How do I trace LDAP activity to a screen or log file?
Novell LDAP services
Novell Directory Services
It is possible to view and capture all LDAP activity on an NDS/LDAP server. However, methods vary depending on NDS and LDAP version.
For servers running LDAP with NDS 7.x, configuration is handled through NWAdmin. Open the LDAP Server object's details. The tab page labeled "Screen Options" is used to configure the amount of LDAP activity information to show on the server console. The tab page labeled "Log File Options" is used to declare a log file (name only, no path) and to specify the amount of LDAP activity information to trace to that file.
For servers running LDAP with NDS 8 or higher, configuration is handled through ConsoleOne. Open the LDAP Server object's properties. The tab page labeled "Screen Options" is used to configure the amount of LDAP activity information to show inside the DSTrace Console. Once applicable options have been specified, restart the LDAP server (or choose the REFRESH LDAP SERVER button). Remaining configuration is platform specific:
NetWare: Turn on the DSTrace console by typing "LOAD DSTRACE" at the server console. This is different from the DSTrace set commands that are more commonly used. Type "DSTRACE SCREEN ON". A new screen should now be turned on, entitled DSTRACE CONSOLE. Turn off all other unneeded switches by typing "DSTRACE -<command>". Servers running eDirectory 8.5 or higher can use the "DSTRACE -ALL" command. Then turn on the LDAP trace screen by typing "DSTRACE +LDAP". Information on this screen should reflect only LDAP activity. To trace information to a log file, go back to the server console screen, and type "DSTRACE FILE ON". All trace information will then be logged to SYS:\SYSTEM\DSTRACE.LOG.
NT/2000: Load the DSTrace utility by double-clicking DSTrace from the NDS Services window on the Control Panel. Choose Edit | Options. Click "Clear All", then click the "LDAP" checkbox. Information is logged to a file using the drop-down FILE menu.
Linux/UNIX: Load NDSTrace by typing "ndstrace" from a terminal session logged in as Root. Type the command again to get a list of all currently-invoked settings. Turn off all other unneeded switches by typing "ndstrace -<command>" (alternatively, "set dstrace=nodebug: (without quotation marks) should also work with ndstrace). Turn on the LDAP trace screen by typing "ndstrace +ldap". Trace information will show on the same screen. Information on this screen should reflect only LDAP activity. To trace information to a log file type "NDSTRACE FILE ON" from within NDSTrace. All trace information will then be logged to /var/nds/ndstrace.log. As a side note before loading ndstrace you may want to lengthen your console screen. NDSTrace uses the current size of the window when loading to determine how many lines load. The default console has 24 lines but ndstrace should have 28. Lengthening your console screen before loading ndstrace will show all the lines and provide a longer history when sending output to the screen.
iMonitor provides a method of capturing the LDAP activity that works with every supported platform.