We have had intermittent issues with LDAP connectivity, with errors occurring similar to below. We are using MS Active Directory, and the AD team is requesting we provide them with queries that are in progress at the time of the error.

Is there any way to do this?

2023-06-06T14:32:17.749-0400 WARNING 1301 com.l7tech.server.identity.ldap.LdapIdentityProviderImpl: Could not establish context using LDAP URL ldaps://xxx.xxx.net. xxx.xxx.net:636. Caused by: Read timed out

2023-05-17T21:01:43.636-0400 WARNING 488 com.l7tech.server.identity.ldap.LdapIdentityProviderImpl: Could not establish context using LDAP URL ldaps://xxx.xxx.net. ldaps://xxx.xxx.net:636. Caused by: Connection reset

2023-05-31T10:34:40.355-0400 WARNING 315 com.l7tech.server.identity.ldap.LdapIdentityProviderImpl: Could not establish context using LDAP URL ldaps://xxx.xxx.net. Timeout exceeded while waiting for a connection: 5000ms

All supported versions of the CA API Gateway

You can enable further ldap debug via Policy Manager->Tasks->Global Settings->Manage Cluster-Wide Properties

Click on Add, add the following
Key: log.levels
Value:
com.l7tech.level = FINE           (default could be: CONFIG)
com.l7tech.server.identity.level = FINEST
com.l7tech.server.identity.ldap.level = FINEST
In the Policy Manager --> Tasks --> Manage Log/Audit Sinks --> select ssg --> Properties --> set the Severity Threshold to Finest (default could be: INFO).

For any ldap errors it will have the query information logged, such as: 

2023-06-07T19:39:04.780-0400 INFO    692 com.l7tech.server.identity.ldap.LdapIdentityProviderImpl: LDAP search error with filter (&(objectclass=user)(sAMAccountName=xxxxxxxx))