[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Questions about the Monitor Backend

To: Thierry Lacoste <lacoste@miage.univ-paris12.fr>
Subject: Re: Questions about the Monitor Backend
From: Howard Chu <hyc@symas.com>
Date: Sat, 09 May 2009 01:47:25 -0700
Cc: openldap-software@openldap.org
In-reply-to: <01E3A666-1780-4B17-B3FE-E4CB8FB54A94@miage.univ-paris12.fr>
References: <F1CFD9BD-D5AB-4438-BC60-0602A359B2AA@miage.univ-paris12.fr> <4A051D53.2090301@symas.com> <01E3A666-1780-4B17-B3FE-E4CB8FB54A94@miage.univ-paris12.fr>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.1b5pre) Gecko/20090425 SeaMonkey/2.0a1pre Firefox/3.0.3

Thierry Lacoste wrote:

On 9 mai 09, at 08:06, Howard Chu wrote:

The admin guide says:
A monitor (slapd-monitor(5)) now needs a rootdn entry. If you do not
have one, slapd will fail to start up with an error message like so:

             monitor_back_register_entry_attrs(""):
base="cn=databases,cn=monitor" scope=one

filter="(namingContexts:distinguishedNameMatch:=dc=example,dc=com)":
unable to find entry
             backend_startup_one: bi_db_open failed! (1)
             slap_startup failed (test would succeed using the -u switch)

Am I the only one to not experience this? Or is it going to happen
somewhere in the 2.4 series?

If your default ACL allows general read access to cn=monitor, then you won'tsee any problems. If you define ACLs to restrict access to cn=monitor, thenyou'll need to define a rootdn.


Actually, I'm pretty sure this has been true since at least 2004.

In the "Monitor" section of the admin guide, the example reads:
         database monitor
         rootdn "cn=monitoring,cn=Monitor"
         rootpw monitoring

The choice of the rootdn seems much more intuitive


Seems less intuitive to me... "root" means the base / origin /
trunk / whatever. Calling something that is clearly *below* the root
the "rootdn" is nonsensical. The fact that it's been standard
practice for others says to me that those other folks' brains were
muddled when they defined all these things.


So I guess you would say the same thing about this example which is
quite ubiquitous:
          suffix "dc=example,dc=com"
          rootdn "cn=Manager,dc=example,dc=com"

Yes. Just because it's ubiquitous doesn't mean it's right. The main reason westill have so much work to do in the OpenLDAP Project is because so much ofthe work in LDAP that came before us was wrongheaded to begin with. (E.g.,everywhere it intentionally diverged from X.500, for starters...)


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: Questions about the Monitor Backend
  - From: Thierry Lacoste <lacoste@miage.univ-paris12.fr>

References:
- Questions about the Monitor Backend
  - From: Thierry Lacoste <lacoste@miage.univ-paris12.fr>
- Re: Questions about the Monitor Backend
  - From: Howard Chu <hyc@symas.com>
- Re: Questions about the Monitor Backend
  - From: Thierry Lacoste <lacoste@miage.univ-paris12.fr>

Prev by Date: Re: Questions about the Monitor Backend
Next by Date: Re: Questions about the Monitor Backend
Index(es):
- Chronological
- Thread