[Date Prev][Date Next] [Chronological] [Thread] [Top]

"database monitor" documentation

To: openldap-bugs@openldap.org
Subject: "database monitor" documentation
From: Dan Pritts <danno@internet2.edu>
Date: Mon, 27 Jun 2011 13:07:37 -0400
Content-disposition: inline
User-agent: Mutt/1.5.20 (2009-06-14)

Hi,

Looking for docs for the monitor datbase backend, i found this:


http://www.openldap.org/devel/admin/monitoringslapd.html

Like most other database backends, the monitor backend does honor
slapd(8) access and other administrative controls. As some monitor
information may be sensitive, it is generally recommend access to
cn=monitor be restricted to directory administrators and their
monitoring agents. Adding an access directive immediately below the
database monitor directive is a clear and effective approach for
controlling access. For instance, the addition of the following
access directive immediately below the database monitor directive
restricts access to monitoring information to the specified directory
manager.

        access to *
                by dn.exact="cn=Manager,dc=example,dc=com
                by * none

I have misunderstood acl and database config before, but I assume
that the ACL here is in error, and something like this from
slapd-monitor(5) is appropriate:

              access to dn.subtree="cn=Monitor"
                   by dn.exact="uid=Admin,dc=my,dc=org" write
                   by users read
                   by * none


Assuming I'm correct please update the web docs & let me know.  

thanks!
danno
--
Dan Pritts, Sr. Systems Engineer
Internet2
office: +1-734-352-4953 | mobile: +1-734-834-7224

Follow-Ups:
- Re: "database monitor" documentation
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: (ITS#6870) Undefined reference to ber_* with 2.4.24
Next by Date: RE: (ITS#6828) TLS fails to start when LDAP_OPT_CONNECT_ASYNC is used
Index(es):
- Chronological
- Thread