[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3852) Monitor DB Location in config file

Focusing on the language of slapd.access(5) as quoted in Ando's  
comment above:

     For entries not held in any backend (such as a root  DSE),
     the directives of the first backend (and any global directives)
     are used.

I had similar symptoms and the language in this statement do not seem  
to be supported by experience.

First, I discovered the symptom on 2.2.23. I put the "database  
monitor" statement immediately after my global directives and before  
"database bdb" and put no directives between the two statements. My  
slapd.conf had:

    access to dn='' by * read
    access to dn.subtree='cn=monitor' by * read

defined in the global access directives (before any database  
declaration). This would seem to satisfy the parenthesized  
requirement as being in global directives ... unless I misunderstand.

I decided that it was worth trying to put the appropriate access  
directives into the database directives for monitor and added the two  
above (duplicated). I got the same behaviors as reported in the  
original ITS again.

I moved the "database monitor" statement to the end (after my only  
other database, bdb) and get "correct" behavior both with and without  
access directives for the monitor database.

I would suggest this is either not working as desired or that  
slapd.access(5) and/or slapd-monitor(5) should be changed to reflect  
this behavior.