Product: Oracle Internet Directory 11g
Starting 11g release OID has moved the orcldebugflag from 'root-DSE' to instance level. That means, now it is possible to set the log level at the instance level instead of system wide.
This blog describes how to set the log level using, either Enterprise Manager or using ldapmodify.
Method 1: Using Enterprise Manager Console
1> Open the Enterprises manager
2> On the left frame à click "Identity and Access" à oid1
3> On the right side drop down, select, Oracle Internet Directory à Administration à Server Properties
Starting 11g release OID has moved the orcldebugflag from 'root-DSE' to instance level. That means, now it is possible to set the log level at the instance level instead of system wide.
This blog describes how to set the log level using, either Enterprise Manager or using ldapmodify.
Method 1: Using Enterprise Manager Console
1> Open the Enterprises manager
2> On the left frame à click "Identity and Access" à oid1
3> On the right side drop down, select, Oracle Internet Directory à Administration à Server Properties
4> Click the logging page.
All the logging options will be displayed.
5> Select the desired level, click "Apply"
Method 2: Using command line
Set the logging parameter, "ORCLDEBUGFLAG" to the desired level.
1> Create a ldif file that sets the two attributes
ORCLDEBUGOP: for setting up the operation to be recorded. It is a cumulative number based on the table below.
|
Debug Operation Number
|
Operation to be recorded
|
|
1
|
ldapbind
|
|
2
|
ldapunbind
|
|
4
|
ldapadd
|
|
8
|
ldapdelete
|
|
16
|
ldapmodify
|
|
32
|
ldapmodrdn
|
|
64
|
ldapcompare
|
|
128
|
ldapsearch
|
|
256
|
ldapabandon
|
|
511
|
All LDAP operations
|
If bind, add, delete and modify is to be recorded, set the orcldebugop to 1 + 4 + 8 + 16 = 29
ORCLDEBUGFLAG: for setting up log level. Use the following table to select the appropriate value.
256: Connection management, related to network activities
512: Search filter processing
1024: Entry parsing
2048: Configuration file processing
8192: Access control list processing
491520: Log of communication with the back end - that is with the database
524288: Schema related operations
4194304: Replication specific operations
8388608: Log of entries, operations and results for each connection
16777216: Trace function call arguments
67108864: Number and identity of clients connected to this server
117440511: All possible operations/data
134217728: All Java plug-in debug messages and internal server messages related to the Java plug-in framework.
268435456: All messages passed by a Java plug-in using the ServerLog object.
402653184: Both of the above
512: Search filter processing
1024: Entry parsing
2048: Configuration file processing
8192: Access control list processing
491520: Log of communication with the back end - that is with the database
524288: Schema related operations
4194304: Replication specific operations
8388608: Log of entries, operations and results for each connection
16777216: Trace function call arguments
67108864: Number and identity of clients connected to this server
117440511: All possible operations/data
134217728: All Java plug-in debug messages and internal server messages related to the Java plug-in framework.
268435456: All messages passed by a Java plug-in using the ServerLog object.
402653184: Both of the above
I highlighted the value 491520 because it is specially useful value if you want to check the actual SQL generated by LDAP operations.
2> Example ldif file.
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
changetype:modify
replace:orcldebugflag
orcldebugflag: 491520
-
changetype:modify
replace:orcldebugop
orcldebugop: 21
changetype:modify
replace:orcldebugflag
orcldebugflag: 491520
-
changetype:modify
replace:orcldebugop
orcldebugop: 21
Above ldif file will set the log to record bin, add and modify and, it will record the actual SQL sent to database.
Run the ldapmodify command to set the values, check the logs.
Turn Off the Logging,
To turn off the logging, set both values to 0.
- Have fun.
