Question & Answer
Question
In previous version of MDM SE, the logging was handled by a log4j.xml file and in it, we could configure an LDAP appender to capture LDAP related logging information. We do not have the log4j.xml file in v-11 onwards and so how can we enable LDAP logging. OR We are troubleshooting LDAP integration and are running into issues. How can we enable LDAP logging to help us diagnose the problem?
Cause
Prior to v-11, user management was performed IBM InfoSphere Master Data Service through LDAP servers. We had an internal built in LDAP server and had provisions to integrate with MDS directly.
From v11 onwards, all aspects of user management have been deferred to WebSphere including integration with corporate LDAP. In these releases, MDM merely sends requests to WebSphere to certain actions in LDAP like creating, deleting, modifying users, or for retrieving information like which groups it belongs to. Therefore setting up LDAP logging is performed in WebSphere rather than any MDM configuration files.
In these newer versions, the best way to modify logging is from within WebSphere Application Server Administration Console. To modify it, just log into the WAS Admin Console > Troubleshooting > Logs and trace > and Select the server where the operational server is deployed > Diagnostic Trace. Here you will see 2 tabs, Runtime and Configuration. Runtime tab is for changes to take effect immediately whereas changes on the Configuration tab take effect only when the server is restarted. Note that if you change the Runtime tab and not Configuration, then the changes will be reverted back upon restart because the JVM will read from the Configuration tab while starting. The options on either tab is identical; go to Additional Properties and click on the Change log detail levels. Make the necessary changes and click Apply at the bottom of the page to apply the new settings.
Answer
To enable logging, we will need to configure it in WebSphere troubleshooting configuration or runtime tab as discussed above. Normally admnins just append the following trace specification in the text box on the set-up screen:
*=info:com.ibm.ws.security.*=all:com.ibm.websphere.security.*=all:com.ibm.websphere.wim.*=all:com.ibm.wsspi.wim.*=all:com.ibm.ws.wim.*=all
If the problem is with authentication to an Enterprise JavaBean, append the following to the trace specification:
:SASRas=all:ORBRas=all
If the problem is related to security domains, append the following to the trace specification:
:SecurityDomain=all
If the problem is related to Oauth, append the following to the trace specification:
:com.ibm.ws.security.web.*=all:com.ibm.ws.security.oauth20.*=all:com.ibm.oauth.*=all
If the problem is related to SAML, append the following to the trace specification:
:com.ibm.wsspi.wssecurity.*=all:com.ibm.ws.wssecurity.*=all
Click Apply and Save to have the updated settings take effect.
Generally, we do not need all these tracing specifications enabled because we do not leverage some these components be default. Therefore unless you have a custom set-up, simply append the following:
*=info:com.ibm.ws.security.*=all:com.ibm.websphere.security.*=all:com.ibm.websphere.wim.*=all:com.ibm.wsspi.wim.*=all:com.ibm.ws.wim.*=all:SASRas=all:ORBRas=all
The information and error level logging for this feature, they will be included in the regular SystemOut.log file. The resultant trace logs will be created in the trace.log file in the WebSphere logs folder where SystemOut.log is located.
Product Synonym
MDS;Master Data Service;MDM;MDM SE;MDMSE;Master Data Management;IBM Infosphere Master Data Service;MDM Standard Edition;MDM Hybrid Edition;Initiate;Hybrid;Physical MDM;Virtual MDM;Hybrid MDM
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21683165