[Date Prev][Date Next]
Re: Questions about the Monitor Backend
Thierry Lacoste wrote:
On 9 mai 09, at 08:06, Howard Chu wrote:
The admin guide says:
A monitor (slapd-monitor(5)) now needs a rootdn entry. If you do not
have one, slapd will fail to start up with an error message like so:
unable to find entry
backend_startup_one: bi_db_open failed! (1)
slap_startup failed (test would succeed using the -u switch)
Am I the only one to not experience this? Or is it going to happen
somewhere in the 2.4 series?
If your default ACL allows general read access to cn=monitor, then you won't
see any problems. If you define ACLs to restrict access to cn=monitor, then
you'll need to define a rootdn.
Actually, I'm pretty sure this has been true since at least 2004.
In the "Monitor" section of the admin guide, the example reads:
The choice of the rootdn seems much more intuitive
Seems less intuitive to me... "root" means the base / origin /
trunk / whatever. Calling something that is clearly *below* the root
the "rootdn" is nonsensical. The fact that it's been standard
practice for others says to me that those other folks' brains were
muddled when they defined all these things.
So I guess you would say the same thing about this example which is
Yes. Just because it's ubiquitous doesn't mean it's right. The main reason we
still have so much work to do in the OpenLDAP Project is because so much of
the work in LDAP that came before us was wrongheaded to begin with. (E.g.,
everywhere it intentionally diverged from X.500, for starters...)
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/