This guide covers:
- Logging to a dedicated file (
/var/log/slapd.log) - Setting verbose log levels for debugging/testing
- Preventing logs from flooding
/var/log/syslog - Ensuring
slapd starts correctly after a reboot
- Create the rsyslog config:
1
| sudo nano /etc/rsyslog.d/50-slapd.conf
|
- Add:
if $syslogfacility-text == 'local4' then /var/log/slapd.log
& stop
- Set up the log file:
1
2
3
| sudo touch /var/log/slapd.log
sudo chown root:adm /var/log/slapd.log
sudo chmod 640 /var/log/slapd.log
|
- Restart rsyslog:
1
| sudo systemctl restart rsyslog
|
2. Set OpenLDAP to Log Verbosely for Testing
OpenLDAP uses the olcLogLevel attribute in its config (under cn=config).
To enable verbose testing logs:
1
2
3
4
5
6
| ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: stats stats2 acl sync
EOF
|
This enables:
stats: operation-level loggingstats2: adds entry/attribute parsingacl: logs access control decisionssync: logs replication info
Edit the systemd override for slapd:
1
| sudo systemctl edit slapd
|
Paste the following:
1
2
3
4
5
| [Service]
ExecStart=
ExecStartPre=/bin/mkdir -p /var/run/slapd
ExecStartPre=/bin/chown openldap:openldap /var/run/slapd
ExecStart=/usr/sbin/slapd -h "ldap:/// ldapi:///" -F /etc/ldap/slapd.d -u openldap -g openldap
|
This:
- Prevents
bind(9) failed errno=2 errors on reboot - Ensures systemd manages slapd correctly
- Keeps slapd logging via syslog (
local4) as set by olcLogLevel
Reload and restart:
1
2
3
| sudo systemctl daemon-reexec
sudo systemctl daemon-reload
sudo systemctl restart slapd
|
4. View Logs
To monitor live:
1
| tail -f /var/log/slapd.log
|
How to Return to Normal Logging
To reduce log verbosity after testing:
1
2
3
4
5
6
| ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: stats
EOF
|
Or to disable logging:
Optional: Rotate Logs
Create a logrotate rule:
1
| sudo nano /etc/logrotate.d/slapd
|
Add:
1
2
3
4
5
6
7
8
9
10
11
12
| /var/log/slapd.log {
weekly
rotate 8
compress
delaycompress
missingok
notifempty
create 640 root adm
postrotate
systemctl reload rsyslog > /dev/null 2>&1 || true
endscript
}
|
Confirm It Survives Reboot
After reboot, confirm:
1
2
3
| systemctl status slapd
ls -l /var/run/slapd/ldapi
tail /var/log/slapd.log
|
Summary of Log Levels
| Level | Description |
|---|
none | Disable logging |
stats | Basic operation logs |
stats2 | Entry-level details |
acl | Access control checks |
sync | Replication-related events |
trace | Full function tracing (very noisy) |
args | Log startup arguments |