How to adjust the Identity Manager Provisioning Server transaction logging level in SecureCloud environment

book

Article ID: 40638

calendar_today

Updated On:

Products

CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Summary:

There is no Jxplorer in our SecureCloud environment, how do we adjust the Identity Manager Provisioning Server transaction logging level for troubleshooting purpose?

Background:

There is an instruction in SecureCloud guide about how to adjust Provisioning Server transaction logging level via Jxplorer, however a cspadmin user could be unable to install Jxplorer in a SecureCloud production environment. Hence we need a way to adjust the Provisioning Server transaction logging level on command line.


Instructions:

Please perform the following on the primary IM Provisioning Server to adjust the Provisioning Server Transaction logging level:

  1. Download impsloglevel1.ldif and impsloglevel2.ldif, put the 2 ldif files in /opt/CA/IdentityManager/ProvisioningServer/

  2. Edit impsloglevel2.ldif, search tenantname on the first line, replace it with the real tenant name.
  3. Run the following 2 commands and note the eTConfigParamValue values which are the current setting of the logging level

    ./ldapsearch -h localhost -p 20389 -b 'eTConfigParamName=Level,eTConfigParamFolderName=Transaction Log,eTConfigParamContainerName=Parameters,eTConfigContainerName=Configuration,eTNamespaceName=CommonObjects,dc=im,dc=eta' -D 'cn=etaserver,dc=eta' -W '(objectclass=*)' eTConfigParamValue
    ./ldapsearch -h localhost -p 20389 -b 'eTConfigParamName=Level,eTConfigParamFolderName=Transaction Log,eTConfigParamContainerName=Parameters,eTConfigContainerName=Configuration,eTNamespaceName=CommonObjects,dc=im,dc=TENANTKEY:<tenant name>:,dc=eta' -D 'cn=etaserver,dc=eta' -W '(objectclass=*)' eTConfigParamValue

    Note: please replace <tenant name> on the command line above with the real tenant name

     

  4. Run the following commands to apply the changes

    sudo su - imps
    cd /opt/CA/IdentityManager/ProvisioningServer/bin
    ./ldapmodify -h localhost -p 20389 -D 'cn=etaserver,dc=eta'  -W -f ~/impsloglevel1.ldif
    ./ldapmodify -h localhost -p 20389 -D 'cn=etaserver,dc=eta'  -W -f ~/impsloglevel2.ldif

  5. Run the following 2 commands and check the output which should contain eTConfigParamValue: 7

    ./ldapsearch -h localhost -p 20389 -b 'eTConfigParamName=Level,eTConfigParamFolderName=Transaction Log,eTConfigParamContainerName=Parameters,eTConfigContainerName=Configuration,eTNamespaceName=CommonObjects,dc=im,dc=eta' -D 'cn=etaserver,dc=eta' -W '(objectclass=*)' eTConfigParamValue
    ./ldapsearch -h localhost -p 20389 -b 'eTConfigParamName=Level,eTConfigParamFolderName=Transaction Log,eTConfigParamContainerName=Parameters,eTConfigContainerName=Configuration,eTNamespaceName=CommonObjects,dc=im,dc=TENANTKEY:<tenant name>,dc=eta' -D 'cn=etaserver,dc=eta' -W '(objectclass=*)' eTConfigParamValue

    Note: please replace <tenant name> on the command line above with the real tenant name

     

  6. After the troubleshooting, please edit impsloglevel1.ldif and impsloglevel2.ldif and adjust the eTConfigParamValue to the original values noted on step 3, and run the following 2 commands to restore the original values

    ./ldapmodify -h localhost -p 20389 -D 'cn=etaserver,dc=eta'  -W -f ~/impsloglevel1.ldif
    ./ldapmodify -h localhost -p 20389 -D 'cn=etaserver,dc=eta'  -W -f ~/impsloglevel2.ldif

Additional Information: 

Environment

Release: CLDIDM99000-1.5-Identity Manager SaaS-for Business Users
Component:

Attachments

1558534426302TEC2984410.zip get_app