LDAP monitoring/debug question
CLM 601
I was looking at this article:
https://jazz.net/wiki/bin/view/Deployment/WhyIsMyAuthenticationSlow
There is a section:
You can turn on LDAP query trace from the Jazz Team Server to see if any of the responses are delayed. The trace is contained under the LDAP section in the log4j.properties file, located in
..server/conf/jts/log4j.propertiesTo enable it, remove the # side from the beginning of the log4j.logger line.
#Turn on query trace against the LDAP server #log4j.logger.com.ibm.team.repository.service.jts.internal.userregistry.ldap.LDAPUserRegistry=DEBUGOK,
So after that is done, it does not say what happens or what I should be doing...anyone know?
2 answers
Hello Sterling,
as much as I know the logon process and the repository permission group evaluation is handled by WAS so I suggest to enable the tracing in WAS. It then creates a trace.log file with all the LDAP communication.
The JTS LDAP connection is from my point of view only used for the user synch.
regards
Guido
The debug messages should be in jts.log. But whether it helps in the said issue is a different story. The section about enabling tracing in Tomcat is more important (if you are using Tomcat).
The only advantage of enabling LDAP tracing in JTS rather than in the application server, that I can think of, is you don't need to restart the server. You can enable it, reload the logging configuration in /jts/admin, try to do something related to the LDAP server, for example, add a user, and you should have something in the jts.log to look into. You can disable it without restarting the server as well. Note that unless JTS has exactly the same LDAP configuration as the application server (which is not true in many cases), it will not be appropriate to investigate the issue purely based on JTS itself.
The only advantage of enabling LDAP tracing in JTS rather than in the application server, that I can think of, is you don't need to restart the server. You can enable it, reload the logging configuration in /jts/admin, try to do something related to the LDAP server, for example, add a user, and you should have something in the jts.log to look into. You can disable it without restarting the server as well. Note that unless JTS has exactly the same LDAP configuration as the application server (which is not true in many cases), it will not be appropriate to investigate the issue purely based on JTS itself.