How to enable debug logging for LDAP Extended Module in Wildfly

Question

How can I enable debug/trace logging in WildFly 10 for the LdapExtended module?

The module is created like the following:

<security-domain name="LDAPAuth">
    <authentication>
        <login-module code="LdapExtended" flag="required">
            <module-option name="java.naming.provider.url" value="..."/>
            <module-option name="bindDN" value="..."/>
            <module-option name="bindCredential" value="..."/>
            <module-option name="baseCtxDN" value="..."/>
            <!-- ... more configuration goes here -->
        </login-module>
    </authentication>
</security-domain>

I tried the following configuration but I get no log outputs. My LDAP configuration is not performing the authentication properly and I can't debug.

<subsystem xmlns="urn:jboss:domain:logging:3.0">
    <!-- ... -->
    <logger category="org.jboss.security">
        <level name="DEBUG"/>
    </logger>
    <logger category="com.sun.jndi.ldap">
        <level name="DEBUG"/>
    </logger>
</subsystem>

Answer 1

By default the console handler is only set to show INFO and higher messages. If you change the console handler level you can see the debug messages on the console as well.

I'd also not advise changing the XML. You can configure all this with the web console or in CLI and no reboot of the server will be required. In other words the changes can be made at runtime.

Here are the CLI commands you'd need to configure the logging you're looking for.

/subsystem=logging/logger=org.jboss.security:add(level=DEBUG)
/subsystem=logging/logger=com.sun.jndi.ldap:add(level=DEBUG)
/subsystem=logging/console-handler=CONSOLE:write-attribute(name=level, value=DEBUG)