Re: cn=Log,cn=Monitor (was: Open LDAP and SNMP)

["Pierangelo Masarati" <ando@sys-net.it>]

> Hi,
>
> "Pierangelo Masarati" <ando@sys-net.it> writes:
>
>>> Pierangelo Masarati wrote:
> [...]
>> I don't remenber if a rootdn/rootpw is honored by the
>> backend; however it'd be of little use; my usual strategy
>> is to add ACLs that allow regular users belonging to other
>> databases to operate on monitor entries.  Note that
>> changing log level affects only syslog writings and not
>> debugging output as a design choice.
>
> rootdn/rootpw doesn't work as there ist no suffix declaration for this
> backend,

actually, there is, but it is implicitly made
when the database is defined.  In future devel,
we may have the suffix be set to a user defined
value, which is stored in monitorContext
in root DSE.

> but ACLs work fine.

I checked out, and rootdn/roopw work fine together
with ACLs; try

database        monitor
rootdn          cn=Manager,cn=Monitor
rootpw          secret
access to * by * none

and you'll see that only rootdn can monitor the system :)

p.


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it