[Date Prev][Date Next]
Re: Logging to syslog
On Wednesday, 2 February 2011 21:48:00 John Espiro wrote:
> On 2/2/2011 8:13 PM, Dieter Kluenter wrote:
> > Am Wed, 02 Feb 2011 19:43:27 +0100
> > schrieb John Espiro <firstname.lastname@example.org>:
> >> I have tied in a few things such as openid-ldap and openfire to use my
> >> ldap backend for authentication. I am wondering if it is possible to
> >> collect error logs for any invalid attempt that a user tries with
> >> these various applications. Rather than handling it at the
> >> application level, can I get openldap to log these events? If so,
> >> can someone point me to a link that explains it?
> > OpenLDAP logs to local4, thus you may configure syslog to print slapd
> > logs to a particular logfile. Next set a decent loglevel, stats or acl,
> > grep slapd.log for err=49
> > -Dieter
> Thanks for this, it makes sense. Where do I put the loglevel paramter?
> I don't have a slapd.conf, but I do have /etc/ldap.conf -- but putting
> it in there doesn't seem to have any effect.
1)Please see your distributions documentation for how they configure OpenLDAP
2)If I were to guess (since you didn't supply much useful information, such as
whether this is Ubuntu, Fedora, or RHEL6), it would be that you should read
'man slapd-config' and search for olcLoglevel, and that you may have an
/etc/ldap/slapd.d or /etc/openldap/slapd.d directory (which you shouldn't
modify, slapd is supposed to do that), you *may* be able to modify this by
default over the "wire" with with a SASL EXTERNAL bind to the URI ldapi:/// as
the root user.
So, this may work:
# echo -e 'URI ldapi:///\nSASL_MECH EXTERNAL' > ~/.ldaprc
# echo -e 'dn: cn=config\nreplace: olcLogLevel\nolcLogLevel: stats'|ldapmodify
But, they should have made this abundantly clear to you.
(I personally feel that distributions defaulting to back-config at present is
premature, or under-documented in the distribution.)