Discussion:
[Freeipa-users] 389-console and IPA
Josh
2017-03-28 23:48:08 UTC
Permalink
Greetings,

I wonder if possible to use 389-console with default IPA installation on
REHL 7.

Primarily reason is to alter log settings

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Configuring_Logs.html#Viewing_and_Configuring_Log_Files-Defining_a_Log_File_Rotation_Policy

without using command line tools

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnconfig-nsslapd_accesslog_maxlogsize_Access_Log_Maximum_Log_Size

Regards,
Josh.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Mark Reynolds
2017-03-29 14:30:37 UTC
Permalink
Post by Josh
Greetings,
I wonder if possible to use 389-console with default IPA installation
on REHL 7.
This should be technically possible, but it has its risks... You would
need to install the 389-admin/console packages, then you would have to
register your DS instance using register-ds-admin.pl - which adds the
"o=netscaperoot" suffix/backend to the server. This backend is what the
console uses to render the UI.

I've never tried this with IPA before, and it would have other
implications. You'd have to exclude the o=netscaperoot suffix from the
retro changelog, and possibly other plugin adjustments as well. Sorry I
don't know IPA that well, so perhaps others on this list could comment
on other pitfalls you might run into with the added backend.
Post by Josh
Primarily reason is to alter log settings
Really this isn't that hard from the CLI perspective. You could write
a simple shell script for changing log levels - I could help you with
that if need be.

Mark
Post by Josh
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Configuring_Logs.html#Viewing_and_Configuring_Log_Files-Defining_a_Log_File_Rotation_Policy
without using command line tools
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnconfig-nsslapd_accesslog_maxlogsize_Access_Log_Maximum_Log_Size
Regards,
Josh.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Josh
2017-03-29 18:05:57 UTC
Permalink
Hi Mark,

Thanks for responding.

Essentially I would like to change access log file size from 100Meg to
10Meg and change number of log files down to 5 for example.

Regards,
Josh.
Post by Mark Reynolds
Post by Josh
Greetings,
I wonder if possible to use 389-console with default IPA installation
on REHL 7.
This should be technically possible, but it has its risks... You would
need to install the 389-admin/console packages, then you would have to
register your DS instance using register-ds-admin.pl - which adds the
"o=netscaperoot" suffix/backend to the server. This backend is what the
console uses to render the UI.
I've never tried this with IPA before, and it would have other
implications. You'd have to exclude the o=netscaperoot suffix from the
retro changelog, and possibly other plugin adjustments as well. Sorry I
don't know IPA that well, so perhaps others on this list could comment
on other pitfalls you might run into with the added backend.
Post by Josh
Primarily reason is to alter log settings
Really this isn't that hard from the CLI perspective. You could write
a simple shell script for changing log levels - I could help you with
that if need be.
Mark
Post by Josh
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Configuring_Logs.html#Viewing_and_Configuring_Log_Files-Defining_a_Log_File_Rotation_Policy
without using command line tools
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnconfig-nsslapd_accesslog_maxlogsize_Access_Log_Maximum_Log_Size
Regards,
Josh.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Mark Reynolds
2017-03-29 20:55:12 UTC
Permalink
Post by Josh
Hi Mark,
Thanks for responding.
Essentially I would like to change access log file size from 100Meg to
10Meg and change number of log files down to 5 for example.
All you need to do is something like:

ldapmodify -p PORT -h HOST - D "cn=directory manager" -w PASSWORD
dn: cn=config
changetype: modify
replace: ATTR
ATTR: NEWVALUE

Example

ldapmodify -p 389 -h localhost - D "cn=directory manager" -w SECRET123
dn: cn=config
changetype: modify
replace: nsslapd-accesslog-maxlogsize
nsslapd-accesslog-maxlogsize: 10


Here are the attributes in question you are probably interested in:

nsslapd-accesslog-maxlogsize
nsslapd-accesslog-maxlogsperdir
nsslapd-errorlog-level

See this link for the log levels:

https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Configuration_Command_and_File_Reference/error-logs.html#error-logs-levels

HTH,
Mark
Post by Josh
Regards,
Josh.
Post by Mark Reynolds
Post by Josh
Greetings,
I wonder if possible to use 389-console with default IPA installation
on REHL 7.
This should be technically possible, but it has its risks... You would
need to install the 389-admin/console packages, then you would have to
register your DS instance using register-ds-admin.pl - which adds the
"o=netscaperoot" suffix/backend to the server. This backend is what the
console uses to render the UI.
I've never tried this with IPA before, and it would have other
implications. You'd have to exclude the o=netscaperoot suffix from the
retro changelog, and possibly other plugin adjustments as well. Sorry I
don't know IPA that well, so perhaps others on this list could comment
on other pitfalls you might run into with the added backend.
Post by Josh
Primarily reason is to alter log settings
Really this isn't that hard from the CLI perspective. You could write
a simple shell script for changing log levels - I could help you with
that if need be.
Mark
Post by Josh
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Administration_Guide/Configuring_Logs.html#Viewing_and_Configuring_Log_Files-Defining_a_Log_File_Rotation_Policy
without using command line tools
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/Configuration_Command_and_File_Reference/Core_Server_Configuration_Reference.html#cnconfig-nsslapd_accesslog_maxlogsize_Access_Log_Maximum_Log_Size
Regards,
Josh.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Lukas Slebodnik
2017-03-31 14:38:51 UTC
Permalink
Post by Josh
Hi Mark,
Thanks for responding.
Essentially I would like to change access log file size from 100Meg to 10Meg
and change number of log files down to 5 for example.
If you are a vi-user then you can try to use ldapvi.
It can even shouw you ldif which can be used with ldapmodify.

LS
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Josh
2017-04-02 23:46:26 UTC
Permalink
Post by Lukas Slebodnik
Post by Josh
Hi Mark,
Thanks for responding.
Essentially I would like to change access log file size from 100Meg to 10Meg
and change number of log files down to 5 for example.
If you are a vi-user then you can try to use ldapvi.
It can even shouw you ldif which can be used with ldapmodify.
Thank you, Lukas! ldapvi is an excellent tool! Problem solved.

Josh.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Loading...