How-To: Enable Logging in LDAP

How-to enable Logging in LDAP?

In order to enable more verbose logging (/var/log/syslog) for any OpenLDAP (slapd) related information you can set UCR variables as follows.

Set loglevel and restart the server

ucr set ldap/debug/level=136
systemctl restart slapd

Once set and restarted it should generate more output…

The variable can be set to a combination of the following levels. For the above example I used “128+8”.

                 1      (0x1 trace) trace function calls
                 2      (0x2 packets) debug packet handling
                 4      (0x4 args) heavy trace debugging (function args)
                 8      (0x8 conns) connection management
                 16     (0x10 BER) print out packets sent and received
                 32     (0x20 filter) search filter processing
                 64     (0x40 config) configuration file processing
                 128    (0x80 ACL) access control list processing
                 256    (0x100 stats) connections, LDAP operations, results (recommended)
                 512    (0x200 stats2) stats log entries sent
                 1024   (0x400 shell) print communication with shell backends
                 2048   (0x800 parse) entry parsing