[Freeipa-users] Where do I change the nsslapd-accesslog-level?
Rob Crittenden
rcritten at redhat.com
Tue May 13 19:36:36 UTC 2014
Jason Becker wrote:
> I am using FreeIPA 3.0.0 on RHEL 6 (ipa-server-3.0.0-37.el6.x86_64).
>
> Where do I change the verbosity of access logging?
>
> This doc:
>
> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/server-config.html
>
> discusses turning on global debugging but doesn't help me. The same doc
> links to:
>
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Configuration_and_Command-Line_Tool_Reference/logs-reference.html
>
> which tells me that I need to change the nsslapd-accesslog-level but the
> link on that page is a 404.
>
> So what do I need to do to change the level? I would assume that setting
> the level to 4 would be indicated if 256 is too verbose but can someone
> please confirm?
256 is the default.
I found this documented in a slightly older release at
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/8.0/html/Configuration_and_Command_Reference/Configuration_Command_File_Reference-Core_Server_Configuration_Reference-Core_Server_Configuration_Attributes_Reference.html#Configuration_Command_File_Reference-cnconfig-nsslapd_accesslog_level
>
> I tried looking in the Configuration tab of the admin GUI but I get thrown:
>
> IPA Error 4204
>
> limits exceeded for this query
>
> Not sure what's going on there, might be symptomatic of the high load
> the server is under due to iowait perhaps...
Yes. And I guess ironically you can configure the timeout but without
being able to display the page this can be hard using our tools, which
enforce that timeout. This data lives at
cn=ipaConfig,cn=etc,dc=example,dc=com . You can use ldapmodify to change
this if the IPA tools keep timing out while trying.
rob
More information about the Freeipa-users
mailing list