Join Log in
Score:0
avatar Server

Is "-s loglevel" option ignored when olcLogLevel is set while "-d" overwrites

us flag
Fumisky Wells

The number of debug-level of '-d' command line option and syslog-level of '-s' command line option in slapd have the same meaning as we can confirm by:

$ slapd -d '?'
$ slapd -s '?'

The only difference between '-d' and '-s' is that '-d' is for foreground debug and '-s' is background logging level, I think.

Confirm "-d" debug-level

Even when slapd is running under olcLogLevel: 0:

$ sudo grep olcLogLevel /etc/openldap/slapd.d/cn=config.ldif
olcLogLevel: 0

slapd -d runs to overwrite olcLogLevel setting as I expect:

$ sudo systemctl stop slapd   # to avoid port conflict
$ sudo slapd -d 256           # run slapd with loglevel 256 in foreground (*a)

do ldapsearch in another terminal:

$ ldapsearch -x -H ldap://localhost -b dc=... -s base
...

(*a) shows loglevel=256 logs as I expect:

61b552f9 slapd starting
61b55313 conn=1000 fd=15 ACCEPT from IP=[::1]:40918 (IP=[::]:389)
...
61b55313 conn=1000 fd=15 closed

I can confirm -d -1 (all logging) works as well:

(stop (*a) slapd by ctrl-c)
$ sudo slapd -d -1
...
(a lot of logs)

while ldapsearch in another terminal:

$ ldapsearch -x -H ldap://localhost -b dc=... -s base
...

Confirm "-s syslog-level"

kill 'slapd -d' I started at (*a) and start slapd with -s 256 in background:

(stop (*a) slapd by ctrl-c)
$ sudo cat /etc/sysconfig/slapd
...
SLAPD_OPTIONS="-s 256"

$ sudo systemctl start slapd

I can confirm the option by ps:

$ ps xafu | grep slapd
ldap     10109  0.0  0.0 543936 10444 ?        Ssl  10:50   0:00 /usr/sbin/slapd -u ldap -h ldapi:/// ldap:/// ldaps:/// -s 256

however, I cannot confirm any logs by the following command.

$ sudo journalctl --follow _SYSTEMD_UNIT=slapd.service

While I change olcLogLevel to other than 0 (e.g. 256) by:

$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF
dn:           cn=config
changetype:   modify
replace:      olcLogLevel
olcLogLevel:  256
EOF

(I can confirm if it is set by the following command)

$ sudo grep olcLogLevel /etc/openldap/slapd.d/cn=config.ldif
olcLogLevel: 256

then do ldapsearch:

$ ldapsearch -x -H ldap://localhost -b dc=csc -s base
...

so we see loglevel=256 logs by:

$ sudo journalctl --follow _SYSTEMD_UNIT=slapd.service
Dec 12 10:59:40 my-host slapd[10537]: conn=1003 fd=13 ACCEPT from IP=[::1]:41078 (IP=[::]:389)
Dec 12 10:59:40 my-host slapd[10537]: conn=1003 fd=13 closed
...

This means:

  • -d overwrite olcLogLevel
  • -s doesn't overwrite olcLogLevel

Is my understanding right? If yes, what is the '-s' option?

My OS version is:

$ cat /etc/centos-release
CentOS Linux release 7.9.2009 (Core)

slpad version is:

$ sudo yum list installed | grep openldap
openldap.x86_64                             2.4.44-23.el7_9            @updates
112
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.