Openldap logs not getting generated [closed]

Asked 21/5, 2015 at 15:20 Answered 12/12, 2021 at 22:23

I have been trying to enable logging in my OpenLDAP setup (in Oracle Enterprise Linux 6.5) , but no logs are being generated in /var/log/slapd/slapd.log.

Followed these steps to enable logging :

Edited the slapd.conf file :

# grep -i loglevel /etc/openldap/slapd.conf

loglevel -1

Did the setup for the log directory in /var/log/slapd # cd /var/log/slapd ; ls -ltr

-rw------- 1 root root 217 May 21 19:48 slapd.log

Edited the rsyslog config file

# grep -i local4 /etc/rsyslog.conf

local4. /var/log/slapd/slapd.log*

restarted the openldap service and also the rsyslogger :

# service rsyslog restart

# service slapd restart

But even after doing these steps , we are not seeing logs captured in the slapd.log file . Only log seen is the below line :

more /var/log/slapd/slapd.log

May 21 19:48:12 sprdneval slapd[2961]: @(#) $OpenLDAP: slapd 2.4.39 (Aug 16 2014 20:41:55) $#012#[email protected] .oracle.com:/builddir/build/BUILD/openldap-2.4.39/openldap-2.4.39/build-servers/servers/slapd

Am i missing to do something blindingly obvious ?

Regards, Hari

Geiger answered 21/5, 2015 at 15:20 Comment(5)

Are you using the online configuration? If so, the settings are in LDAP itself. It's worth also checking if the logs are in a different log file: grep -R slapd /var/log/* – Disbursement 21/5, 2015 at 15:42

Yes, that one. Have a look here zytrax.com/books/ldap/ch6/slapd-config.html. Hopefully the distribution won't matter. Other question, what user is running the daemon? – Disbursement 21/5, 2015 at 15:59

Checked grep -R slapd /var/log/* but nothing substantial. I do not know much of olc . Can that be utilised for logging ? – Geiger 21/5, 2015 at 16:1

OLC is the same as a configuration file (but you use one of the two, config file or olc), with the difference that the configuration is in a ldap DIT and can be modified on the fly. For instance, in my distro it was enable by default. Can you see a directory /etc/openldap/slapd.d? – Disbursement 21/5, 2015 at 16:40

Ok got it . i can see slapd.d directory . This might have come default in my distro as i had never done the slapd.conf to slapd.d conversion myself. # ls -lrt /etc/openldap/slapd.d drwx------ 3 ldap ldap 4096 Apr 9 13:37 cn=config -rw------- 1 ldap ldap 1281 Apr 9 13:38 cn=config.ldif – Geiger 21/5, 2015 at 17:3

I see the same issue and posted my question at Serverfault about what '-s' option means.

If you see olcLogLevel setting at current config:

$ sudo grep olcLogLevel /etc/openldap/slapd.d/cn=config.ldif
olcLogLevel: 0

Then, you can change it by:

$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
dn:           cn=config
changetype:   modify
replace:      olcLogLevel
olcLogLevel:  256
EOF

If you don't see olcLogLevel setting, then you need to newly create the entry. I haven't seen the case but I think it will be done by change 'changetype' above from 'modify' to 'add'.

My environment is CentOS7.9 so that the path would be different from yours.

Bucksaw answered 12/12, 2021 at 22:23 Comment(0)

If you are using the OnLine Configuration (OLC) have a look at Zytrax. It explains quite well how to use and configure it.

Disbursement answered 21/5, 2015 at 17:14 Comment(1)

Yes , i have started reading Zytrax but have not found yet any mention on enabling logging. – Geiger 21/5, 2015 at 17:20

Same problem here ('loglevel any' and 'logfile /var/log/slapd/slapd.log' options in slapd.conf and in the cn=config, but no debug output in the logfile).

I've just solved the problem by adding "-d any" to the command line arguments of the slapd

/usr/bin/slapd -d any -u ldap -g ldap -h "ldap://127.0.0.1/ ldaps:/// ldapi:///"

Dufour answered 30/11, 2018 at 22:55 Comment(0)

-1

You can do and check df -h to check disk space and delete heavy files which you do not require (like messages*.gz) from /var/log/ also empty the content of /var/log/slapd/slapd.log

Now you reboot your system and check service slapd status.

Hope ,it works now.

Guadalupe answered 19/8, 2016 at 7:31 Comment(1)

The question is about the logs not being generated at all. While this is technically an answer that could be possible, it is clear from the original question that this isn't the problem. – Fijian 16/10, 2020 at 17:22

Recommended topics

Hot tags