5

I have been trying to enable logging in my OpenLDAP setup (in Oracle Enterprise Linux 6.5) , but no logs are being generated in /var/log/slapd/slapd.log.

Followed these steps to enable logging :

  1. Edited the slapd.conf file :

# grep -i loglevel /etc/openldap/slapd.conf

loglevel -1

  1. Did the setup for the log directory in /var/log/slapd # cd /var/log/slapd ; ls -ltr

-rw------- 1 root root 217 May 21 19:48 slapd.log

  1. Edited the rsyslog config file

# grep -i local4 /etc/rsyslog.conf

local4. /var/log/slapd/slapd.log*

  1. restarted the openldap service and also the rsyslogger :

# service rsyslog restart

# service slapd restart

But even after doing these steps , we are not seeing logs captured in the slapd.log file . Only log seen is the below line :

more /var/log/slapd/slapd.log

May 21 19:48:12 sprdneval slapd[2961]: @(#) $OpenLDAP: slapd 2.4.39 (Aug 16 2014 20:41:55) $#012#011mockbuild@ca-buildj3.us .oracle.com:/builddir/build/BUILD/openldap-2.4.39/openldap-2.4.39/build-servers/servers/slapd

Am i missing to do something blindingly obvious ?

Regards, Hari

Fumisky Wells
  • 1,150
  • 10
  • 21
Harikrishnan V
  • 51
  • 1
  • 1
  • 3
  • Are you using the online configuration? If so, the settings are in LDAP itself. It's worth also checking if the logs are in a different log file: `grep -R slapd /var/log/*` – ColOfAbRiX May 21 '15 at 15:42
  • 1
    Yes, that one. Have a look here http://www.zytrax.com/books/ldap/ch6/slapd-config.html. Hopefully the distribution won't matter. Other question, what user is running the daemon? – ColOfAbRiX May 21 '15 at 15:59
  • Checked grep -R slapd /var/log/* but nothing substantial. I do not know much of olc . Can that be utilised for logging ? – Harikrishnan V May 21 '15 at 16:01
  • OLC is the same as a configuration file (but you use one of the two, config file or olc), with the difference that the configuration is in a ldap DIT and can be modified on the fly. For instance, in my distro it was enable by default. Can you see a directory `/etc/openldap/slapd.d`? – ColOfAbRiX May 21 '15 at 16:40
  • Ok got it . i can see slapd.d directory . This might have come default in my distro as i had never done the slapd.conf to slapd.d conversion myself. `# ls -lrt /etc/openldap/slapd.d` `drwx------ 3 ldap ldap 4096 Apr 9 13:37 cn=config` `-rw------- 1 ldap ldap 1281 Apr 9 13:38 cn=config.ldif` – Harikrishnan V May 21 '15 at 17:03

4 Answers4

0

If you are using the OnLine Configuration (OLC) have a look at Zytrax. It explains quite well how to use and configure it.

ColOfAbRiX
  • 1,039
  • 1
  • 13
  • 27
  • Yes , i have started reading [Zytrax](http://www.zytrax.com/books/ldap/ch6/slapd-config.html) but have not found yet any mention on enabling logging. – Harikrishnan V May 21 '15 at 17:20
0

Same problem here ('loglevel any' and 'logfile /var/log/slapd/slapd.log' options in slapd.conf and in the cn=config, but no debug output in the logfile).

I've just solved the problem by adding "-d any" to the command line arguments of the slapd

/usr/bin/slapd -d any -u ldap -g ldap -h "ldap://127.0.0.1/ ldaps:/// ldapi:///"
Noxilie
  • 1
0

I see the same issue and posted my question at Serverfault about what '-s' option means.

If you see olcLogLevel setting at current config:

$ sudo grep olcLogLevel /etc/openldap/slapd.d/cn=config.ldif
olcLogLevel: 0

Then, you can change it by:

$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
dn:           cn=config
changetype:   modify
replace:      olcLogLevel
olcLogLevel:  256
EOF

If you don't see olcLogLevel setting, then you need to newly create the entry. I haven't seen the case but I think it will be done by change 'changetype' above from 'modify' to 'add'.

My environment is CentOS7.9 so that the path would be different from yours.

Fumisky Wells
  • 1,150
  • 10
  • 21
-1

You can do and check df -h to check disk space and delete heavy files which you do not require (like messages*.gz) from /var/log/ also empty the content of /var/log/slapd/slapd.log

Now you reboot your system and check service slapd status.

Hope ,it works now.

Srijith
  • 1,434
  • 9
  • 14
sahmad
  • 11
  • The question is about the logs not being generated at all. While this is technically an answer that could be possible, it is clear from the original question that this isn't the problem. – Grant Curell Oct 16 '20 at 17:22