SAMBA, OpenLDAP

http://linux.die.net/man/8/sssd

Name

sssd — System Security Services Daemon

Synopsis

sssd [options]

Description

SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources as well as D-Bus interface. It is also the basis to provide client auditing and policy services for projects like FreeIPA. It provides a more robust database to store local users as well as extended user data.

 

LDAP Logging
Server Training Server Management
Configure Logging
You certainly want to look at the logging aspect as it is essential for troubleshooting.  I hate to say it but you will have problems and this will make it easier.

Lesson 3 / Lesson 5

The logging options should be placed in the slapd.conf file.  The directive for logging is represented by a number representing the type of  information that should be saved.  Here are the options:

-1    all
0    no logging
1    trace function calls
2    packet-handling debugging
4    heavy trace debuggin
8    connection management
16    packets sent and received
32    search filter processing
64    configuration file processing
256    statistics of connections
512    print entry debugging

If you wanted to log each of these you add them together and you get an integer that you place after the directive.

loglevel    296

Edit /etc/syslog.conf
Add these lines for logging and restart syslog.
# LDAP Logging
local4.debug                                            /var/log/slapd.log

# service syslog reload

 

  1. Add the following directive to the OpenLDAP configuration file:
    <code>~# grep loglevel /etc/openldap/slapd.conf
    loglevel -1
    </code>
  2. Restart ldap service:
    <code>~# service ldap restart
    </code>
  3. Add the following entry to
    /etc/syslog.conf

    :

    <code>~# grep ldap /etc/syslog.conf
    #local4.* /var/log/ldap.log
    </code>
  4. When the issue is reproducible, remove the «#» mark from the «local4» line in
    /etc/syslog.conf

    .

  5. Restart syslog service:
    <code>~# service syslog restart
    </code>

NB: There is no need to restart ldap service.

 

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *