Tracing LDAP Activity to a Screen or Log File
Novell Cool Solutions: Feature
Digg This -
Posted: 26 Feb 2004
Update: Don't miss the nifty free tool called LDAP Error Count that will count all the LDAP error codes in a dstrace or iMonitor log file. You can use this tool to quickly determine the result of every LDAP operation. It works in conjunction with the log files created as outlined below. Get all the details here.
It is possible to view and capture all LDAP activity on an NDS/LDAP server. However, methods vary depending on NDS and LDAP version.
For servers running LDAP with NDS 7.x, configuration is handled through NWAdmin. Open the LDAP Server object's details. The tab page labeled "Screen Options" is used to configure the amount of LDAP activity information to show on the server console. The tab page labeled "Log File Options" is used to declare a log file (name only, no path) and to specify the amount of LDAP activity information to trace to that file.
For servers running LDAP with NDS 8 or higher, configuration is handled through ConsoleOne. Open the LDAP Server object's properties. The tab page labeled "Screen Options" is used to configure the amount of LDAP activity information to show inside the DSTrace Console. Once applicable options have been specified, restart the LDAP server (or choose the REFRESH LDAP SERVER button). Remaining configuration is platform specific:
NetWare: Turn on the DSTrace console by typing "LOAD DSTRACE" at the server console. This is different from the DSTrace set commands that are more commonly used. Type "DSTRACE SCREEN ON". A new screen should now be turned on, entitled DSTRACE CONSOLE. Turn off all other unneeded switches by typing "DSTRACE -<command>". Servers running eDirectory 8.5 or higher can use the "DSTRACE -ALL" command. Then turn on the LDAP trace screen by typing "DSTRACE +LDAP". Information on this screen should reflect only LDAP activity. To trace information to a log file, go back to the server console screen, and type "DSTRACE FILE ON". All trace information will then be logged to SYS:\SYSTEM\DSTRACE.LOG.
NT/2000: Load the DSTrace utility by double-clicking DSTrace from the NDS Services window on the Control Panel. Choose Edit | Options. Click "Clear All", then click the "LDAP" checkbox. Information is logged to a file using the drop-down FILE menu.
Linux/UNIX: Load NDSTrace by typing "ndstrace" from a terminal session logged in as Root. Type the command again to get a list of all currently-invoked settings. Turn off all other unneeded switches by typing "ndstrace -
iMonitor provides a method of capturing the LDAP activity that works with every supported platform.
- Login to iMonitor and click on the Trace Configuration button.
- Click on 'Clear All' and the LDAP radio button under the DS Trace Options section.
- Click on 'Trace On' to start logging the LDAP activity.
- A new Trace button will be available at the top of the screen. Click on it.
- The most recent trace information will be shown. Click on Trace History to access archived trace files.
For more information, see TID 10062292
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com