Obtaining LDAP debugging information
Problem
I need to debug why LDAP search is not working but have no access to view my LDAP server’s logs.
Solution
Enable the debug logging for the LDAP library that is used by the HiveMQ Enterprise Security extension to communicate with LDAP servers.
In the /opt/hivemq/bin/run.sh insert the lines
... ############## VARIABLES JAVA_OPTS="$JAVA_OPTS -Dcom.unboundid.ldap.sdk.debug.enabled=true" JAVA_OPTS="$JAVA_OPTS -Dcom.unboundid.ldap.sdk.debug.level=FINEST" JAVA_OPTS="$JAVA_OPTS -Dcom.unboundid.ldap.sdk.debug.type=LDAP" ...Stop and restart the HiveMQ
Then we get the logs like these, detailing LDAP requests and responses
2025-11-17 16:16:04,858 INFO com.unboundid.ldap.sdk - { "timestamp":"2025-11-17T15:16:04.858Z", "debug-type":"ldap", "level":"INFO", "thread-id":641, "thread-name":"managed-extension-executor-291,mkOzu", "connection-id":1, "connected-to-address":"localhost", "connected-to-port":389, "socket-timeout-millis":10000, "message-id":3, "sending-ldap-request":"SearchRequest(baseDN='OU=clients,OU=dmz,OU=MQTT,dc=ot,dc=imec,dc=be', scope=SUB, deref=SEARCHING, sizeLimit=2, timeLimit=10, filter='(CN=MQTT-Client-Test)', attrs={memberOf})", "ldap-sdk-version":"7.0.3", "ldap-sdk-revision":"b2dd76df6eebef961e35c4bc17912600a5db7eba" }