LDAP-UX Client Services B.04.15 Administrator's Guide
5.18 Troubleshooting
This section describes troubleshooting techniques as well as problems you may encounter.
5.18.1 Enabling and Disabling LDAP-UX Logging
When something is behaving incorrectly, enabling logging is one way to examine the events that
occur to determine where the problem is. Enable LDAP-UX Client Services logging on a particular
client as follows:
1. Edit the local startup file /etc/opt/ldapux/ldapux_client.conf and uncomment the lines starting
with #log_facility and #log_level by removing the initial # symbol. You can set log_level to
LOG_INFO to log only unusual events. This is a good place to start. If LOG_INFO is not
adequate to identify the problem, set log_level to LOG_DEBUG to log trace information.
LOG_DEBUG will provide more information but will significantly reduce performance and
generate large log files on active systems.
2. Edit the file /etc/syslog.conf and add a new line at the bottom:
local0.debug <tab> /var/adm/syslog/local0.log
where <tab> is the Tab key on your keyboard.
3. Restart the syslog daemon with the following command. (See syslogd(1M) for details.)
kill -HUP 'cat /var/run/syslog.pid'
4. Once logging is enabled, run the HP-UX commands or applications that exhibit the problem.
5. Disable logging by commenting out the log_facility and log_level lines in the startup file
/etc/opt/ldapux/ldapux_client.conf. Comment them out by inserting a "#" symbol in the first
column.
6. Examine the log file at /var/adm/syslog/local0.log to see what actions were performed and
if any are unexpected. Look for functions with "ldap_." These are standard LDAP function
calls.
TIP: Enable LDAP logging only long enough to collect the data you need because logging can
significantly reduce performance and generate large log files.
You may want to move the existing log file and start with an empty file: mv
/var/adm/syslog/local0.log /var/adm/syslog/local0.log.save
5.18.2 Enabling and Disabling PAM Logging
When something is behaving incorrectly, enabling logging is one way to examine the events that
occur to determine where the problem is. Enable PAM logging on a particular client as follows.
See pam(1), pam.conf(4), and Managing Systems and Workgroups for more information on PAM.
1. Add the "debug" option to each line in /etc/pam.conf that contains libpam_ldap, for example:
login account sufficient /usr/lib/security/libpam_unix.1
login account required /usr/lib/security/libpam_ldap.1 debug su
account sufficient /usr/lib/security/libpam_unix.1 su account
required /usr/lib/security/libpam_ldap.1 debug ...
2. Edit the file /etc/syslog.conf and add a new line at the bottom like the following:
*.debug <tab> /var/adm/syslog/debug.log
3. Restart the syslog daemon with the following command. (See syslogd(1M) for details.)
kill -HUP 'cat /var/run/syslog.pid'
4. Once logging is enabled, run the HP-UX commands or applications that exhibit the problem.
5. Restore the file /etc/syslog.conf to its previous state; otherwise, you may unintentionally
enable logging in other applications.
6. Restart the syslog daemon with the following command. (See syslogd(1M) for details.)
132 Administering LDAP-UX Client Services