[Freeipa-users] 389-console and IPA

Mark Reynolds mareynol at redhat.com
Wed Mar 29 20:55:12 UTC 2017 


On 03/29/2017 02:05 PM, Josh wrote:
> Hi Mark,
>
> Thanks for responding.
>
> Essentially I would like to change access log file size from 100Meg to
> 10Meg and change number of  log files down to 5 for example.
All you need to do is something like:

ldapmodify -p PORT -h HOST - D "cn=directory manager" -w PASSWORD
dn: cn=config
changetype: modify
replace: ATTR
ATTR: NEWVALUE

Example

ldapmodify -p 389 -h localhost - D "cn=directory manager" -w SECRET123
dn: cn=config
changetype: modify
replace: nsslapd-accesslog-maxlogsize
nsslapd-accesslog-maxlogsize: 10


Here are the attributes in question you are probably interested in:

nsslapd-accesslog-maxlogsize
nsslapd-accesslog-maxlogsperdir
nsslapd-errorlog-level

See this link for the log levels:

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/error-logs.html#error-logs-levels

HTH,
Mark

>
> Regards,
> Josh.
>
> On 03/29/2017 10:30 AM, Mark Reynolds wrote:
>>
>> On 03/28/2017 07:48 PM, Josh wrote:
>>> Greetings,
>>>
>>> I wonder if possible to use 389-console with default IPA installation
>>> on REHL 7.
>> This should be technically possible, but it has its risks...  You would
>> need to install the 389-admin/console packages, then you would have to
>> register your DS instance using register-ds-admin.pl - which adds the
>> "o=netscaperoot" suffix/backend to the server.  This backend is what the
>> console uses to render the UI.
>>
>> I've never tried this with IPA before, and it would have other
>> implications.  You'd have to exclude the o=netscaperoot suffix from the
>> retro changelog, and possibly other plugin adjustments as well.  Sorry I
>> don't know IPA that well, so perhaps others on this list could comment
>> on other pitfalls you might run into with the added backend.
>>> Primarily reason is to alter log settings
>> Really this isn't that hard from the CLI perspective.   You could write
>> a simple shell script for changing log levels -  I could help you with
>> that if need be.
>>
>> Mark
>>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Configuring_Logs.html#Viewing_and_Configuring_Log_Files-Defining_a_Log_File_Rotation_Policy
>>>
>>>
>>>
>>> without using command line tools
>>>
>>> https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnconfig-nsslapd_accesslog_maxlogsize_Access_Log_Maximum_Log_Size
>>>
>>>
>>>
>>> Regards,
>>> Josh.
>>>
>

More information about the Freeipa-users mailing list