[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: database monitor



Am Tue, 5 Jul 2011 19:33:05 -0300
schrieb Friedrich Locke <friedrich.locke@gmail.com>:

> So what should be the rules for monitor database?
> I don't want my users looking up in my openldap server status.
> May you provide rules for the monitor database?
> 
> Thanks
> 
> On Tue, Jul 5, 2011 at 6:03 PM,  <masarati@aero.polimi.it> wrote:
> >> I have configured database monitor and setted two access rules in
> >> its context. By the log messages below keep annoying me:
> >>
> >> /etc/openldap/slapd.conf: line 110: warning: cannot assess the
> >> validity of the ACL scope within backend naming context
> >> Backend ACL: access to dn.subtree="cn=monitor"
> >> Â Â Â Â by dn.base="cn=oldap,dc=ufv,dc=br" read
> >> Â Â Â Â by * none
> >>
> >> Backend ACL: access to *
> >> Â Â Â Â by * none
> >
> > Remove this rule. ÂIt's pleonastic (never used) because, as the
> > message says, it's outside the naming context. ÂAll data within the
> > naming scope is intercepted by the previous rule.
> >
> > p.
> >
> >> /etc/openldap/slapd.conf: line 123: warning: cannot assess the
> >> validity of the ACL scope within backend naming context
> >> Backend ACL: access to *
> >> Â Â Â Â by * none
> >>
> >> config_back_db_open: line 0: warning: cannot assess the validity of
> >> the ACL scope within backend naming context
> >> slapd starting
> >>
> >>
> >> How may i "fix" that. (Altough i used the word "fix", i know it is
> >> not a error message).

Declare the access rules within the context of the monitor database.

dn:olcDatabase=monitor,cn=config
olcAccess: to dn.subtree=cn=monitor by users read

-Dieter



-- 
Dieter KlÃnter | Systemberatung
sip: 7770535@sipgate.de 
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6