Setting Options

olcLogFile: <filename>
Specify  a file for recording slapd debug messages. These messages are unrelated to messages exposed by the olcLogLevel configuration parameter. This setting only affects the slapd daemon and has no effect on the command line tools. By default these messages only go to stderr and are not recorded anywhere else.  Specifying a logfile copies messages to both stderr and the logfile.

olcLogFileFormat: debug | syslog-utc | syslog-localtime
Specify the prefix format for messages written to the logfile. The debug format is the normal format used for slapd debug messages, with a timestamp in hexadecimal, followed by a thread ID.  The other options are to use  sys‐log(3) style prefixes, with timestamps either in UTC or in the local timezone. The default is debug format.

olcLogFileOnly: TRUE | FALSE
Specify that debug messages should only go to the configured logfile, and not to stderr.

olcLogFileRotate: <max> <Mbytes> <hours>
Specify  automatic  rotation  for  the configured logfile as the maximum number of old logfiles to retain, a maximum size in megabytes to allow a logfile to grow before rotation, and a maximum age in hours for a logfile to be used before rotation. The maximum number must be in the range 1-99.  Setting Mbytes or hours to zero disables the size or age check, respectively.  At least one of Mbytes or hours must be non-zero. By default no automatic rotation will be performed.

olcLogLevel: <integer> [...]
Specify  the  level at which debugging statements and operation statistics should be syslogged (currently logged to the syslogd(8) LOG_LOCAL4 facility.) They must be considered subsystems rather than     increasingly verbose log levels.  Some messages with higher priority are logged regardless of the configured loglevel as soon as any logging is configured.  Log levels are additive, and available levels are:

Implementing Logging

Create an LDIF for the logging option:

vi /tmp/logging.ldif

dn: cn=config
changetype: modify
add: olcLogFile
olcLogFile: /var/log/slapd.log       #(or the location of you choosing)
-
add: olcLogFileOnly
olcLogFileOnly: TRUE
-
add: olcLogFileFormat
olcLogFileFormat: syslog-utc         #(if your logs are in local time, use syslog-localtime)
-
add: olcLogFileRotate
olcLogFileRotate: 99 1000 24         #99 old logfiles will be retain, 1000 MBs of data will be allowd until a rotation, 24 hours will elapse for a rotation
-
add: olcLogLevel
olcLogLevel: sync stats
-

Add the logging options:

​ldapmodify -H ldap:/// -D cn=config -W -f logging.ldif

SELinux Recommendation

If running as a non-root user, maintainers need to create a new folder under /var/log to accommodate the logs.  

For example, "/var/log/openldap/slapd.log"

Make the appropriate changes to the ldif:

​olcLogFile:  /var/log/openldap/slapd.log

Also update the directory permissions to chown to slapd user:

​chown openldap:openldap /var/log/openldap

This works for both Debian and RHEL packages, but Debian users can store the file anywhere on the machine (assuming it has file permissions), where RHEL users must store under /var/log, unless changes are made to the SELinux policy.