Wednesday, September 29, 2021 9:17 AM -0400 Nick Folino
<nick(a)folino.us <mailto:nick@folino.us>> wrote:
>
> I don't know what the expected results should be, but changing
> olcLogLevel while running causes all logging to the specified file to
> stop.
>
> Logging starts with the new level upon restart.
This should now be fixed. :)
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
4:24 p.m.
New subject: OpenLDAP 2.6.0 testing call
Got it. Tested and working as you described. Thank you!
Nick
On Wed, Sep 29, 2021 at 6:53 PM Howard Chu <hyc(a)symas.com> wrote:
Nick Folino wrote:
> Yes. Logging now continues to work after changes to config.
>
> But - adding levels works on the fly, but removing them doesn't.
> For instance this works fine:
> olcLogLevel: stats
>
> If I change it to "stats ACL" then the ACL data starts getting added to
the log. No restart required.
> If I change it back to "stats" I keep getting ACL data until the
directory is restarted.
That's the normal way it has always worked. If you want to remove flags,
you must first explicitly
set it to zero, and then set your desired level in a subsequent Modify
request.
>
> Nick
>
> On Wed, Sep 29, 2021 at 5:49 PM Quanah Gibson-Mount <quanah(a)symas.com
<mailto:quanah@symas.com>> wrote:
>
>
>
> --On Wednesday, September 29, 2021 9:17 AM -0400 Nick Folino
> <nick(a)folino.us <mailto:nick@folino.us>> wrote:
>
> >
> > I don't know what the expected results should be, but changing
> > olcLogLevel while running causes all logging to the specified file
to
> > stop.
> >
> > Logging starts with the new level upon restart.
>
> This should now be fixed. :)
>
> --Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by
OpenLDAP:
> <http://www.symas.com>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
6:35 p.m.
New subject: OpenLDAP 2.6.0 testing call
--On Thursday, September 30, 2021 12:53 AM +0100 Howard Chu <hyc(a)symas.com>
wrote:
Nick Folino wrote:
> Yes. Logging now continues to work after changes to config.
>
> But - adding levels works on the fly, but removing them doesn't.
> For instance this works fine:
> olcLogLevel: stats
>
> If I change it to "stats ACL" then the ACL data starts getting added to
> the log. No restart required. If I change it back to "stats" I keep
> getting ACL data until the directory is restarted.
That's the normal way it has always worked. If you want to remove flags,
you must first explicitly set it to zero, and then set your desired level
in a subsequent Modify request.
That is not the behavior I see in 2.4 or 2.5:
a) I start with loglevel stats, this is what is logged when I search:
Sep 30 01:30:53 ub18 slapd[5980]: conn=1000 fd=13 ACCEPT from
PATH=/var/symas/run/ldapi (PATH=/var/symas/run/ldapi)
Sep 30 01:30:53 ub18 slapd[5980]: conn=1000 op=0 BIND dn="" method=128
Sep 30 01:30:53 ub18 slapd[5980]: conn=1000 op=0 RESULT tag=97 err=0
qtime=0.000103 etime=0.000254 text=
Sep 30 01:30:53 ub18 slapd[5980]: conn=1000 op=1 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
Sep 30 01:30:53 ub18 slapd[5980]: conn=1000 op=1 SEARCH RESULT tag=101
err=0 qtime=0.000065 etime=0.000389 nentries=1 text=
Sep 30 01:30:53 ub18 slapd[5980]: conn=1000 op=2 UNBIND
Sep 30 01:30:53 ub18 slapd[5980]: conn=1000 fd=13 closed
b) I do an ldapmodify to add olcLogLevel: acl
ldapmodify -x -H ldapi:/// -D cn=config -w secret
dn: cn=config
changetype: modify
add: olcLogLevel
olcLogLevel: acl
Sep 30 01:31:12 ub18 slapd[5980]: conn=1001 fd=13 ACCEPT from
PATH=/var/symas/run/ldapi (PATH=/var/symas/run/ldapi)
Sep 30 01:31:12 ub18 slapd[5980]: conn=1001 op=0 BIND dn="cn=config"
method=128
Sep 30 01:31:12 ub18 slapd[5980]: conn=1001 op=0 BIND dn="cn=config"
mech=SIMPLE bind_ssf=0 ssf=71
Sep 30 01:31:12 ub18 slapd[5980]: conn=1001 op=0 RESULT tag=97 err=0
qtime=0.000054 etime=0.000739 text=
Sep 30 01:31:26 ub18 slapd[5980]: conn=1001 op=1 MOD dn="cn=config"
Sep 30 01:31:26 ub18 slapd[5980]: conn=1001 op=1 MOD attr=olcLogLevel
Sep 30 01:31:26 ub18 slapd[5980]: <= acl_access_allowed: granted to
database root
Sep 30 01:31:26 ub18 slapd[5980]: conn=1001 op=1 RESULT tag=103 err=0
qtime=0.000160 etime=0.005237 text=
Sep 30 01:31:27 ub18 slapd[5980]: conn=1001 op=2 UNBIND
Sep 30 01:31:27 ub18 slapd[5980]: conn=1001 fd=13 closed
c) I do a search (now at loglevel stats + acl)
Sep 30 01:31:30 ub18 slapd[5980]: conn=1002 fd=13 ACCEPT from
PATH=/var/symas/run/ldapi (PATH=/var/symas/run/ldapi)
Sep 30 01:31:30 ub18 slapd[5980]: conn=1002 op=0 BIND dn="" method=128
Sep 30 01:31:30 ub18 slapd[5980]: conn=1002 op=0 RESULT tag=97 err=0
qtime=0.000023 etime=0.000063 text=
Sep 30 01:31:30 ub18 slapd[5980]: conn=1002 op=1 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
Sep 30 01:31:30 ub18 slapd[5980]: => access_allowed: search access to ""
"objectClass" requested
Sep 30 01:31:30 ub18 slapd[5980]: => slap_access_allowed: backend default
search access granted to "(anonymous)"
Sep 30 01:31:30 ub18 slapd[5980]: => access_allowed: search access granted
by read(=rscxd)
Sep 30 01:31:30 ub18 slapd[5980]: => access_allowed: read access to ""
"entry" requested
Sep 30 01:31:30 ub18 slapd[5980]: => slap_access_allowed: backend default
read access granted to "(anonymous)"
Sep 30 01:31:30 ub18 slapd[5980]: => access_allowed: read access granted by
read(=rscxd)
Sep 30 01:31:30 ub18 slapd[5980]: => access_allowed: result not in cache
(objectClass)
Sep 30 01:31:30 ub18 slapd[5980]: => access_allowed: read access to ""
"objectClass" requested
Sep 30 01:31:30 ub18 slapd[5980]: => slap_access_allowed: backend default
read access granted to "(anonymous)"
Sep 30 01:31:30 ub18 slapd[5980]: => access_allowed: read access granted by
read(=rscxd)
Sep 30 01:31:30 ub18 slapd[5980]: => access_allowed: result was in cache
(objectClass)
Sep 30 01:31:30 ub18 slapd[5980]: conn=1002 op=1 SEARCH RESULT tag=101
err=0 qtime=0.000021 etime=0.000294 nentries=1 text=
Sep 30 01:31:30 ub18 slapd[5980]: conn=1002 op=2 UNBIND
Sep 30 01:31:30 ub18 slapd[5980]: conn=1002 fd=13 closed
d) I do an ldapmodify to *only* remove ACL level logging (so at loglevel
stats at the end):
ldapmodify -x -H ldapi:/// -D cn=config -w secret
dn: cn=config
changetype: modify
delete: olcLogLevel
olcLogLevel: acl
Sep 30 01:31:36 ub18 slapd[5980]: conn=1003 fd=13 ACCEPT from
PATH=/var/symas/run/ldapi (PATH=/var/symas/run/ldapi)
Sep 30 01:31:36 ub18 slapd[5980]: conn=1003 op=0 BIND dn="cn=config"
method=128
Sep 30 01:31:36 ub18 slapd[5980]: conn=1003 op=0 BIND dn="cn=config"
mech=SIMPLE bind_ssf=0 ssf=71
Sep 30 01:31:36 ub18 slapd[5980]: fe_op_lastbind: old pwdLastSuccess
value=20210930013112Z 24s ago
Sep 30 01:31:36 ub18 slapd[5980]: <= acl_access_allowed: granted to
database root
Sep 30 01:31:36 ub18 slapd[5980]: <= acl_access_allowed: granted to
database root
Sep 30 01:31:36 ub18 slapd[5980]: conn=1003 op=0 RESULT tag=97 err=0
qtime=0.000066 etime=0.001535 text=
Sep 30 01:31:48 ub18 slapd[5980]: conn=1003 op=1 MOD dn="cn=config"
Sep 30 01:31:48 ub18 slapd[5980]: conn=1003 op=1 MOD attr=olcLogLevel
Sep 30 01:31:48 ub18 slapd[5980]: <= acl_access_allowed: granted to
database root
Sep 30 01:31:48 ub18 slapd[5980]: conn=1003 op=1 RESULT tag=103 err=0
qtime=0.000097 etime=0.001499 text=
Sep 30 01:31:49 ub18 slapd[5980]: conn=1003 op=2 UNBIND
Sep 30 01:31:49 ub18 slapd[5980]: conn=1003 fd=13 closed
e) I do an ldapsearch (so at loglevel stats):
Sep 30 01:31:52 ub18 slapd[5980]: conn=1004 fd=13 ACCEPT from
PATH=/var/symas/run/ldapi (PATH=/var/symas/run/ldapi)
Sep 30 01:31:52 ub18 slapd[5980]: conn=1004 op=0 BIND dn="" method=128
Sep 30 01:31:52 ub18 slapd[5980]: conn=1004 op=0 RESULT tag=97 err=0
qtime=0.000083 etime=0.000179 text=
Sep 30 01:31:52 ub18 slapd[5980]: conn=1004 op=1 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
Sep 30 01:31:52 ub18 slapd[5980]: conn=1004 op=1 SEARCH RESULT tag=101
err=0 qtime=0.000176 etime=0.000428 nentries=1 text=
Sep 30 01:31:52 ub18 slapd[5980]: conn=1004 op=2 UNBIND
Sep 30 01:31:52 ub18 slapd[5980]: conn=1004 fd=13 closed
Zero need to restart slapd or use a replace op to reset the logging.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
8:09 p.m.
New subject: OpenLDAP 2.6.0 testing call
Quanah Gibson-Mount wrote:
--On Thursday, September 30, 2021 12:53 AM +0100 Howard Chu <hyc(a)symas.com> wrote:
> Nick Folino wrote:
>> Yes. Logging now continues to work after changes to config.
>>
>> But - adding levels works on the fly, but removing them doesn't.
>> For instance this works fine:
>> olcLogLevel: stats
>>
>> If I change it to "stats ACL" then the ACL data starts getting added
to
>> the log. No restart required. If I change it back to "stats" I keep
>> getting ACL data until the directory is restarted.
>
> That's the normal way it has always worked. If you want to remove flags,
> you must first explicitly set it to zero, and then set your desired level
> in a subsequent Modify request.
That is not the behavior I see in 2.4 or 2.5:
The code has been like that since 2007.
dda5e199043 (Howard Chu 2007-05-05 01:22:29 +0000 4038) /* Explicitly
setting a zero clears all the levels */
dda5e199043 (Howard Chu 2007-05-05 01:22:29 +0000 4039) if ( level )
dda5e199043 (Howard Chu 2007-05-05 01:22:29 +0000 4040) config_syslog
|= level;
dda5e199043 (Howard Chu 2007-05-05 01:22:29 +0000 4041) else
dda5e199043 (Howard Chu 2007-05-05 01:22:29 +0000 4042) config_syslog
= 0;
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
8:31 p.m.
New subject: OpenLDAP 2.6.0 testing call
On Sep 29, 2021, at 8:09 PM, Howard Chu <hyc(a)symas.com>
wrote:
Quanah Gibson-Mount wrote:
>
>
> --On Thursday, September 30, 2021 12:53 AM +0100 Howard Chu <hyc(a)symas.com>
wrote:
>
>> Nick Folino wrote:
>>> Yes. Logging now continues to work after changes to config.
>>>
>>> But - adding levels works on the fly, but removing them doesn't.
>>> For instance this works fine:
>>> olcLogLevel: stats
>>>
>>> If I change it to "stats ACL" then the ACL data starts getting
added to
>>> the log. No restart required. If I change it back to "stats" I
keep
>>> getting ACL data until the directory is restarted.
>>
>> That's the normal way it has always worked. If you want to remove flags,
>> you must first explicitly set it to zero, and then set your desired level
>> in a subsequent Modify request.
>
> That is not the behavior I see in 2.4 or 2.5:
The code has been like that since 2007.
dda5e199043 (Howard Chu 2007-05-05 01:22:29 +0000 4038) /* Explicitly
setting a zero clears all the levels */
dda5e199043 (Howard Chu 2007-05-05 01:22:29 +0000 4039) if ( level )
dda5e199043 (Howard Chu 2007-05-05 01:22:29 +0000 4040) config_syslog
|= level;
dda5e199043 (Howard Chu 2007-05-05 01:22:29 +0000 4041) else
dda5e199043 (Howard Chu 2007-05-05 01:22:29 +0000 4042) config_syslog
= 0;
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
This is not the way it works for loglevel, is the point. The current behavior is a
regression vs 2.5 and 2.4.
8:38 a.m.
New subject: OpenLDAP 2.6.0 testing call
--On Wednesday, September 29, 2021 7:36 PM -0400 Nick Folino
<nick(a)folino.us> wrote:
Yes. Logging now continues to work after changes to config.
But - adding levels works on the fly, but removing them doesn't.
For instance this works fine:
olcLogLevel: stats
If I change it to "stats ACL" then the ACL data starts getting added to
the log. No restart required.
If I change it back to "stats" I keep getting ACL data until the
directory is restarted.
This should now be fixed.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
606
days inactive
607
days old
openldap-technical@openldap.org
6 comments
3 participants
participants (3)
-
Howard Chu -
Nick Folino -
Quanah Gibson-Mount