LDAP-UX Client Services B.04.00 Administrator's Guide
Administering LDAP-UX Client Services
Troubleshooting
Chapter 4132
TIP Enable LDAP logging only long enough to collect the data you need
because logging can significantly reduce performance and generate large
log files.
You may want to move the existing log file and start with an empty file:
mv /var/adm/syslog/local0.log /var/adm/syslog/local0.log.save
Enabling and Disabling PAM Logging
When something is behaving incorrectly, enabling logging is one way to
examine the events that occur to determine where the problem is. Enable
PAM logging on a particular client as follows. See pam(1), pam.conf(4),
and Managing Systems and Workgroups for more information on PAM.
Step 1. Add the “debug” option to each line in /etc/pam.conf that contains
libpam_ldap, for example:
login account sufficient /usr/lib/security/libpam_unix.1
login account required /usr/lib/security/libpam_ldap.1 debug
su account sufficient /usr/lib/security/libpam_unix.1
su account required /usr/lib/security/libpam_ldap.1 debug
...
Step 2. Edit the file /etc/syslog.conf and add a new line at the bottom like the
following:
*.debug <tab> /var/adm/syslog/debug.log
Step 3. Restart the syslog daemon with the following command. (See
syslogd(1M) for details.)
kill -HUP ‘cat /var/run/syslog.pid‘
Step 4. Once logging is enabled, run the HP-UX commands or applications that
exhibit the problem.
Step 5. Restore the file /etc/syslog.conf to its previous state; otherwise, you may
unintentionally enable logging in other applications.
Step 6. Restart the syslog daemon with the following command. (See
syslogd(1M) for details.)
kill -HUP ‘cat /var/run/syslog.pid‘
Step 7. Remove the “debug” options from /etc/pam.conf.