Full_Name: Andrew Stringer Version: @(#) $OpenLDAP: slapd 2.3.43 OS: Red Hat 5 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (194.205.160.142) Software Enhancement Requests Hi, we are currently rebuilding our LDAP tree using vendor current version of software, including openLDAP. I don't have much LDAP experience, so may be there is already a way to do this, but I have not found it despite several trips to Google. etc.. Logging in openldap seems to be all via syslog and controlled by a value made up by adding the code for a particular log entry of interest, all of which are sent to syslog under one facility number. I feel that logging could be improved by allowing logging similar to how BIND's named does it, namely having different log files for queries, normal operational logs and zone transfers (or in LDAP's case, replications). This would make it much easier to monitor the activity of the server without having to grep out unwanted information to see the required detail. Regards, Andrew.
changed notes moved from Incoming to Software Enhancements
think about it for 2.5/3.0
hyc - This may be a good catchall bug for the logging rework. However, I do not care of the idea of logging the operations into different files at all, separate they are generally worthless. However, maybe with the new format it'll be trivial to create "views" of the logging for specific operations is desired.
(In reply to Quanah Gibson-Mount from comment #3) > hyc - This may be a good catchall bug for the logging rework. https://git.openldap.org/openldap/openldap/-/merge_requests/358
Commits: • 9f4de680 by Howard Chu at 2021-08-05T15:45:19+00:00 ITS#6949 add support for logfile rotation
*** Issue 9492 has been marked as a duplicate of this issue. ***
It seems this is limited to slapd main.c so a standalone lloadd keeps the original logging configuration/code/format. Maybe the logging code could move to a separate file so it can be shared between the two.
Need code to be shared between slapd and loadbalancer
Commits: • 2abbf678 by Ondřej Kuzník at 2021-09-08T15:53:02+00:00 ITS#6949 Extract logging code so lloadd can also use it • dc6b6276 by Ondřej Kuzník at 2021-09-08T15:53:02+00:00 ITS#6949 Save errno • c2b81a3c by Ondřej Kuzník at 2021-09-08T15:53:02+00:00 ITS#6949 Allow for fd 0
RE26: Commits: • eedd08fd by Ondřej Kuzník at 2021-09-08T18:30:16+00:00 ITS#6949 Extract logging code so lloadd can also use it • a40243d9 by Ondřej Kuzník at 2021-09-08T18:30:20+00:00 ITS#6949 Save errno • ae268711 by Ondřej Kuzník at 2021-09-08T18:30:27+00:00 ITS#6949 Allow for fd 0
For reference, with the test008 config, timings for progs/slapd-tester -H ldap://:9011 -D cn=manager,dc=example,dc=com -w secret -d testdata -P progs -l 1000 -s0 -dnone 18.92 seconds -s0 -d256 23.37 seconds -s0 -d256 + rotate 27.00 seconds -s256 -dnone 45.33 seconds Logfile params were logfile testrun/logfile logfile-rotate 12 10 1 logfile-only true
Unable to get this to work in master. Set up a generic slapd with cn=config Did an ldapmodify to set the logging options: ldapmodify -x -H ldapi:/// -D cn=config -w secret dn: cn=config changetype: modify add: olcLogFile olcLogFile: /var/symas/slapd.log - add: olcLogFileOnly olcLogFileOnly: TRUE - add: olcLogFileRotate olcLogFileRotate: 12 10 1 modifying entry "cn=config" Logfile is created, but nothing is logged to it. Restarted slapd, still nothing logged to it. Explicitly set the loglevel to stats sync Still nothing logged to it.
Generally, it looks like this feature was implemented using slapd options and ignoring the slapd configured loglevel. This is problematic in that it: a) Breaks the longstanding expectation of being able to control logging via the loglevel/olcLogLevel settings in slapd.conf/cn=config b) Requires a restart to change the logging level c) Is going to be a multi-step issue on systemd based systems, as the debug level would need to be modified in the systemd overrides configuration file. I.e., one cannot simply do even a slapd restart to change the loglevel with this implementation. Generally expectation: a) loglevel continues to control logging b) it is possible to change the loglevel on the fly without restarting slapd c) It is not necessary to fiddle with the -d option to slapd to get logging. Setting -s 0 seems fine.
https://git.openldap.org/openldap/openldap/-/merge_requests/412
Commits: • 77adb192 by Howard Chu at 2021-09-27T16:54:24+00:00 ITS#6949 honor specified loglevel, not just debuglevel But skip calls to syslog() if logfile_only is set.
Assigning to Ondrej for the load balancer portion
RE26: • c23c6563 by Howard Chu at 2021-09-27T19:20:18+00:00 ITS#6949 honor specified loglevel, not just debuglevel
head: Commits: • 10fb8c0a by Howard Chu at 2021-09-29T14:39:28+01:00 ITS#6949 fix logfile_only regression in prev commit RE26: Commits: • 74d1475a by Howard Chu at 2021-09-29T21:29:15+00:00 ITS#6949 fix logfile_only regression in prev commit
head: • 66c62841 by Howard Chu at 2021-09-30T04:23:29+01:00 ITS#6949 fixup loglevel delete, consolidate redundant code RE26: • e2739d9f by Howard Chu at 2021-09-30T15:32:11+00:00 ITS#6949 fixup loglevel delete, consolidate redundant code
I would also note that there's a fair amount of fprintf( stderr, ... ) peppered around the code, that might also need cleaning up at some point.
• a3dea08c by Ondřej Kuzník at 2021-10-04T14:46:22+01:00 ITS#6949 Fix and emit error messages • 8894f00f by Ondřej Kuzník at 2021-10-04T14:46:26+01:00 ITS#6949 Remove dead code from lloadd • 3c07544b by Ondřej Kuzník at 2021-10-04T14:46:26+01:00 ITS#6949 Port rest of the features to lloadd
RE26: • ce073522 by Ondřej Kuzník at 2021-10-05T01:42:43+00:00 ITS#6949 Fix and emit error messages • 15ac53a7 by Ondřej Kuzník at 2021-10-05T01:42:48+00:00 ITS#6949 Remove dead code from lloadd • 466e0321 by Ondřej Kuzník at 2021-10-05T01:42:52+00:00 ITS#6949 Port rest of the features to lloadd
*** Issue 9403 has been marked as a duplicate of this issue. ***