pd.ivc.ira trace for LDAP server interaction

Edit online

The pd.ivc.ira component traces Verify Identity Access interaction with the LDAP server.

The trace helps with determining problems that occur during authentication. This trace can show the following information:
  • The LDAP search path that is used during the search for a user
  • Whether authentication succeeded for the user
  • Whether any policy (for example, password, time-of-day) took effect
This information helps to identify Verify Identity Access problems that originate from the LDAP server. The trace also shows the general interaction with the local user registry cache.

If the trace level is set to 7, approximately 30 lines of trace are produced for every transaction. This trace level mostly shows the authentication process. It can be used to determine whether a DN for the user was successfully located, and whether authentication for the user succeeded.

If the trace level is set to 8, approximately 170 lines of trace are produced for every transaction. In addition to the authentication process, this trace level logs the steps that are involved in validating the user policy. It also shows some interaction with the local user registry cache.

The following sample output is an extract of the trace that is produced during a standard authentication for a trace level of 8. The output shows that the user, scotte, was successfully authenticated and that the DN of the user is cn=Scott Exton,o=ibm,c=au.

Example pd.ivc.ira output (extract) 
...
2007-03-09-14:31:00.329+10:00I----- thread(2) trace.pd.ivc.ira:8 /project/am610/build/am61
0/src/ivrgy/ira_auth.c:1221: CII ENTRY: ira_get_dn_utf8() parm: scotte
...
2007-03-09-14:31:00.329+10:00I----- thread(2) trace.pd.ivc.ira:7 /project/am610/build/am61
0/src/ivrgy/ira_entry.c:2879: ira_ldap_search_ext_s() base: SECAUTHORITY=DEFAULT scope: 2 
filter: (secDomainId=Default%scotte)
2007-03-09-14:31:00.329+10:00I----- thread(2) trace.pd.ivc.ira:7 /project/am610/build/am61
0/src/ivrgy/ira_ldap.c:3009: ira_ldap_search_ext_s(): No timeout - calling ldap_search_ext
_s
2007-03-09-14:31:00.331+10:00I----- thread(2) trace.pd.ivc.ira:7 /project/am610/build/am61
0/src/ivrgy/ira_ldap.c:3029: ira_ldap_search_ext_s: Returning LDAP rc x0
...
2007-03-09-14:31:00.332+10:00I----- thread(2) trace.pd.ivc.ira:8 /project/am610/build/am61
0/src/ivrgy/ira_auth.c:1738: CII ENTRY: ira_authenticate_user3() parm: cn=Scott Exton,o=ib
m,c=au
...
2007-03-09-14:31:00.334+10:00I----- thread(2) trace.pd.ivc.ira:8 /project/am610/build/am61
0/src/ivrgy/ira_auth.c:1596: CII EXIT ira_auth_passwd_compare() with status:  0x00000000
...
2007-03-09-14:31:00.334+10:00I----- thread(2) trace.pd.ivc.ira:8 /project/am610/build/am61
0/src/ivrgy/ira_cache.c:1588: CII EXIT ira_cache_user_get_account_state() with status:  0x
00000000
...
2007-03-09-14:31:00.340+10:00I----- thread(2) trace.pd.ivc.ira:8 /project/am610/build/am61
0/src/ivrgy/ira_auth.c:2160: CII EXIT ira_authenticate_user3() with status:  0x00000000