Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Troubleshooting Guide 11g Release 1 (11.1.1.5.0) |
1. Overview of Troubleshooting Directory Server Enterprise Edition
2. Troubleshooting Installation and Migration Problems
3. Troubleshooting Replication
4. Troubleshooting Directory Proxy Server
5. Troubleshooting Directory Server Problems
6. Troubleshooting Data Management Problems
Overview of Important SSL Concepts
Possible Causes of SSL Problems
Collecting and Analyzing SSL Data
Verifying the Certificates Using dsadm
Checking Client Authentication Settings
Verify SSL Communications Using the ssltap Tool
7. Troubleshooting Identity Synchronization for Windows
8. Troubleshooting DSCC Problems
9. Directory Server Error Log Message Reference
This section describes how to troubleshoot LDAP operation failures. It describes the possible causes of the operation failures, the information to collect to help you troubleshoot the problem, and how to analyze this information.
An operation may fail for the following reasons:
ACIs are in place that do not allow the operation
Referrals are being followed to a different server
Updates can not proceed because a database has been set to referrals on updates
Database being reimported
Unallowed online configuration
To determine if ACIs are the source of your problem, gather information about all of the ACIs from the suffix level to the entry you are trying to access. Gather this data using the ldapsearch operation as follows:
# ldapsearch -b base-suffix -D "cn=Directory Manager" -w - \ -s scope "(objectclass=*)" aci
Collect the access and errors log files that contain the operation. Be sure to enable the ACI logging level. Enable the ACI logging level for the errors log file as follows:
# dsconf set-log-prop errors level:err-acl
Enable the ACI logging level for the access log file as follows:
# dsconf set-log-prop access level:acc-internal
To view the contents of the error log, use the dsadm command as follows:
dsadm show-error-log -A duration [-L last-lines] install-path
The -A option specifies the maximum age of lines to be returned from the log. For example, to search for all entries younger than 24 hours, use -A 24h. The -L option specifies the number of lines to be returned from the log. For example, to return the last 50 lines, use -L 50. By default, 20 lines are returned.
To view the access log, use the dsadm command as follows:
dsadm show-access-log -A duration [-L last-lines] install-path
The log files themselves are located in the following directories:
instance-path/logs/errors* instance-path/logs/access*
If you are unable to troubleshoot your problem yourself, collect the error and access log files from the time during which the database was inaccessible and send them to Sun Support for analysis. By default, the log files are located in the instance-path/logs directory. To find the path to your error and access logs, use the following command:
# dsconf get-log-prop ERROR path
or
# dsconf get-log-prop ACCESS path