[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: debugging OpenLDAP client



On Tue, Nov 18, 2014 at 06:59:12PM +0200, Igor Shmukler wrote:

> Well, I raised this subject stating that -1 does not do what I need.

-1 prints everything that OpenLDAP has got, so you need to look elsewhere
if that is not enough..

I suggest Wireshark: either use it directly to capture network traffic
or run tcpdump on the LDAP server or client machine and transfer the dump
file to your desktop machine for analysis. If the server or client machine
has a graphical display then you can do the whole job directly with Wireshark.

Here is an invocation of tcpdump to do the capture:

tcpdump -i eno1 -w /tmp/traffic host myclient.example.com and port 389

eno1 is the name of the network interface
/tmp/traffic is the dump file
myclient.example.com is the name of the server if this is run on the client host
or the name of the client if run on the server

Set that running and have your client code do its stuff.
Break into tcpdump with control-C
Copy /tmp/traffic to your desktop if necessary
Open /tmp/traffic in Wireshark.

You can expand the various protocol levels to get nore detail.
If you drill down into the LDAP layer you will see the search request
and if you drill further you will see the paged results control,
cookies etc.

Note that you will have to turn off encryption (SSL/TLS) on the LDAP
session if you are using it (which you should be when you go into production).

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------