Hi Philip, --On Tuesday, October 23, 2018 2:21 PM +0100 Philip Colmer <philip.colmer(a)linaro.org&gt; wrote: > Yes, I can run slapd in debug mode but this is a production system so > that means scheduling a maintenance window in several weeks' time. I > was rather hoping to have a solution in place sooner than that thanks > to the kind support of this list but, if I don't have it, I'll figure > it out for myself. I don't know the answer off the top of my head, but I would imagine you could set up a test/dev server fairly quickly to figure this out? Should be pretty straight forward. If you have the cn=config database enabled, you could change the loglevel to ACL on the fly (just to note). Warm regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>