[Date Prev][Date Next] [Chronological] [Thread] [Top]

"database monitor" documentation


Looking for docs for the monitor datbase backend, i found this:


Like most other database backends, the monitor backend does honor
slapd(8) access and other administrative controls. As some monitor
information may be sensitive, it is generally recommend access to
cn=monitor be restricted to directory administrators and their
monitoring agents. Adding an access directive immediately below the
database monitor directive is a clear and effective approach for
controlling access. For instance, the addition of the following
access directive immediately below the database monitor directive
restricts access to monitoring information to the specified directory

        access to *
                by dn.exact="cn=Manager,dc=example,dc=com
                by * none

I have misunderstood acl and database config before, but I assume
that the ACL here is in error, and something like this from
slapd-monitor(5) is appropriate:

              access to dn.subtree="cn=Monitor"
                   by dn.exact="uid=Admin,dc=my,dc=org" write
                   by users read
                   by * none

Assuming I'm correct please update the web docs & let me know.  

Dan Pritts, Sr. Systems Engineer
office: +1-734-352-4953 | mobile: +1-734-834-7224