Hi, I think this is `man ldap_set_option :: LDAP_OPT_DEBUG_LEVEL`: ``` Valid debug levels are LDAP_DEBUG_ANY, LDAP_DEBUG_ARGS, LDAP_DEBUG_BER, LDAP_DEBUG_CONNS, LDAP_DEBUG_NONE, LDAP_DEBUG_PACKETS, LDAP_DEBUG_PARSE, and LDAP_DEBUG_TRACE ```
For values see https://git.openldap.org/openldap/openldap/-/blob/master/include/ldap_log.h?ref_type=heads#L107 On Thu, Jan 16, 2025 at 5:09 PM Spike White via sssd-users < [email protected]> wrote: > Sssd experts, > > > > Our AD team is complaining that their AD controllers in our more > densely-populated datacenters are getting overloaded. (up to 5K concurrent > LDAP connections per AD DC). > > > They find that 90% of the LDAP queries come from Linux servers -- which is > surprising as Linux servers are < 50% of the resident population. > > > We had previously found a coding bug in a vendor’s cron job that was > generating a lot of unnecessary LDAP queries. That cybersecurity > monitoring software was on every Linux server, so it led to a thundering > herd problem when the cron job would kick off on every Linux server. > > > That thundering herd problem has been remediated, but we suspect something > similar occurring now. We’d like to see what LDAP queries are being > executed by several random Linux servers, but we’ve had negative > experiences leaving sssd debug_level = 9 on for several days. (Fills up > the /var/log filesystem after a few days). > > > I read in the sssd-ldap man page: > > > ldap_library_debug_level (integer) > > Switches on libldap debugging with the given level. The libldap debug > messages will be written independent of the general debug_level. > > > > OpenLDAP uses a bitmap to enable debugging for specific components, -1 > will enable full debug output. > > > > Default: 0 (libldap debugging disabled) > > > > This seems to be exactly what we want! We want to see what LDAP queries > are being executed without all the other massive logging that arises from > debug_level 9. > > > > However, I cannot find these bitmap values of debug levels for the > openldap library. The most I can find is bitmapped debug values for a > stand-alone slapd daemon. > > > > OpenLDAP debug level - Knowledge Base / Community - Univention Help > <https://help.univention.com/t/openldap-debug-level/19301> > > > > Where may I find the documentation of the bitmapped debug values that can > be set via ldap_library_debug_level? > > > > Spike White > > > -- > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
