UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.

Setting LDAP Screen Options

Setting LDAP Screen Options

Product/Component Concerned : eDirectory / LDAP

Target Audience : Beginners

Platform : All (Demonstrated on Linux)

Using (N)DSTRACE is one of the usual debugging techniques in eDirectory. And you have a lot of options that can be used to get the debug trace messages. One of the options is LDAP that can be used to log the messages specific to any ldap operation.

By default, the LDAP option will log on only the error (critical and non-critical) messages. This article will help you to get the more debugging LDAP messages in the ndstrace by setting the LDAP screen options.

Through iManager:


    1. Log in to your tree with iManager.\
    2. Go to the Directory Administration Tab.


    1. Select the LDAP Server object concerned with your server.





    1. Go to the 'Tracing' tab.

      And now you can see the 'Error Messages'(critical and non-critical) being selected by default.



    1. Log in to your eDirectory server. Start NDSTRACE and enable the LDAP option.



    1. Run a simple ldapsearch and see no messages been logged in to your NDSTRACE screen, as there are no errors in the ldapsearch.



    1. Go back to the iManager 'LDAP Server' page and enable all the LDAP screen option and click 'Apply'.



    1. We are now done with setting the LDAP screen options. We can now run the same ldapsearch query again against the eDirectory server.



    1. Now we can see more details on the search being logged in to the NDSTRACE including the search parameters, search result etc.


Through ldapconfig utility:

Setting the LDAP screen options can be done through the 'ldapconfig' utility (that gets installed with eDirectory) as follows:

    1. Run 'ldapconfig' to get the options.



    1. Run 'ldapconfig get' with the following parameters to get all the options that can be set through ldapconfig.



    1. Use 'ldapconfig get 'LDAP Screen Level'' to get the LDAP Screen Level option alone. And by default it shows only 'Error | Critical'.



    1. The option can be changed to set the screen level option to ALL using the 'ldapconfig set 'LDAP Screen Level=all'' as follows.



    1. Run 'ldapconfig get' to see if the option LDAP Screen Level has been set to ALL.


Labels (1)
Tags (1)


Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
This is excellent! being able to set the trace to all from the command line is quite useful; thank you!

One question: how do I change the trace settings back? In otherwords, what if I just want the Critical and Error messages to appear? Is there an option to say 'none'? or 'off'? I've tried many other values, and only 'all' seems to work.

I know I can change the bit set attribute ldapTraceLevel to 12288 to have just these two flags set, but I'd love to do something similar from the command line?
Top Contributors
Version history
Revision #:
2 of 2
Last update:
‎2020-01-23 14:53
Updated by:
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.