[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: accesslog overlay and 'logops all', Can't get get cn=Monitor running and problem with ppolicy (pwdAttribute)

Quoting Pierangelo Masarati <ando@sys-net.it>:

> Pierangelo Masarati wrote:
>> Turbo Fredriksson wrote:
>>> Also, I have a problem getting 'cn=Monitor' running.
>> Oops, the internal operation that registers specific per-database
>> monitoring runs an anonymous search in the monitor database, but your
>> ACLs disable anonymous access to the monitor database.  That operation
>> obviously needs to be privileged.
> Actually, the internal search is run as the rootdn, but you didn't
> configure any for the monitor database, while you should.

I never liked that part, that's why I started using Kerberos (so i didn't
have to have rootdn defined).

But can I have different 'rootdn' in my different places (need one for
syncrepl to, right?) with random DN's (that don't exists) without any
password defined in the config file?

Will any ACL's still be honored?

If I understand all this (we've had this discussion previously a while
back - LOONG way back :) this is only for internal use, right?