Troubleshooting LDAP Connections

As with most Mac OS X Server troubleshooting, you should start troubleshooting LDAP connections by reading the log files, specifically /var/log/system.log and the DirectoryServer logs in /Library/Logs/DirectoryServices.

Next run the LDAP server process, slapd, in debug mode. First stop the LDAP server by killing the slapd process. Then start it from the command line:

sudo /usr/libexec/slapd -d 99

This will now run the LDAP server and display all transactions and errors to the Terminal window. If you would like even more information, increase the value after -d.

You can also enable LDAP logging with

sudo slapconfig -enableslapdlog

which will allow slapd to log to /var/log/slapd.log.

You can also add logging options to the slapd.conf configuration file using the loglevel directive. Adding the numbers will add the output to the log file for that item.

loglevel <integer>

Another troubleshooting technique is to use an LDAP browser utility to view the contents of your LDAP database. If you do this from a client computer, you will be able to test all aspects of the client/server LDAP connection.

Also, keep in mind that the Inspector function of Workgroup Manager will also allow you to browse the LDAP database on the server and make changes as appropriate.

With Mac OS X Server, LDAP provides the advantages of industry standards, compatibility, and industry know-how. Apple has not merely taken OpenLDAP and added it to its list of features, but has gone the next step, integrating it into the entire Open Directory architecture. Additional tools, schema definitions, and configuration files have been added to make the management of an LDAP architecture as painless as possible. Mac OS X Server is a prominent player in the LDAP server arena.