1.5 What Directory Editor Debug Data Should You Collect?

This section describes the kinds of debug data you need to provide based on the problem you are experiencing.

This section contains the following tasks:

• To Collect Required Debug Data for Any Directory Editor Problem

• To Collect Required Debug Data for Directory Editor Installation Problems

• To Collect Required Debug Data for Directory Editor Startup Problems

• To Collect Required Debug Data for Directory Editor Login Problems

• To Collect Required Debug Data for Directory Editor Graphical User Interface Problems

1.5.1 To Collect Required Debug Data for Any Directory Editor Problem

All problems described in this technical note need basic information collected about when the problem occurred and about the system having the problem. Use this task to collect that basic information.

1. Note the time or times the problem occurred.

2. Note the name of the application server in which you run Directory Editor.

3. Note the exact version of the application server in which you run Directory Editor.

4. Note the exact version of the Java Virtual Machine which you use to run Directory Editor.

5. Note the operating system version.

   Solaris OS

   uname -a

   HP-UX

   uname -r

   Red Hat

   cat /etc/redhat-release

   Windows

   C:\Program Files\Common files\Microsoft Shared\MSInfo\msinfo32.exe /report C:\report.txt

6. Note the patch level.

   Solaris OS

   showrev -p

   HP-UX

   swlist

   Red Hat

   rpm -qa

   Windows

   Already provided in C:\report.txt.

7. Note the Directory Editor version and build number.

   The build number is available only for Directory Editor 1.

   To determine the build number, hover your mouse cursor over the Version string at the top of the Directory Editor page. Either a tooltip appears showing the build number, or the browser displays the build number as a message in the status bar at the bottom of the browser window.

   Alternatively, you can view the source of the Directory Editor web page and search for Build number.

8. Collect Directory Editor configuration files.

   application-root/WEB-INF/classes/init.xml

   application-root/WEB-INF/classes/log4j.properties

   application-root/WEB-INF/startup.properties

1.5.2 To Collect Required Debug Data for Directory Editor Installation Problems

This procedure describes what data to collect when you cannot complete Directory Editor installation.

1. Collect the security policy file for your application server.

   For Sun Java System Application Server

   app-server-root/domains/domain-name/config/server.policy

   For Apache Tomcat with Security Manager turned on

   tomcat-root/conf/catalina.policy

2. Collect error logs for your application server.

   For example, if you run Directory Editor in the first domain and instance of Sun Java System Application Server, collect app-server-root/domains/domain1/server1/logs/server.log.

3. Collect Directory Server access, errors, and audit logs.

   Collect logs from both the Directory Editor Configuration Directory Server and also Managed Directory Servers. By default, you find these logs in the following locations:

   server-root/slapd-serverID/logs/access

   server-root/slapd-serverID/logs/errors

   server-root/slapd-serverID/logs/audit (if enabled)

   If these log files are not in the default locations, examine the Directory Server configuration file, server-root/slapd-/serverID/config/dse.ldif, to find the paths to the logs. The paths are specified as the values of attributes nsslapd-accesslog, nsslapd-errorlog, and nsslapd-auditlog.

4. When using Sun Java System Application Server 7 or 8, collect the server description file.

   For example, app-server-root/domains/domain1/server1/config/server.xml.

1.5.3 To Collect Required Debug Data for Directory Editor Startup Problems

This section describes what data to collect when you cannot start Directory Editor.

1. Collect information about the port used for your application server.

   UNIX and Linux

   netstat -an | grep app-server-port

   Windows

   netstat -an

2. Collect error logs for your application server.

   For example, if you run Directory Editor in the first domain and instance of Sun Java System Application Server, collect app-server-root/domains/domain1/server1/logs/server.log.

3. Collect logs from both the Directory Editor Configuration Directory Server and also Managed Directory Servers.

   By default, you find these logs in the following locations:

   server-root/slapd-serverID/logs/access

   server-root/slapd-serverID/logs/errors

   server-root/slapd-serverID/logs/audit (if enabled)

   If these log files are not in the default locations, examine the Directory Server configuration file, server-root/slapd-/serverID/config/dse.ldif, to find the paths to the logs. The paths are specified as the values of attributes nsslapd-accesslog, nsslapd-errorlog, and nsslapd-auditlog.

4. Collect the de-startup-problem-services.ldif file generated by the ldapsearch command.

   Be sure to include the -B option, which retrieves binary attribute values as they are stored in the directory.

   UNIX and Linux

   server-root/shared/bin/ldapsearch -h hostname -p port -D "cn=Directory Manager" -w password -B -b "ou=1.0,ou=DML,ou=services,dc-root" "(objectclass=*)" > /tmp/de-startup-problem-services.ldif

   Windows

   server-root\shared\bin\ldapsearch.exe -h hostname -p port -D "cn=Directory Manager" -w password -B -b "ou=1.0,ou=DML,ou=services,dc-root" "(objectclass=*)" > C:\de-startup-problem-services.ldif

   Here, dc-root means the domain controller suffix for the configuration directory used in your environment, such as dc=example,dc=com.

1.5.4 To Collect Required Debug Data for Directory Editor Login Problems

This section describes what data to collect when you cannot login to Directory Editor.

1. Take a screen shot of the login screen.

   The screen shot should show the error message that results when you try to login.

2. Note the result of an attempt to login to Directory Editor as cn=Directory Manager.

   The cn=Directory Manager user might be able to login although other users cannot.

3. Collect the user-prob.ldif file generated by the ldapsearch command.

   UNIX and Linux

   server-root/shared/bin/ldapsearch -h hostname -p port -D "cn=Directory Manager" -w password -b "base-dn" "(uid=userID)" > /tmp/user-prob.ldif

   Windows

   server-root\shared\bin\ldapsearch.exe -h hostname -p port -D "cn=Directory Manager" -w password -b "base-dn" "(uid=userID)" > C:\user-prob.ldif

   Here, base-dn means the DN of the suffix used in your environment to store user entries, such as ou=people,dc=example,dc=com.

4. Collect the error logs for your application server.

   For example, if you run Directory Editor in the first domain and instance of Sun Java System Application Server, collect app-server-root/domains/domain1/server1/logs/server.log.

5. Collect logs from both the Directory Editor Configuration Directory Server and also Managed Directory Servers.

   By default, you find these logs in the following locations:

   server-root/slapd-serverID/logs/access

   server-root/slapd-serverID/logs/errors

   server-root/slapd-serverID/logs/audit (if enabled)

   If these log files are not in the default locations, examine the Directory Server configuration file, server-root/slapd-serverID/config/dse.ldif, to find the paths to the logs. The paths are specified as the values of attributes nsslapd-accesslog, nsslapd-errorlog, and nsslapd-auditlog.

6. Collect the de-login-problem-services.ldif file generated by the ldapsearch command for both the Configuration Directory Server and the Managed Directory Servers.

   Be sure to include the -B option, which retrieves binary attribute values as they are stored in the directory.

   UNIX and Linux

   server-root/shared/bin/ldapsearch -h hostname -p port -D "cn=Directory Manager" -w password -B -b "ou=1.0,ou=DML,ou=services,dc-root" "(objectclass=*)" > /tmp/de-login-problem-services.ldif

   Windows

   server-root\shared\bin\ldapsearch.exe -h hostname -p port -D "cn=Directory Manager" -w password -B -b "ou=1.0,ou=DML,ou=services,dc-root" "(objectclass=*)" > C:\de-login-problem-services.ldif

   Here, dc-root means the domain controller suffix for the configuration directory used in your environment, such as dc=example,dc=com.

7. Collect the de-login-problem-aci.ldif file generated by the ldapsearch command for the Managed Directory Servers.

   UNIX and Linux

   server-root/shared/bin/ldapsearch -h hostname -p port -D "cn=Directory Manager" -w password -b "base-dn" "(objectclass=*)" aci > /tmp/de-login-problem-aci.ldif

   Windows

   server-root\shared\bin\ldapsearch.exe -h hostname -p port -D "cn=Directory Manager" -w password -b "base-dn" "(objectclass=*)" aci > C:\de-login-problem-aci.ldif

   Here, base-dn means the DN of the suffix used in your environment to store user entries, such as ou=people,dc=example,dc=com.

8. Collect trace logging information showing authentication activity.

   To collect this information, perform the following steps.

   1. Open the app-server-root/WEB-INF/classes/log4j.properties file in a text editor.

   2. Add the following lines.

      log4j.logger.com.sun.dml.auth=TRACE,auth
      
      log4j.appender.auth=org.apache.log4j.RollingFileAppender
      log4j.appender.auth.layout=org.apache.log4j.PatternLayout
      log4j.appender.auth.layout.ConversionPattern=%d{ISO8601} [%t] %-5p %c - %m%n
      log4j.appender.auth.File=de-auth.log
      log4j.appender.auth.MaxFileSize=5MB
      log4j.appender.auth.MaxBackupIndex=1

   3. Restart Directory Editor.

   4. Reproduce the login problem immediately.

   5. Collect the log file or files named de-auth.log.

1.5.5 To Collect Required Debug Data for Directory Editor Graphical User Interface Problems

This section describes what data to collect when part of the Directory Editor user interface fails to comply with what you expect.

1. Collect screen shots of the affected screen or screens.

   The screen shots should show the problem you are experiencing.

2. Provide step by step instructions for reproducing the problem.

   If needed, also provide test case data.

3. Provide the browser name, version number, and operating system where you run the browser to access Directory Editor.

4. Provide information about the user who was logged in when the problem occurred.

5. Collect trace logging information showing view and web activity.

   To collect this information, perform the following steps.

   1. Open the app-server-root/WEB-INF/classes/log4j.properties file in a text editor.

   2. Add the following lines.

      log4j.logger.com.sun.dml.view=TRACE,view
      log4j.logger.com.sun.dml.web=TRACE,web
      
      log4j.appender.view=org.apache.log4j.RollingFileAppender
      log4j.appender.view.layout=org.apache.log4j.PatternLayout
      log4j.appender.view.layout.ConversionPattern=%d{ISO8601} [%t] %-5p %c - %m%n
      log4j.appender.view.File=de-view.log
      log4j.appender.view.MaxFileSize=5MB
      log4j.appender.view.MaxBackupIndex=1
      
      log4j.appender.web=org.apache.log4j.RollingFileAppender
      log4j.appender.web.layout=org.apache.log4j.PatternLayout
      log4j.appender.web.layout.ConversionPattern=%d{ISO8601} [%t] %-5p %c - %m%n
      log4j.appender.web.File=de-web.log
      log4j.appender.web.MaxFileSize=5MB
      log4j.appender.web.MaxBackupIndex=1

   3. Restart Directory Editor.

   4. Reproduce the login problem immediately.

   5. Collect the log files named de-view.log and de-web.log.

6. Collect screen shots of Directory Editor debugging screens.

   Access the following Directory Editor URL, http://hostname:port/de/Debug.do.

   Take screen shots of the following five tab pages:

   • HTTP Session

   • Directory Properties

   • Java System Properties

   • Memory

   • Call Timer