How do I get openldap on Centos 6 to write anything to it's log files

Question

I don't get any information in my log file for openldap on my Centos 6 server. This is how i configured it. SELinux is disabled at the moment.

First created a folder where I'd like to store the log files.

mkdir /var/log/slapd
chmod 755 /var/log/slapd/
chown ldap:ldap /var/log/slapd/

Then did the configuration.

ldapsearch -D "cn=admin,cn=config" -w secret -b cn=config cn=config
dn: cn=config
changetype:modify
replace: olcLogFile
olcLogFile: /var/log/slapd/slapd.log
-
replace: olcLogLevel
olcLogLevel: conns filter config acl stats shell
EOF

Just to be safe I restarted the service

service openldap restart

It does create the file, but don't write anything into the file. Of course I did some searches and updates to the LDAP-server, so it gets connections and stuff to log.

$ ls -alh
total 12K
drwxr-xr-x. 2 ldap ldap 4.0K Oct 25 14:27 .
drwxr-xr-x. 6 root root 4.0K Oct 25 14:10 ..    
-rw-r--r--. 1 ldap ldap    0 Oct 25 14:33 slapd.log

My LDAP-setup can be found here (now slightly modified on my own server)

How do I configure LDAP on Centos 6 for user authentication in the most secure and correct way?

score 24 · Accepted Answer · edited Jun 28 '16 at 17:56

24

I haven't tried olcLogFile but by default, OpenLDAP log all information to rsyslog's local4 facility.

Add the following line to /etc/rsyslog.conf or /etc/rsyslog.d/ldap.conf:

local4.*                        /var/log/ldap.log

Restart the rsyslog service and check out this log.

edited Jun 28 '16 at 17:56

Frederico Mateus Martins

381
2
15

answered Oct 25 '11 at 15:00

quanta

50,327
19
152
213

4

Thanks. It worked like a charm. It was /etc/rsyslog.conf on my box. Same, same but different. – Arlukin Oct 25 '11 at 23:31
Depend on which syslog daemon is in use. – quanta Feb 23 '13 at 16:22
4

I created a file called `/etc/rsyslog.d/slapd.conf`and put the contents inside this file. I didn't modify `/etc/rsyslog.conf` – Halil Sep 17 '15 at 07:46

score 6 · Answer 2 · answered Apr 16 '13 at 17:09

6

olcLogFile is only used on Windows because it lacks syslog.

The way to do log on your system is which that @quanta answered.

answered Apr 16 '13 at 17:09

HVNSweeting

494
1
9
16

"olcLogFile is only used on Windows because it lacks syslog.": This is not true, see `slapd-config(5)` or [my answer](http://serverfault.com/a/801839/269679). – gxx Sep 08 '16 at 12:08

score 1 · Answer 3 · edited Apr 13 '17 at 12:14

As the reasoning regarding olcLogFile given in this answer is not true, I have to correct this.

Quoting the relevant part of slapd-config(5):

olcLogFile: <filename>
            Specify a file for recording debug log messages. By default
            these messages only go to stderr and are not recorded any‐
            where else. Specifying a logfile copies messages to both
            stderr and the logfile.

How do I get openldap on Centos 6 to write anything to it's log files

3 Answers3

Linked