[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Monitor Backend

To: <peter.marschall@mayn.de>
Subject: Re: Monitor Backend
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Tue, 7 Jan 2003 19:27:16 +0100 (CET)
Cc: <ando@sys-net.it>, <dieter@dkluenter.de>, <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <200301071901.29850.peter.marschall@mayn.de>
References: <m3wuli3za4.fsf@marin.l4b.de> <47571.131.175.154.56.1041925878.squirrel@webmail.sys-net.it> <200301071901.29850.peter.marschall@mayn.de>

> Hi,
> On Tuesday 07 January 2003 08:51, Pierangelo Masarati wrote:
>> > Hi,
>> > I'm using OpenLDAP-2.1.3 and i have added a "database monitor"
>> directive to my slapd.conf, which works fine. But when adding a
>> rootdn and rootpw directive, slapd complains with "rootpw can only
>> > be set when rootdn is under suffix", but the README says:
>> > -.-.-.-.-.-.-.--.-.-.-.-.-.-.-.-.-.-.-.-
>> >  the backend supports the rootdn/rootpw
>> > directives (only simple bind at present).
>> > -.--.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
>> > and
>> > -.-.-.-.-.-.--.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.- The
>> suffix "cn=Monitor" is implicitly activated (it cannot be given  as
>> a suffix of the database as usually done for conventional
>> > backends).
>> > -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
>> >
>> > How can i bind to the backend, as i dont't want world read access.
>>
>> Dunno about 2.1.3, didn't go that far; with 2.1.10/HEAD
>> it works fine:
>>
>> <slap.conf>
>> database monitor
>> rootdn  "cn=administrator,cn=monitor"
>> rootpw  secret
>> </slap.conf>
>>
>> BTW, note that you don't need to use the rootdn to protect
>> your monitor backend; sinte it supports regular ACL, you can
>> add "access" directives that refer to entries in other
>> databases (assuming your configuration includes other databases).
>
> IIRC there has been a small change in one of the 2.1.x versions:
> Previously you could have more than one rootdn / rootpw pairs
> even with the same DN
> With the actual versions you are only allowed a rootpw directive
> then the rootdn is below the suffix of the named database
>
> So PMs example will not work any more with a DN of
> "cn=Administrator,c=DE". You can make it work again if youd define the
> rootdn / rootpw pait where it belongs and only have the rootdn directive
> elsewhere
>
> <slapd.conf>
> database ldbm
> suffix "c=DE"
> directory /var/lib/openldap/DE
> rootdn "cn=Administrator,c=DE"
> rootpw secret
>
> database monitor
> rootdn "cn=Administrator,c=DE"
> </slapd.conf>
>
> For me this works even with more than one ldbm database and other
> databases.

I disagree.  I'm currently using HEAD code, and I can have
rootdn/rootpw pairs in monitor database with other databases
defined as well.

P.M.


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

Follow-Ups:
- Re: Monitor Backend
  - From: Peter Marschall <peter.marschall@mayn.de>

References:
- Monitor Backend
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: Monitor Backend
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: Monitor Backend
  - From: Peter Marschall <peter.marschall@mayn.de>

Prev by Date: Re: Monitor Backend
Next by Date: Re: slapd-meta Example Config ?
Index(es):
- Chronological
- Thread