Re: "Upgrading from 2.3.x" section in Changes Appendix for Admin Guide

[Howard Chu <hyc@symas.com>]

Gavin Henry wrote:
> Next one:
>
> [root@suretec openldap]# slaptest
> monitor_back_register_entry_attrs(""): base="cn=databases,cn=monitor"
> scope=one
> filter="(namingContexts:distinguishedNameMatch:=dc=suretecsystems,dc=com)":
> unable to find entry
>
> backend_startup_one: bi_db_open failed! (1)
> slap_startup failed (test would succeed using the -u switch)

Pretty sure you reported this in an ITS a while back. The monitor DB defaults 
to no anonymous read access. You need to define a rootDN for the monitor DB so 
that the registration functions can actually see the tree. (The registration 
ops try to run as the rootDN, but if none is set, that means a zero-length DN, 
i.e. anonymous.)

I think this is a flaw in the design of these registration ops in back-monitor, 
they shouldn't depend on an actual Search operation to get their work done. The 
monitor code ought to be able to directly locate the entry corresponding to a 
given BackendDB pointer, and whatever lookup should not require filter or ACL 
evaluation.
--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/