[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cn=Log,cn=Monitor (was: Open LDAP and SNMP)

> Hi,
> "Pierangelo Masarati" <ando@sys-net.it> writes:
>>> Pierangelo Masarati wrote:
> [...]
>> I don't remenber if a rootdn/rootpw is honored by the
>> backend; however it'd be of little use; my usual strategy
>> is to add ACLs that allow regular users belonging to other
>> databases to operate on monitor entries.  Note that
>> changing log level affects only syslog writings and not
>> debugging output as a design choice.
> rootdn/rootpw doesn't work as there ist no suffix declaration for this
> backend,

actually, there is, but it is implicitly made
when the database is defined.  In future devel,
we may have the suffix be set to a user defined
value, which is stored in monitorContext
in root DSE.

> but ACLs work fine.

I checked out, and rootdn/roopw work fine together
with ACLs; try

database        monitor
rootdn          cn=Manager,cn=Monitor
rootpw          secret
access to * by * none

and you'll see that only rootdn can monitor the system :)


Pierangelo Masarati