1.5.4 To Collect Required Debug Data for Directory Editor Login
Problems
This section describes what data to collect when you cannot login to Directory Editor.
-
Take a screen shot of the login screen.
The screen shot should show the error message that results when you try to login.
-
Note the result of an attempt to login to Directory Editor as cn=Directory Manager.
The cn=Directory Manager user might be able to login although other users cannot.
-
Collect the user-prob.ldif file generated by the ldapsearch command.
- UNIX and Linux
-
server-root/shared/bin/ldapsearch -h hostname -p port -D "cn=Directory Manager" -w password -b "base-dn" "(uid=userID)" > /tmp/user-prob.ldif
- Windows
-
server-root\shared\bin\ldapsearch.exe -h hostname -p port -D "cn=Directory Manager" -w password -b "base-dn" "(uid=userID)" > C:\user-prob.ldif
Here, base-dn means the DN of the suffix used in your environment to store user entries, such as ou=people,dc=example,dc=com.
-
Collect the error logs for your application server.
For example, if you run Directory Editor in the first domain and instance of Sun Java System Application Server, collect app-server-root/domains/domain1/server1/logs/server.log.
-
Collect logs from both the Directory Editor Configuration Directory Server and also Managed Directory Servers.
By default, you find these logs in the following locations:
server-root/slapd-serverID/logs/access
server-root/slapd-serverID/logs/errors
server-root/slapd-serverID/logs/audit (if enabled)
If these log files are not in the default locations, examine the Directory Server configuration file, server-root/slapd-serverID/config/dse.ldif, to find the paths to the logs. The paths are specified as the values of attributes nsslapd-accesslog, nsslapd-errorlog, and nsslapd-auditlog.
-
Collect the de-login-problem-services.ldif file generated by the ldapsearch command for both the Configuration Directory Server and the Managed Directory Servers.
Be sure to include the -B option, which retrieves binary attribute values as they are stored in the directory.
- UNIX and Linux
-
server-root/shared/bin/ldapsearch -h hostname -p port -D "cn=Directory Manager" -w password -B -b "ou=1.0,ou=DML,ou=services,dc-root" "(objectclass=*)" > /tmp/de-login-problem-services.ldif
- Windows
-
server-root\shared\bin\ldapsearch.exe -h hostname -p port -D "cn=Directory Manager" -w password -B -b "ou=1.0,ou=DML,ou=services,dc-root" "(objectclass=*)" > C:\de-login-problem-services.ldif
Here, dc-root means the domain controller suffix for the configuration directory used in your environment, such as dc=example,dc=com.
-
Collect the de-login-problem-aci.ldif file generated by the ldapsearch command for the Managed Directory Servers.
- UNIX and Linux
-
server-root/shared/bin/ldapsearch -h hostname -p port -D "cn=Directory Manager" -w password -b "base-dn" "(objectclass=*)" aci > /tmp/de-login-problem-aci.ldif
- Windows
-
server-root\shared\bin\ldapsearch.exe -h hostname -p port -D "cn=Directory Manager" -w password -b "base-dn" "(objectclass=*)" aci > C:\de-login-problem-aci.ldif
Here, base-dn means the DN of the suffix used in your environment to store user entries, such as ou=people,dc=example,dc=com.
-
Collect trace logging information showing authentication activity.
To collect this information, perform the following steps.
-
Open the app-server-root/WEB-INF/classes/log4j.properties file in a text editor.
-
Add the following lines.
log4j.logger.com.sun.dml.auth=TRACE,auth log4j.appender.auth=org.apache.log4j.RollingFileAppender log4j.appender.auth.layout=org.apache.log4j.PatternLayout log4j.appender.auth.layout.ConversionPattern=%d{ISO8601} [%t] %-5p %c - %m%n log4j.appender.auth.File=de-auth.log log4j.appender.auth.MaxFileSize=5MB log4j.appender.auth.MaxBackupIndex=1 -
Restart Directory Editor.
-
Reproduce the login problem immediately.
-
Collect the log file or files named de-auth.log.
-
- © 2010, Oracle Corporation and/or its affiliates