OpenLDAP – How to Enable Logging in OpenLDAP v2.4

To enable OpenLDAP debugs, you would want to add the following to your slapd.conf

loglevel <level> (eg: stats)

If you do not use slapd.conf, you may then pass that option to the slapd service. In debian/ubuntu, you would find some /etc/default/slapd file, you may update its SLAPD_OPTIONS:

$ grep SLAPD_OPTIONS /etc/default/slapd
SLAPD_OPTIONS="-s 256"

We may then restart slapd:

systemctl restart slapd

Valid slapd log levels would include:

| -1          | Enable all debugging                          |
|  0          | Enable no debugging                           |
|  1          | Trace function calls                          |
|  2          | Debug packet handling                         |
|  4          | Heavy trace debugging                         |
|  8          | Connection management                         |
|  16         | Log packets sent and recieved                 |
|  32         | Search filter processing                      |
|  64         | Configuration file processing                 |
|  128        | Access control list processing                |
|  256        | Stats log connections, operations and results |
|  512        | Stats log entries sent                        |
|  1024       | Log communication with shell backends         |
|  2048       | Log entry parsing debugging                   |

For further details, see http://www.openldap.org/doc/admin24/slapdconfig.html

Besides, as Jeff pointed it out, your syslog configuration looks wrong to begin with.

LOCAL4.*        /var/log/openldap/

Should probably be:

LOCAL4.*        /var/log/openldap/some-file.log

Or:

LOCAL4.*        /var/log/openldap.log