How-To: Enable Debugging for libnss-ldap

fdavid · August 1, 2024, 1:59pm

This guide provides steps to enable and collect debug logs for the LDAP nameservice provider libnss-ldap.

Create a Directory for Logs:

First, create a directory where the debug logs will be stored:
```
mkdir -p /var/log/libnss-ldap
```
Configure Debugging in libnss-ldap:

Append the following lines to your /etc/libnss-ldap.conf file to enable debugging and specify the log directory:
```
echo -e "debug 1\nlogdir /var/log/libnss-ldap" >> /etc/libnss-ldap.conf
```
Understanding the Logging Behavior:
- Log Files: Each LDAP query will create a separate log file in the /var/log/libnss-ldap directory.
- Standard Error Logging: Debug information will also be logged to stderr. This means that commands like getent shadow will generate extensive debug output, which can also appear in other log files, such as Samba logs.
Example Usage:

After enabling debugging, you can run a command like:
```
getent shadow
```
This will produce debug logs in /var/log/libnss-ldap and print debug information to the terminal.

Note:

Debugging can produce a large amount of log data, so use it judiciously and disable it once you have gathered the necessary information.

To disable debugging, simply remove or comment out the debug 1 and logdir /var/log/libnss-ldap lines from /etc/libnss-ldap.conf.

You may also take a look at:
How To: Debug High CPU Load on LDAP Server
How-To: Troubleshooting LDAP Performance Issues

system · August 2, 2024, 2:00pm

This topic was automatically closed after 24 hours. New replies are no longer allowed.