[SOLVED] How-to enable slapd log in zentyal?

[VGusev2007]

Hi all, I have some problem with authorize via ldap.

I want to see query detail log. Please tell me how to enable it in Zentyal?

Best regards.

[christian]

LDAP server is OpenLDAP.

change LogLevel value for what fits your needs. (256 should be ok)

Code: [Select]

                      1      trace function calls
                      2      debug packet handling
                      4      heavy trace debugging
                      8      connection management
                      16     print out packets sent and received
                      32     search filter processing
                      64     configuration file processing
                      128    access control list processing
                      256    stats log connections/operations/results
                      512    stats log entries sent
                      1024   print communication with shell backends
                      2048   entry parsing
You can do it changing olcloglevel attribute vaule in cn=config (RootDSE)

[VGusev2007]

I so glad for you answer, but I still not clever how-to do it correct.

I changed the value in:

Code: [Select]

/etc/ldap/slapd.d/cn=config.ldif
It looks like this now:

Code: [Select]

dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcLogLevel: 256
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1
structuralObjectClass: olcGlobal
entryUUID: 49ff42c0-877e-1030-9f55-a3f473f8514a
creatorsName: cn=config
createTimestamp: 20111010112523Z
entryCSN: 20111010112523.420247Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20111010112523Z
After that i reboot the server...

And it looks like this again:

Code: [Select]

ps auxww|grep slapd
openldap  3247  0.0  0.6  89280  3296 ?        Ssl  Oct28   0:05 /usr/sbin/slapd -d 0 -h ldap://0.0.0.0/ ldapi://%2fvar%2frun%2fslapd%2fldapi/????x-mod=0777 -u openldap -g openldap -F /etc/ldap/slapd.d/
You can see that "-d 0" still here...

So, I don't know what is (RootDSE).

I think modern slapd is rather hard for a typical admin...

[christian]

Indeed modifying config.ldif doesn't work. You should rather modify file in /stubs/users but you can also modify oclloglevel attribute in cn=config using ldapmodify command or using your preferred LDAP browser (JXeplorer e.g.)

 

[VGusev2007]

I'm very sorry for my stupid, but please tell me in example how-to do it in step-by-step.

I use gq utility, but I don't see cn=config in my ldap...


http://img6.imagebanana.com/img/a5efqmht/Selection_009.png

And I don't know what is /stubs/users

[christian]

When you connect to your LDAP server, you have to choose the baseDN.
Your is currently dc=s3, dc=tokkdomain...
This points you to branch containing your entries.
Be aware that another branch exists, containing configuration.
Thus configure another connection and define "cn=config" as baseDB, provide Zentyal DN and password (you will get it in Zentyal/users/ldap settings.
This allows to browser (and change) configuration.

Be very cautious with ANY modification you may want to bring via such interface 

[VGusev2007]

My GOOD patient friend, I'm VERY SORRY for my stupid, but I'm still not clever, HOW I can see cn=config from remote machine.

I setup the JXeplorer, and try configure it. Plese look at the link. And tell me what is wrong...

Thank a lot for you patient for me stupid...
http://img713.imageshack.us/img713/8162/selection010d.png

[christian]

trust me and just set baseDN as "cn=config"...  nothing else 
did I wrote to add anything like "dc=S3..." ?

[VGusev2007]

Yeah! I guessed by myself... After my last post. It works!

Sorry for my English, I'm from Russia.

I can see log bind messages into /var/log/syslog now! 

MANY, MANY THANKS FOR YOU!

Offtopic:

I want to setup a remote jabber server (based on ejabberd), but I'll use ldap from zentyal. I know about ejabberd in zentyal, but it doesn't have mod_shared_roster_ldap. I'll glad if you'll help me in my next topics! You're mega patient, thank a LOT for you!

[christian]

Cool  at least it works.
Not sure I can help with Jabber because I don't use it.

PS: Sorry for my English, I'm French 

[VGusev2007]

I think i need conceptyal help with jabber (need only ldap context).

Wow. I think French is very nice country, I have a vacation in Egypt with French people, it was nice!

[zippydan]

argh, I accidentally deleted olcLogLevel while using Jxplorer.  How?  Well after I was finished looking at the logs, I went back in and deleted the value of olcLogLevel so it was basically [null].  After submitting this change, the olcLogLevel line just disappeared!!

I have tried readding it using the following settings, but I want to be sure this is right:

Parent DN:  cn=config
Enter RDN:  olcLogLevel=none
Selected Classes:  olcGlobal 

I removed olcDatabaseConfig from the selected classes, but I'm not sure if that is right!!?
Before, olcLogLevel appeared near the top of the config level, between olcArgsFile and olcPidFile.  Now it appears way down the list in alphabetical order between oldLogFile and olcObjectClasses.

[christian]

Wow !!!

It shows that modifying LDAP content when you don't really understand LDAP can be very risky 

What you did to fix your error is wrong. If I understaznd well, you created new "olcloglevel" entry while you were supposed to populate olcloglevel attribute within cn=config entry.
Feel free to populate this attribute again and remove this entry. 

This also shows that it would be nice and really safer if Zentyal could provide, through Zentyal GUI, capability to turn LDAP log on and off.
Much easier and safer and at the end, required when trying to use Zentyal LDAP.

Not exposing LDAP to other non-Zentyal applications is non-sens. Either Zentyal offers all what any company is dreaming for (which is not feasible) or it used external LDAP server that is shared but anything in the middle is not realist. As an evidence, Zentyal team did create this zentyalro account. But capability to easily look at LDAP log is missing for people not use to work with LDAP.

my $0.02

[zippydan]

In JXplorer, I see two columns:

"attribute type" and "value".

I used to have "olcLogLevel" with a value of "none".

To enable logging, I changed "none" to "256".

Finally, after I finished with the log, I removed "256" and the value was then [null] (or blank)

When I submitted this new value, THE ENTIRE LINE CONTAINING "olcLogLevel" DISAPPEARED

Can you give me an idea how I should add this back using JXplorer?

You are right that I created a new entry.  How do I find the "olcLogLevel" attribute when it seems to have disappeared?

[christian]

I don't remember having checked this but olcloglevel attribute should obviously be part of schema associated with cn=config entry. So you can just add this attribute again to the existing entry.