This section describes how to troubleshoot LDAP operation failures. It describes the possible causes of the operation failures, the information to collect to help you troubleshoot the problem, and how to analyze this information.
An operation may fail for the following reasons:
ACIs are in place that do not allow the operation
Referrals are being followed to a different server
Updates can not proceed because a database has been set to referrals on updates
Database being reimported
Unallowed online configuration
To determine if ACIs are the source of your problem, gather information about all of the ACIs from the suffix level to the entry you are trying to access. Gather this data using the ldapsearch operation as follows:
# ldapsearch -D cn=Directory Manager -b base-suffix dn aci |
Collect the access and errors log files that contain the operation. Be sure to enable the ACI logging level. Enable the ACI logging level for the errors log file as follows:
# dsconf set-log-prop errors level:err-acl |
Enable the ACI logging level for the access log file as follows:
# dsconf set-log-prop access level:acc-internal |
To view the contents of the error log, use the dsadm command as follows:
dsadm show-error-log -A duration [-L last-lines] install-path |
The -A option specifies the maximum age of lines to be returned from the log. For example, to search for all entries younger than 24 hours, use -A 24h. The -L option specifies the number of lines to be returned from the log. For example, to return the last 50 lines, use -L 50. By default, 20 lines are returned.
To view the access log, use the dsadm command as follows:
dsadm show-access-log -A duration [-L last-lines] install-path |
The log files themselves are located in the following directories:
instance-path/logs/errors* instance-path/logs/access* |
If you are unable to troubleshoot your problem yourself, collect the error and access log files from the time during which the database was inaccessible and send them to Sun Support for analysis. By default, the log files are located in the instance-path/logs directory. To find the path to your error and access logs, use the following command:
# dsconf get-log-prop ERROR path |
or
# dsconf get-log-prop ACCESS path |