[Date Prev][Date Next]
Re: (ITS#3852) Monitor DB Location in config file
Focusing on the language of slapd.access(5) as quoted in Ando's
For entries not held in any backend (such as a root DSE),
the directives of the first backend (and any global directives)
I had similar symptoms and the language in this statement do not seem
to be supported by experience.
First, I discovered the symptom on 2.2.23. I put the "database
monitor" statement immediately after my global directives and before
"database bdb" and put no directives between the two statements. My
access to dn='' by * read
access to dn.subtree='cn=monitor' by * read
defined in the global access directives (before any database
declaration). This would seem to satisfy the parenthesized
requirement as being in global directives ... unless I misunderstand.
I decided that it was worth trying to put the appropriate access
directives into the database directives for monitor and added the two
above (duplicated). I got the same behaviors as reported in the
original ITS again.
I moved the "database monitor" statement to the end (after my only
other database, bdb) and get "correct" behavior both with and without
access directives for the monitor database.
I would suggest this is either not working as desired or that
slapd.access(5) and/or slapd-monitor(5) should be changed to reflect