|
Problem(Abstract) |
Collecting data for problems with the IBM® HTTP Server for
LDAP authentication problems. Gathering this MustGather information before
calling IBM support will help you understand the problem and save time
analyzing the data. |
|
|
|
Cause |
Collecting data for problems with the IBM® HTTP Server for
LDAP authentication problems. Gathering this MustGather information before
calling IBM support will help you understand the problem and save time
analyzing the data. |
|
|
Resolving the
problem |
If you have already contacted support, continue to the
component-specific MustGather information. Otherwise, click: MustGather:
Read first for IBM HTTP Server.
LDAP authentication specific MustGather information
The following list of files are needed for debugging two types of LDAP
authentication with IBM HTTP Server:
- LDAP authentication over
non-Secure Socket Layers (SSL)
- LDAP authentication over SSL
- LDAP authentication over non-Secure
Socket Layers (SSL)
- IBM HTTP Server version.
Type one of the following commands to display the full version:
- For Windows®:
- For all releases of V1.3.12, 1.3.19, 1.3.26, 1.3.28,
2.0.42, 2.0.47, 6.0:
- For UNIX®:
- For all releases of V1.3.12, 1.3.19, 1.3.26, 1.3.28:
install_root/bin/httpd
-ver |
|
- For all releases of V2.0.42, 2.0.47, 6.0:
install_root/bin/apachectl -V |
|
- Configuration file:
install_root/conf/httpd.conf |
|
- Error log:
- For Windows:
install_root/logs/error.log |
|
- For UNIX:
install_root/logs/error_log |
|
- Access log:
- For Windows:
install_root/logs/access.log |
|
- For UNIX:
install_root/logs/access_log |
|
- LDAP properties file:
- For Windows:
install_root/conf/ldap.prop |
|
- For UNIX:
install_root/conf/ldap.prop |
|
- LDAP Client version (for example: V3.2.1, 3.2.2, 4.1, and so on).
- Traces: IBM HTTP Server LDAP (non-SSL)
- Stop IBM HTTP Server.
- Clear all logs in the install_root/logs
directory.
- Edit the httpd.conf file. Change Loglevel to
debug.
- Enable LDAP tracing:
- For Windows:
- Create a system variable called:
- Set the value with the name for the log file (for example:
c:\ldaptrace.log).
- Create a system variable called:
- Set the value to 65535.
- For UNIX:
- As the user ID that starts the IBM HTTP Server, create an environment
variable called:
LDAP_TRACE_FILE |
The environment variable can be created in either of these two ways:
- setenv LDAP_TRACE_FILE value (full path and
filename)
csh example:
setenv LDAP_TRACE_FILE
/usr/HTTPServer/logs/ldaptrace_log |
OR
|
- export LDAP_TRACE_FILE=value (full path and
filename)
ksh example:
export
LDAP_TRACE_FILE=/usr/HTTPServer/logs/ldaptrace_log |
|
|
- As the user ID that starts the IBM HTTP Server, create an environment
variable called:
LDAP_DEBUG |
The environment variable can be created in either of these two ways:
- csh example:
setenv LDAP_DEBUG=65535 |
OR
|
- ksh example:
|
- Start IBM HTTP Server.
- Recreate the problem.
- Capture the following:
netstat -na > netstat.out |
|
- Collect the following data files:
- httpd.conf, error_log,
access_log
- netstat.out
- ldaptrace_log
- ldap.prop
- IBM HTTP Server version and LDAP Client version.
- Include the date and time of failure along with the
browser version and the full URL that resulted in the LDAP failure. For
example:
http:
//www.mycompany.com/mystuff/goodies/index.html |
|
- Follow instructions to send
diagnostic information to IBM support.
- LDAP over SSL
- IBM HTTP Server version.
Type one of the following commands to display the full version:
- For Windows:
- For all releases of V1.3.12, 1.3.19, 1.3.26, 1.3.28,
2.0.42, 2.0.47, 6.0:
- For UNIX:
- For all releases of V1.3.12, 1.3.19, 1.3.26, 1.3.28:
install_root/bin/httpd
-ver |
|
- For all releases of V2.0.42, 2.0.47, 6.0:
install_root/bin/apachectl -V |
|
- Configuration file:
install_root/conf/httpd.conf |
|
- Error log:
- For Windows:
install_root/logs/error.log |
|
- For UNIX:
install_root/logs/error_log |
|
- Access log:
- For Windows:
install_root/logs/access.log |
|
- For UNIX:
install_root/logs/access_log |
|
- LDAP properties file:
- For Windows:
install_root/conf/ldap.prop |
|
- For UNIX:
install_root/conf/ldap.prop |
|
- LDAP Client version (for example: V3.2.1, 3.2.2, 4.1, and so on).
- Global Security Kit (GSKit) version.
Type one of the following commands to display the full GSKit version:
- For Windows:
- For all releases of V1.3.12:
/program
files/ibm/gsk4/bin/gsk4ver.exe |
|
- For all releases of V1.3.19, 1.3.26, 2.0.42:
/program
files/ibm/gsk5/bin/gsk5ver.exe |
|
- For all releases of V1.3.28, 2.0.47, 6.0:
/program
files/ibm/gsk7/bin/gsk7ver.exe |
|
- For AIX®:
- For all releases of V1.3.12:
/usr/opt/ibm/gskit/bin/gsk4ver |
|
- For all releases of V1.3.19, 1.3.26, 2.0.42:
/usr/opt/ibm/gskkm/bin/gsk5ver |
|
- For all releases of V1.3.28, 2.0.47, 6.0:
/usr/opt/ibm/gskkm/bin/gsk7ver |
|
- For Solaris™:
- For all releases of V1.3.12:
/opt/ibm/gsk4/bin/gsk4ver |
|
- For all releases of V1.3.19, 1.3.26, 2.0.42:
/opt/ibm/gsk5/bin/gsk5ver |
|
- For all releases of V1.3.28, 2.0.47, 6.0:
/opt/ibm/gsk7/bin/gsk7ver |
|
- For HP-UX:
- For all releases of V1.3.12:
/opt/ibm/gsk4/bin/gsk4ver |
|
- For all releases of V1.3.19, 1.3.26, 2.0.42:
/opt/ibm/gsk5/bin/gsk5ver |
|
- For all releases of V1.3.28, 2.0.47, 6.0:
/opt/ibm/gsk7/bin/gsk7ver |
|
- For Linux®:
- For all releases of V1.3.12:
/usr/local/ibm/gsk4/bin/gsk4ver |
|
- For all releases of V1.3.19, 1.3.26, 2.0.42:
/usr/local/ibm/gsk5/bin/gsk5ver |
|
- For all releases of V1.3.28, 2.0.47, 6.0:
/usr/local/ibm/gsk7/bin/gsk7ver |
|
- Traces: IBM HTTP Server LDAP over SSL
- Stop IBM HTTP Server.
- Clear all logs in the install_root/logs
directory.
- Edit the httpd.conf file:
- Change Loglevel to debug.
- Add SSLTrace directive to the bottom of the
httpd.conf file.
- Enable LDAP tracing:
- For Windows:
- Create the following system variable:
- Set the value with the name for the log file (for example:
c:\ldaptrace.log).
- Create the following system variable:
- Set the value to 65535.
- For UNIX:
- As the user ID that starts the IBM HTTP Server, create an environment
variable called:
LDAP_TRACE_FILE |
The environment variable can be created in either of the two ways:
- setenv LDAP_TRACE_FILE value (full path and
filename)
csh example:
setenv LDAP_TRACE_FILE
/usr/HTTPServer/logs/ldaptrace_log |
OR
|
- export LDAP_TRACE_FILE=value (full path and
filename)
ksh example:
export
LDAP_TRACE_FILE=/usr/HTTPServer/logs/ldaptrace_log |
|
|
- As the user ID that starts the IBM HTTP Server, create an environment
variable called:
LDAP_DEBUG |
The environment variable can be created in either of the two ways:
- csh example:
setenv LDAP_DEBUG=65535 |
OR
|
- ksh example:
|
- Enable GSKit trace:
- For Windows:
- Create the following system variable:
- Set the value with the name for the log file (for example:
c:\gsktrace.log).
- For UNIX:
- As the user ID that starts the IBM HTTP Server create an environment
variable called:
GSK_TRACE_FILE. |
The environment variable can be created in either of the two ways:
- setenv GSK_TRACE_FILE value (full path and
filename)
csh example:
setenv GSK_TRACE_FILE
/usr/HTTPServer/logs/gsktrace_log |
OR
|
- export GSK_TRACE_FILE=value (full path and
filename)
ksh example:
export
GSK_TRACE_FILE=/usr/HTTPServer/logs/gsktrace_log |
|
|
- Start IBM HTTP Server.
- Recreate the problem.
- Capture the following:
netstat -na > netstat.out |
|
- Collect the following data files:
- httpd.conf, error_log,
access_log
- netstat.out
- ldaptrace_log
- gsktrace_log
- ldap.prop
- IBM HTTP Server version, LDAP Client version, and GSKit
version.
- Include the date and time of failure along with the
browser version and the full URL that resulted in the LDAP failure. For
example:
https:
//www.mycompany.com/mystuff/goodies/index.html |
|
- Follow instructions to send
diagnostic information to IBM support.
For a listing of all technotes, downloads, and educational materials
specific to the LDAP authentication problems, search the IBM
HTTP Server support site. |
|
|
|