Overview#

Often we find ourselves digging through a Ndstrace Log Searches log files looking for that proverbial needle.
We found these Ndstrace Log Searches that seem to work pretty well in assisting.

LDAP Entry Operations#

• add Request - grep for "add: dn '
• modify Request - grep for "modify: dn '
• delete Request - grep for "delete: dn '
• modifyDNRequest - grep for "DoModifyDN: dn ' (Why is this one not all lower case?)

All of these can be more specific by adding the FDN of the specific LDAP Entry similar to:

• add Request - grep for "add: dn (cn=jwilleke,ou=people,dc=example,dc=com)'

modify Request Attribute Operations#

• add - grep for "add: <attribute-Name>'
• delete - grep for "delete: <attribute-Name>'
• replace - grep for "replace: <attribute-Name>'

searchRequest#

• grep for "Search Request:' - The lines following this will be the full request.
• find specific attribute being searched for - grep for 'attribute: <attribute-Name>'
• find specific LDAP SearchFilter - grep for 'filter: <(specificFilter)>'

LDAP Result Codes#

To find generic LDAP Result Codes which are not LDAP_SUCCESS grep for 'NDS error:'

These can be more specific to find only the desired NDS error by using:

• LDAP_INVALID_CREDENTIALS - ' Sending operation result 49'
• LDAP_NO_SUCH_OBJECT - ' Sending operation result 32'
• and so on.

Bind Request specific LDAP Result Codes#

• LDAP_INVALID_CREDENTIALS - ' Sending operation result 49'
  • LDAP_INVALID_CREDENTIALS - ' bad password'
  • LDAP_INVALID_CREDENTIALS - ' failed authentication' - All other bind errors
• grep for "password expired' - Results where the password was expired

TAGS#

Be sure to use set ndstrace=+TAGS as the first entry on the line will be the "TAG" which will identify the connection for the current operation.

Category#

eDirectory

More Information#

There might be more information for this subject on one of the following:

• Ndstrace