Debugging ACI issues for PingDirectory

If the PingDirectory server doesn’t behave as expected for its access control configuration, you can use the Debug ACI Logger to get detailed information about the server’s access control decisions.

Do not enable this logger on a production server unless instructed to do so by Ping Identity Support. The server can write huge amounts of data to this file on a busy production server.

Learn more in Troubleshooting ACI evaluation for PingDirectory.

To enable the Debug ACI Logger, run the following command:

$ bin/dsconfig set-log-publisher-prop \
     --publisher-name "Debug ACI Logger" \
     --set enabled:true

After you enable this logger, it records information about its access control decisions to the logs/debug-aci file.