Product/Component Concerned : eDirectory / LDAP
Target Audience : Beginners
Platform : All (Demonstrated on Linux)

Using (N)DSTRACE is one of the usual debugging techniques in eDirectory. And you have a lot of options that can be used to get the debug trace messages. One of the options is LDAP that can be used to log the messages specific to any ldap operation.

By default, the LDAP option will log on only the error (critical and non-critical) messages. This article will help you to get the more debugging LDAP messages in the ndstrace by setting the LDAP screen options.

Through iManager:

  1. Log in to your tree with iManager.
  2. Go to the Directory Administration Tab.

  3. Select the LDAP Server object concerned with your server.

  4. Go to the ‘Tracing’ tab.

    And now you can see the ‘Error Messages'(critical and non-critical) being selected by default.

  5. Log in to your eDirectory server. Start NDSTRACE and enable the LDAP option.

  6. Run a simple ldapsearch and see no messages been logged in to your NDSTRACE screen, as there are no errors in the ldapsearch.

  7. Go back to the iManager ‘LDAP Server’ page and enable all the LDAP screen option and click ‘Apply’.

  8. We are now done with setting the LDAP screen options. We can now run the same ldapsearch query again against the eDirectory server.

  9. Now we can see more details on the search being logged in to the NDSTRACE including the search parameters, search result etc.

Through ldapconfig utility:

Setting the LDAP screen options can be done through the ‘ldapconfig’ utility (that gets installed with eDirectory) as follows:

  1. Run ‘ldapconfig’ to get the options.

  2. Run ‘ldapconfig get’ with the following parameters to get all the options that can be set through ldapconfig.

  3. Use ‘ldapconfig get ‘LDAP Screen Level” to get the LDAP Screen Level option alone. And by default it shows only ‘Error | Critical’.

  4. The option can be changed to set the screen level option to ALL using the ‘ldapconfig set ‘LDAP Screen Level=all” as follows.

  5. Run ‘ldapconfig get’ to see if the option LDAP Screen Level has been set to ALL.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

One Comment

  • akynaston says:

    This is excellent! being able to set the trace to all from the command line is quite useful; thank you!

    One question: how do I change the trace settings back? In otherwords, what if I just want the Critical and Error messages to appear? Is there an option to say ‘none’? or ‘off’? I’ve tried many other values, and only ‘all’ seems to work.

    I know I can change the bit set attribute ldapTraceLevel to 12288 to have just these two flags set, but I’d love to do something similar from the command line?

May 7, 2010
5:44 pm
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow