IBM Support

Collecting an ascii server trace on Directory Server startup.

Troubleshooting


Problem

In order to debug a failed server start up or a specific operation from a fresh server start, it is often useful to collect an ascii trace of Directory Server process.

Resolving The Problem

ASCII Server Trace Instructions:


    Use either Method A OR Method B below to gather Directory Server (ibmslapd) process startup ascii trace:

Method A

Method A is preferred when the Directory Server process is encountering error conditions during run time operations after start up.

  • Stop the Directory Server process, if running:
    ==> ps -aef | grep ibmslapd
    ==> ibmslapd -I <instanceName> -k
  • Start the Directory Server process in configuration only mode:
    ==> ibmslapd -I <instanceName> -a
  • Create a text file "traceenable.ldif" with the following lines and apply via idsldapmodify to update the configuration for trace enablement:

    • #start of traceenable.ldif
    dn: cn=Configuration
    changetype: modify
    replace: ibm-slapdStartupTraceEnabled
    ibm-slapdStartupTraceEnabled: true
    -
    replace: ibm-slapdTraceMessageLevel
    ibm-slapdTraceMessageLevel: 0xFFFF
    -
    replace: ibm-slapdTraceMessageLog
    ibm-slapdTraceMessageLog: /tmp/traceibmslapd.log
    # Replace /tmp with a folder where you have lots of free space.
    # On Windows use C:\traceibmslapd.log
    # Also that folder should have rwx permissions for instance user.
    #end of traceenable.ldif

    ==> idsldapmodify -h <ldaphostname> -p <ldapport> -D <adminDN> -w <adminPW> -i traceenable.ldif



    e.g.:
    ==> idsldapmodify -h myldaphost -p 389 -D cn=root -w password -i traceenable.ldif

    For SSLOnly enabled instances include SSL related options
    ==> idsldapmodify -h <ldaphostname> -p <ldapsslport> -Z -K <kdbpath/kdbfile.kdb> -P <kdbfilePW> -D <adminDN> -w <adminPW> -i traceenable.ldif
  • Stop the Directory Server process:
    ==> ps -aef | grep ibmslapd
    ==> ibmslapd -I <instanceName> -k
  • Determine if the trace facility is currently on or off:
    ==> ldtrc info
  • Turn on the trace facility if it is currently turned off:
    ==> ldtrc on
    ==> ldtrc info
  • Start LDAP server:
    ==> ibmslapd -I <instanceName> -n
  • Recreate the Problem - Its very important to recreate/simulate the error condition.
    Once the error or the condition you want to trace occurs wait for few more minutes and proceed to stop the Directory Server process.
  • Stop the Directory Server process:
    ==> ps -aef | grep ibmslapd
    ==> ibmslapd -I <instanceName> -k
  • Rename the trace file at this time after recreating the problem. Provide this renamed trace file which has the problem information captured in it.
  • Start the Directory Server process in configuration only mode:
    ==> ibmslapd -I <instanceName> -a
  • Create a text file "tracedisable.ldif" with the following lines and apply via idsldapmodify to update the configuration for trace disable:

    • #start of tracedisable.ldif
    dn: cn=Configuration
    changetype: modify
    replace: ibm-slapdStartupTraceEnabled
    ibm-slapdStartupTraceEnabled: false
    #end of tracedisable.ldif

    ==> idsldapmodify -h <ldaphostname> -p <ldapport> -D <adminDN> -w <adminPW> -i tracedisable.ldif



    e.g.:
    ==> idsldapmodify -h myldaphost -p 389 -D cn=root -w password -i tracedisable.ldif

    For SSLOnly enabled instances include SSL related options
    ==> idsldapmodify -h <ldaphostname> -p <ldapsslport> -Z -K <kdbpath/kdbfile.kdb> -P <kdbfilePW> -D <adminDN> -w <adminPW> -i tracedisable.ldif
  • Stop the Directory Server process:
    ==> ps -aef | grep ibmslapd
    ==> ibmslapd -I <instanceName> -k
  • Turn off the trace facility:
    ==> ldtrc off
    ==> ldtrc info

Method B

Method B is preferred when the Directory Server process is encountering error conditions during start up.

  • Stop the ITDS server, if running:
    ==> ps -aef | grep ibmslapd
    ==> ibmslapd -I <instanceName> -k
  • Determine if the trace facility is currently on or off:
    ==> ldtrc info
  • Turn on the trace facility if it is currently turned off:
    ==> ldtrc on
    ==> ldtrc info
  • Start LDAP server in DEBUG TRACING mode and redirect output to a file:

    On Unix:
    ==> ibmslapd -I <instanceName> -c -n -h 65535 2>&1 | tee /tmp/slapd_trace.out

    On Windows:
    (ibmslapd -I <instance name> -n -h 65535 2>&1) > C:\slapd_trace.out
  • Recreate the Problem - Its very important to recreate/simulate the error condition.
    Once the error or the condition you want to trace occurs wait for few more minutes and the screen no longer has messages written out, cntrl + C to stop the Directory Server process.
  • Turn off the trace facility:
    ==> ldtrc off
    ==> ldtrc info

Related Information

Debug Trace Categories / Levels

[{"Product":{"code":"SSVJJU","label":"IBM Security Directory Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.0;6.1;6.2;6.3;6.3.1;6.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Product Synonym

ISDS;SDS;ITDS;TDS;IBM Tivoli Directory Server;Tivoli Directory Server;Directory Server

Document Information

Modified date:
16 June 2018

UID

swg21268246

Page Feedback