[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Monitor Backend



A 08:51 07/01/2003 +0100, Pierangelo Masarati a écrit :

>> Hi,
>> I'm using OpenLDAP-2.1.3 and i have added a "database monitor"
>> directive to my slapd.conf, which works fine. But when adding a rootdn
>> and rootpw directive, slapd complains with "rootpw can only
>> be set when rootdn is under suffix", but the README says:
>> -.-.-.-.-.-.-.--.-.-.-.-.-.-.-.-.-.-.-.-
>>  the backend supports the rootdn/rootpw
>> directives (only simple bind at present).
>> -.--.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
>> and
>> -.-.-.-.-.-.--.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
>> The suffix "cn=Monitor" is implicitly activated (it cannot be given  as
>> a suffix of the database as usually done for conventional
>> backends).
>> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
>>
>> How can i bind to the backend, as i dont't want world read access.
>
>Dunno about 2.1.3, didn't go that far; with 2.1.10/HEAD
>it works fine:
>
><slap.conf>
>database monitor
>rootdn  "cn=administrator,cn=monitor"
>rootpw  secret
></slap.conf>
>
>BTW, note that you don't need to use the rootdn to protect
>your monitor backend; sinte it supports regular ACL, you can
>add "access" directives that refer to entries in other
>databases (assuming your configuration includes other databases).

I Use 2.1.11, and if I use the directives 'rootdn' and 'rootpwd' for the monitor, slapd can't start :
slapd.conf: line 57: rootdn DN is invalid

If I don't use these directives for the monitor, the monitor works

Here is my config :
database        monitor
rootdn          "cn=administrator,cn=monitor";
rootpw          ******

database        ldbm
suffix          "ou=etudiants,dc=univ-nancy2,dc=fr" 
subordinate
directory       /home/ldap/ldap392/dataEtud
rootdn          "cn=******,ou=etudiants,dc=univ-nancy2,dc=fr"
rootpw          ******

database        ldbm
suffix          "ou=pers,dc=univ-nancy2,dc=fr" 
subordinate
directory       /home/ldap/ldap392/dataPers
rootdn          "cn=******,ou=pers,dc=univ-nancy2,dc=fr"
rootpw          ******

database        ldbm
suffix          "dc=univ-nancy2,dc=fr"
directory       /home/ldap/ldap392/dataRoot
rootdn          "cn=******,dc=univ-nancy2,dc=fr"
rootpw          ******


Vincent

-- 
Vincent MATHIEU                 
CRI - Universite NANCY 2            | Email : Vincent.Mathieu@univ-nancy2.fr
Pole Lorrain de Gestion             | Tel   : (33) 03.83.39.64.06
13, Rue Michel Ney - C.O. 75        | Fax   : (33) 03.83.39.64.43
54013 Nancy Cedex.   FRANCE