[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Monitor Backend



> Hi,
> I'm using OpenLDAP-2.1.3 and i have added a "database monitor"
> directive to my slapd.conf, which works fine. But when adding a rootdn
> and rootpw directive, slapd complains with "rootpw can only
> be set when rootdn is under suffix", but the README says:
> -.-.-.-.-.-.-.--.-.-.-.-.-.-.-.-.-.-.-.-
>  the backend supports the rootdn/rootpw
> directives (only simple bind at present).
> -.--.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
> and
> -.-.-.-.-.-.--.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
> The suffix "cn=Monitor" is implicitly activated (it cannot be given  as
> a suffix of the database as usually done for conventional
> backends).
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
>
> How can i bind to the backend, as i dont't want world read access.

Dunno about 2.1.3, didn't go that far; with 2.1.10/HEAD
it works fine:

<slap.conf>
database monitor
rootdn  "cn=administrator,cn=monitor"
rootpw  secret
</slap.conf>

BTW, note that you don't need to use the rootdn to protect
your monitor backend; sinte it supports regular ACL, you can
add "access" directives that refer to entries in other
databases (assuming your configuration includes other databases).

P.M.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it