How can I debug the DXadmind daemon running on my CA Directory hosts?
search cancel

How can I debug the DXadmind daemon running on my CA Directory hosts?

book

Article ID: 52808

calendar_today

Updated On:

Products

CA Directory CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting

Issue/Introduction

Description:

The DXadmind administrative daemon has a specific set of debug levels that determine what types of debug information will be written to it's log file. This techdoc details those debug levels and illustrates how the debug information it written to the dxadmind log file.

Solution:

There are two ways that you can specify debug levels for your DXadmind administrative daemon processes.

  1. You can set the DXadmind debug levels from within the DXmanager configuration GUI. Edit the configuration and then modify the logging levels for the DXadmind process via the Backbone Defaults section. Note: Modifying the backbone defaults will impact ALL DXadmind processes.

  2. If you want to configure debugging for a specific server, follow the process below.

The DXadmind process has debug levels for each type of information required. They are:

-1enable all debugging
0no debugging
1trace function calls
2debug packet handling
4heavy trace debugging
8connection management
16print out packets sent and received
32search filter processing
64configuration file processing
128access control list processing
256stats log connections/operations/results
512stats log entries sent
1024print communication with shell backends
2048print entry parsing debugging

Setting "dxadmind debug 128" outputs all ACL related processing. E.g:

registerACL (DXmanager host) internal line 0 = '
registerACL (DXmanager host) internal line 0 = '
arg=0: access
arg=0: access
arg=1: to
arg=1: to
arg=2: *
arg=2: *
arg=3: by
arg=3: by
arg=4: dn.subtree=cn=Internal Thread
arg=4: dn.subtree=cn=Internal Thread
arg=5: write
arg=5: write
arg=6: by
arg=6: by
arg=7: tls_ssf=128
arg=7: tls_ssf=128
arg=8: users
arg=8: users
arg=9: peername.ip=aaa.bbb.ccc.ddd
arg=9: peername.ip=aaa.bbb.ccc.ddd
arg=10: write
arg=10: write
'
'
20090805.075741.390 OPERATION: DXadmind Server Starting - Configuration version=
26, status=Encrypted
=> access_allowed: search access to "cn=dxadmind" "cn" requested
Global ACL: access to *
    by dn.subtree="cn=internal thread" write
    by users peername.ip="aaa.bbb.ccc.ddd" tls_ssf=128 write
 
=> access_allowed: search access to "cn=dxadmind" "cn" requested
=> acl_get: [1] attr cn
=> acl_get: [1] attr cn
=> acl_mask: access to entry "cn=dxadmind", attr "cn" requested
=> acl_mask: access to entry "cn=dxadmind", attr "cn" requested
=> acl_mask: to value by "cn=status,cn=internal thread", (=0)
=> acl_mask: to value by "cn=status,cn=internal thread", (=0)
<= check a_dn_pat: cn=internal thread
<= check a_dn_pat: cn=internal thread
<= acl_mask: [1] applying write(=wrscxd) (stop)
<= acl_mask: [1] applying write(=wrscxd) (stop)
<= acl_mask: [1] mask: write(=wrscxd)
<= acl_mask: [1] mask: write(=wrscxd)
=> access_allowed: search access granted by write(=wrscxd)
=> access_allowed: search access granted by write(=wrscxd)
=> access_allowed: search access to "cn=config,cn=dxadmind" "cn" requested
=> access_allowed: search access to "cn=config,cn=dxadmind" "cn" requested
=> acl_get: [1] attr cn
=> acl_get: [1] attr cn
=> acl_mask: access to entry "cn=config,cn=dxadmind", attr "cn" requested
=> acl_mask: access to entry "cn=config,cn=dxadmind", attr "cn" requested
=> acl_mask: to value by "cn=status,cn=internal thread", (=0)
=> acl_mask: to value by "cn=status,cn=internal thread", (=0)

Setting "dxadmind debug 8" shows all connection debug information:

20090805.080109.296 OPERATION: DXadmind Server Starting - Configuration version=
26, status=Encrypted
daemon: added 1736r
daemon: added 1736r
daemon: added 1728r
daemon: added 1728r
daemon: added 1720r
daemon: added 1720r
daemon: select: listen=1728 active_threads=0 tvp=NULL
daemon: select: listen=1728 active_threads=0 tvp=NULL
daemon: select: listen=1720 active_threads=0 tvp=NULL
daemon: select: listen=1720 active_threads=0 tvp=NULL
daemon: shutdown requested and initiated.
daemon: shutdown requested and initiated.
daemon: closing 1728
daemon: closing 1728
daemon: closing 1720
daemon: closing 1720
slapd shutdown: waiting for 0 threads to terminate
slapd shutdown: waiting for 0 threads to terminate
20090805.080113.125 OPERATION: DXadmind Server Stopping
dxadmind stopped.
dxadmind stopped.

Setting "dxadmind debug" with no parameters invokes "-1" debugging which is everything.

When the "dxadmind debug" command is executed, there will be no output to the command window/shell. All information will be output to the DXadmind.log in the DXHOME/logs folder.

To terminate the debug tracing, click the CNTL + C keys. This will shutdown the debug tracing.

Environment

Release:
Component: ETRDIR
Powered by Wolken Software