LDAP issue on EDINA IdP means logins fail

[alexstuart]

Flow is: SP -> IdP login page -> Error: script could not be run. After restarting slapd, the login succeds (and uses an IdP session created during the first, failed login).

Authentication suceeds:

08:23:36.881 - INFO [edu.vt.middleware.ldap.jaas.JaasAuthenticator:176] - Authentication succeeded for dn: cn=Alex Stuart,ou=Users,dc=cobweb,dc=local

But the attribute resolution fails:

08:23:40.781 - DEBUG [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:363] - LDAP data connector myLDAP - Retrieving attributes from LDAP
...
08:24:00.679 - DEBUG [edu.vt.middleware.ldap.handler.FqdnSearchResultHandler:95] - Ignoring naming exception
javax.naming.TimeLimitExceededException: [LDAP: error code 3 - Timelimit Exceeded]
08:24:00.707 - ERROR [edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition.ScriptedAttributeDefinition:135] - ScriptletAttributeDefinition cobwebUserId unable to execute script
javax.script.ScriptException: sun.org.mozilla.javascript.EcmaError: ReferenceError: "uid" is not defined.

[alexstuart]

Turns out restarting slapd is only a temporary measure as the subsequent logins fail.

[alexstuart]

... and slapd is not logging to /var/log/slapd/slapd.log.

• it was logging until Oct 9 14:23:27, since then only kernel and rsyslogd have been logging to this file
• no yum updates on that day (nothing substantial until glibc in January)
• Significant logging on Jan 28 when updated to RHEL 6.6

[root@cobweb-idp slapd]# grep slapd /etc/rsyslog.conf 
local4.*                                                /var/log/slapd/slapd.log
[root@cobweb-idp slapd]# chkconfig --list rsyslog
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
[root@cobweb-idp slapd]# chkconfig --list slapd
slapd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
[root@cobweb-idp slapd]# ls -l /var/log/slapd/slapd.log 
-rw-rw----. 1 ldap root 254513 Apr 12 22:47 /var/log/slapd/slapd.log

• /bin/logger doesn't append to logs

So... first get syslog working, then find out why slapd timing out...