IBM Support

Collecting an ascii server trace on Directory Server startup.

Technote (troubleshooting)


Problem(Abstract)

In order to debug a failed server start up or a specific operation from a fresh server start, it is often useful to collect an ascii trace of Directory Server process.

Resolving the problem

ASCII Server Trace Instructions:


    Use either Method A OR Method B below to gather Directory Server (ibmslapd) process startup ascii trace:

Method A

Method A is preferred when the Directory Server process is encountering error conditions during run time operations after start up.

  • Stop the Directory Server process, if running:
    ==> ps -aef | grep ibmslapd
    ==> ibmslapd -I <instanceName> -k
  • Start the Directory Server process in configuration only mode:
    ==> ibmslapd -I <instanceName> -a
  • Create a text file "traceenable.ldif" with the following lines and apply via idsldapmodify to update the configuration for trace enablement:

    #start of traceenable.ldif
    dn: cn=Configuration
    changetype: modify
    replace: ibm-slapdStartupTraceEnabled
    ibm-slapdStartupTraceEnabled: true
    -
    replace: ibm-slapdTraceMessageLevel
    ibm-slapdTraceMessageLevel: 0xFFFF
    -
    replace: ibm-slapdTraceMessageLog
    ibm-slapdTraceMessageLog: /tmp/traceibmslapd.log
    # Replace /tmp with a folder where you have lots of free space.
    # On Windows use C:\traceibmslapd.log
    # Also that folder should have rwx permissions for instance user.
    #end of traceenable.ldif

    ==> idsldapmodify -h <ldaphostname> -p <ldapport> -D <adminDN> -w <adminPW> -i traceenable.ldif


    e.g.:
    ==> idsldapmodify -h myldaphost -p 389 -D cn=root -w password -i traceenable.ldif

    For SSLOnly enabled instances include SSL related options
    ==> idsldapmodify -h <ldaphostname> -p <ldapsslport> -Z -K <kdbpath/kdbfile.kdb> -P <kdbfilePW> -D <adminDN> -w <adminPW> -i traceenable.ldif

  • Stop the Directory Server process:
    ==> ps -aef | grep ibmslapd
    ==> ibmslapd -I <instanceName> -k
  • Determine if the trace facility is currently on or off:
    ==> ldtrc info
  • Turn on the trace facility if it is currently turned off:
    ==> ldtrc on
    ==> ldtrc info
  • Start LDAP server:
    ==> ibmslapd -I <instanceName> -n
  • Recreate the Problem - Its very important to recreate/simulate the error condition.
    Once the error or the condition you want to trace occurs wait for few more minutes and proceed to stop the Directory Server process.
  • Stop the Directory Server process:
    ==> ps -aef | grep ibmslapd
    ==> ibmslapd -I <instanceName> -k
  • Rename the trace file at this time after recreating the problem. Provide this renamed trace file which has the problem information captured in it.
  • Start the Directory Server process in configuration only mode:
    ==> ibmslapd -I <instanceName> -a
  • Create a text file "tracedisable.ldif" with the following lines and apply via idsldapmodify to update the configuration for trace disable:

    #start of tracedisable.ldif
    dn: cn=Configuration
    changetype: modify
    replace: ibm-slapdStartupTraceEnabled
    ibm-slapdStartupTraceEnabled: false
    #end of tracedisable.ldif

    ==> idsldapmodify -h <ldaphostname> -p <ldapport> -D <adminDN> -w <adminPW> -i tracedisable.ldif


    e.g.:
    ==> idsldapmodify -h myldaphost -p 389 -D cn=root -w password -i tracedisable.ldif

    For SSLOnly enabled instances include SSL related options
    ==> idsldapmodify -h <ldaphostname> -p <ldapsslport> -Z -K <kdbpath/kdbfile.kdb> -P <kdbfilePW> -D <adminDN> -w <adminPW> -i tracedisable.ldif

  • Stop the Directory Server process:
    ==> ps -aef | grep ibmslapd
    ==> ibmslapd -I <instanceName> -k
  • Turn off the trace facility:
    ==> ldtrc off
    ==> ldtrc info

Method B

Method B is preferred when the Directory Server process is encountering error conditions during start up.

  • Stop the ITDS server, if running:
    ==> ps -aef | grep ibmslapd
    ==> ibmslapd -I <instanceName> -k
  • Determine if the trace facility is currently on or off:
    ==> ldtrc info
  • Turn on the trace facility if it is currently turned off:
    ==> ldtrc on
    ==> ldtrc info
  • Start LDAP server in DEBUG TRACING mode and redirect output to a file:

    On Unix:
    ==> ibmslapd -I <instanceName> -c -n -h 65535 2>&1 | tee /tmp/slapd_trace.out

    On Windows:
    (ibmslapd -I <instance name> -n -h 65535 2>&1) > C:\slapd_trace.out
  • Recreate the Problem - Its very important to recreate/simulate the error condition.
    Once the error or the condition you want to trace occurs wait for few more minutes and the screen no longer has messages written out, cntrl + C to stop the Directory Server process.
  • Turn off the trace facility:
    ==> ldtrc off
    ==> ldtrc info

Related information

Debug Trace Categories / Levels

Product Alias/Synonym

ISDS
SDS
ITDS
TDS
IBM Tivoli Directory Server
Tivoli Directory Server
Directory Server

Document information

More support for: IBM Security Directory Server
General

Software version: 6.0, 6.1, 6.2, 6.3, 6.3.1, 6.4

Operating system(s): Platform Independent

Reference #: 1268246

Modified date: 21 April 2010