Setting LDAP Screen Options


Product/Component Concerned : eDirectory / LDAP

Target Audience : Beginners

Platform : All (Demonstrated on Linux)

Using (N)DSTRACE is one of the usual debugging techniques in eDirectory. And you have a lot of options that can be used to get the debug trace messages. One of the options is LDAP that can be used to log the messages specific to any ldap operation.

By default, the LDAP option will log on only the error (critical and non-critical) messages. This article will help you to get the more debugging LDAP messages in the ndstrace by setting the LDAP screen options.

Through iManager:

  1. Log in to your tree with iManager.\
  2. Go to the Directory Administration Tab.
  3. Select the LDAP Server object concerned with your server.
  4. Go to the 'Tracing' tab.

    And now you can see the 'Error Messages'(critical and non-critical) being selected by default.
  5. Log in to your eDirectory server. Start NDSTRACE and enable the LDAP option.
  6. Run a simple ldapsearch and see no messages been logged in to your NDSTRACE screen, as there are no errors in the ldapsearch.
  7. Go back to the iManager 'LDAP Server' page and enable all the LDAP screen option and click 'Apply'.
  8. We are now done with setting the LDAP screen options. We can now run the same ldapsearch query again against the eDirectory server.
  9. Now we can see more details on the search being logged in to the NDSTRACE including the search parameters, search result etc.

Through ldapconfig utility:

Setting the LDAP screen options can be done through the 'ldapconfig' utility (that gets installed with eDirectory) as follows:

  1. Run 'ldapconfig' to get the options.
  2. Run 'ldapconfig get' with the following parameters to get all the options that can be set through ldapconfig.
  3. Use 'ldapconfig get 'LDAP Screen Level'' to get the LDAP Screen Level option alone. And by default it shows only 'Error | Critical'.
  4. The option can be changed to set the screen level option to ALL using the 'ldapconfig set 'LDAP Screen Level=all'' as follows.
  5. Run 'ldapconfig get' to see if the option LDAP Screen Level has been set to ALL.


Chris Seamons
Micro Focus Community Management
If you find this post useful, give it a 'Like' or use 'Verify Answer'.


How To-Best Practice
Comment List
  • This is excellent! being able to set the trace to all from the command line is quite useful; thank you!

    One question: how do I change the trace settings back? In otherwords, what if I just want the Critical and Error messages to appear? Is there an option to say 'none'? or 'off'? I've tried many other values, and only 'all' seems to work.

    I know I can change the bit set attribute ldapTraceLevel to 12288 to have just these two flags set, but I'd love to do something similar from the command line?
Related Discussions