jtl1 Absent Member.
Absent Member.
331 views

Trace ldap search

Hello,

What alternatives is there to trace ldap searches over a longer period of time? I'm not interested in performance but want to
know attributes requested, filter used, scope, base dn and dn of the identity used to perform the search.

Best regards,
Tobias
Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Trace ldap search

Tobias Ljunggren wrote:

> What alternatives is there to trace ldap searches over a longer period of
> time? I'm not interested in performance but want to know attributes
> requested, filter used, scope, base dn and dn of the identity used to perform
> the search.


http://www.novell.com/communities/node/8175/howto-ldap-monitoring-using-ldapaudi
tclient-testing may be of help to you


--

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Trace ldap search

On Wed, 21 Nov 2012 07:04:10 +0000, Tobias Ljunggren wrote:

> What alternatives is there to trace ldap searches over a longer period
> of time?


ndstrace -l > ndstrace.out


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
jwilleke Honored Contributor.
Honored Contributor.

Re: Trace ldap search

On 2012-11-21 14:30:01 +0000, David Gersic said:

> On Wed, 21 Nov 2012 07:04:10 +0000, Tobias Ljunggren wrote:
>
>> What alternatives is there to trace ldap searches over a longer period
>> of time?

>
> ndstrace -l > ndstrace.out


You can try this:
ndstrace -l > /tmp/ndstrace.log &
ndstrace -c 'set dstrace=nodebug'
ndstrace -c 'set ndstrace=FILE ON'
ndstrace -c 'set ndstrace=*R'
ndstrace -c 'dstrace +time +tags +ldap'
less /tmp/ndstrace.log

Also, what to you want to know about a search?

you might want to chack out:
http://code.google.com/p/ldap-operations-times/

--

Thank You for your help!

-jim
Jim Willeke

0 Likes
jtl1 Absent Member.
Absent Member.

Re: Trace ldap search

Thank you for all suggestions. I will try them out and write a comment when I've tested them.

The goal is to find out:
1) If any search tries to retrieve all attributes
2) Attributes requested per user.

We need to know what application requests to make sure we inform the right people about changes and we also want to inform those
that reads everything that they should change their code if possible.

Best regards,
Tobias

On 2012-11-21 08:04, Tobias Ljunggren wrote:
> Hello,
>
> What alternatives is there to trace ldap searches over a longer period of time? I'm not interested in performance but want to
> know attributes requested, filter used, scope, base dn and dn of the identity used to perform the search.
>
> Best regards,
> Tobias


0 Likes
jtl1 Absent Member.
Absent Member.

Re: Trace ldap search

2 is requested by the authenticated object doing the search.

On 2012-11-30 08:42, Tobias Ljunggren wrote:
> Thank you for all suggestions. I will try them out and write a comment when I've tested them.
>
> The goal is to find out:
> 1) If any search tries to retrieve all attributes
> 2) Attributes requested per user.
>
> We need to know what application requests to make sure we inform the right people about changes and we also want to inform those
> that reads everything that they should change their code if possible.
>
> Best regards,
> Tobias
>
> On 2012-11-21 08:04, Tobias Ljunggren wrote:
>> Hello,
>>
>> What alternatives is there to trace ldap searches over a longer period of time? I'm not interested in performance but want to
>> know attributes requested, filter used, scope, base dn and dn of the identity used to perform the search.
>>
>> Best regards,
>> Tobias

>


0 Likes
jwilleke Honored Contributor.
Honored Contributor.

Re: Trace ldap search

On 2012-11-21 07:04:10 +0000, Tobias Ljunggren said:

> Hello,
>
> What alternatives is there to trace ldap searches over a longer period
> of time? I'm not interested in performance but want to know attributes
> requested, filter used, scope, base dn and dn of the identity used to
> perform the search.
>
> Best regards,
> Tobias


Try this:
ndstrace -l > /tmp/ndstrace.log &
ndstrace -c 'set dstrace=nodebug'
ndstrace -c 'set ndstrace=FILE ON'
ndstrace -c 'set ndstrace=*R'
ndstrace -c 'dstrace +time +tags +ldap'
less /tmp/ndstrace.log

--

Thank You for your help!

-jim
Jim Willeke

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.