[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4965) slapd stops if access to cn=monitor is restricted

Full_Name: Ali Pouya
Version: 2.2.4alpha
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

If I include the monitor back-end in my configuration I have to add the
following access rule as well :

access to dn.sub="cn=monitor" by * read

Otherwise slapd stops with the log reproduced below (my access rules include
"access to * by * none").

I can send more information if required.
Thanks and best regards

Log extract :
>>> dnPretty: <c=fr>
=> ldap_bv2dn(c=fr,0)
<= ldap_bv2dn(c=fr)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(c=fr)=0
<<< dnPretty: <c=fr>
>>> dnNormalize: <c=fr>
=> ldap_bv2dn(c=fr,0)
<= ldap_bv2dn(c=fr)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(c=fr)=0
<<< dnNormalize: <c=fr>
end get_filter 0
=> monitor_back_search
=> access_allowed: search access to "cn=Databases,cn=Monitor" "entry" requested
=> acl_get: [2] attr entry
=> acl_mask: access to entry "cn=Databases,cn=Monitor", attr "entry" requested
=> acl_mask: to all values by "", (=0)
<= check a_dn_pat: cn=admin,ou=internal,ou=min,o=gouv,c=fr
<= check a_dn_pat: cn=connecteur,ou=internal,ou=min,o=gouv,c=fr
<= check a_dn_pat: cn=sync,ou=internal,ou=min,o=gouv,c=fr
<= check a_dn_pat: ou=applications,ou=external,ou=min,o=gouv,c=fr
<= check a_dn_pat: *
<= acl_mask: [5] applying none(=0) (stop)
<= acl_mask: [5] mask: none(=0)
=> slap_access_allowed: search access denied by none(=0)
=> access_allowed: no more rules
send_ldap_result: conn=-1 op=0 p=0
send_ldap_result: err=32 matched="" text=""
monitor_back_register_entry_attrs(""): base="cn=databases,cn=monitor" scope=one
filter="(namingContexts:distinguishedNameMatch:=c=fr)": unable to find entry

====> bdb_cache_release_all
backend_startup_one: bi_db_open failed! (-1)
slapd shutdown: initiated
====> bdb_cache_release_all
bdb_db_close: alock_close failed
slapd destroy: freeing system resources.
slapd stopped.
connections_destroy: nothing to destroy.