Change LDAP Log Levels

There are two methods.

Method 1

zmlocalconfig -e ldap_log_level=256

With versions ZCS 8 and above - 
zmlocalconfig -e ldap_common_loglevel=256

ldap stop

ldap start


**this method does not require ldap stop/start**

ldapmodify -x -h <host> -D "cn=config" -W <hit enter>
<enter ldap_root_password>
dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: 256 **if you want to disable ldap log, type in 'none'**
<enter> <enter>


Notes from mmorse:
Default: 32768 (OR 0x8000 OR none) would just log critical stuff

zmlocalconfig -e ldap_log_level=32768
zmcontrol stop/start

We tried 16640 = stats + sync for a few releases and found it overwhelming /var/log/zimbra.log - but it's good for debug.

Master: 32768 none (critical only)
Replicas: 49152 = none + sync = 32768 + 16384 (no stats but syncrepl entries are logged)

For instance to set that replica value it would be:
zmlocalconfig -e ldap_log_level=49152
zmlocalconfig -e ldap_log_level="none sync"

followed by ldap stop/start

You can define it several ways (single interger in decimal or hexadecimal, or keywords) and then you can combine them - for instance these are equivalent:
loglevel 129
loglevel 0x81
loglevel 128 1
loglevel 0x80 0x1
loglevel acl trace

hexadecimal <> decimal conversion tool

The keyword any can be used as a shortcut to enable logging at all levels (equivalent to -1).

The keyword none, or the equivalent integer representation (32768 or 0x800), causes those messages that are always logged regardless of the configured loglevel to be output (specified & critical stuff). In fact, if no loglevel (or a 0 level) is defined, no logging occurs, so at least the none level is required to have high priority messages logged.

In short, 32768 (OR 0x8000 OR none) = only messages that get logged whatever log level is set, thus you get critical stuff.


ldap_log_level becomes ldap_common_loglevel.

For more on ldap changes see LDAP#ZCS_6.0.2B

Jump to: navigation, search