By default, LemonLDAP::NG uses Apache logs to store user actions and other messages:

  • Error log: all messages emitted by the program, depending on the configured log level
  • Access log: the issuer of each request is identified

The log level can be set with Apache LogLevel parameter. It can be configured globally, or inside a virtual host.

See for more information.

To configure the user identifier in access log, go in Manager, General Parameters > Logging > REMOTE_USER.

LemonLDAP::NG can also use syslog (only for user actions).

In Manager, set syslog facility in General Parameters > Logging > Syslog facility.

The messages are stored with the facilities :

  • info for user actions
  • notice for good authentications or external exchange (SAML, OpenID,…)
  • warn for failed authentications

You can customize logs by redefining userNotice() and userError() methods, directly in lemonldap-ng.ini


userError = sub { my ($self, $message) = @_; ... }
userNotice = sub { my ($self, $message) = @_; ... }