[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Monitor Backend
> Hi,
> I'm using OpenLDAP-2.1.3 and i have added a "database monitor"
> directive to my slapd.conf, which works fine. But when adding a rootdn
> and rootpw directive, slapd complains with "rootpw can only
> be set when rootdn is under suffix", but the README says:
> -.-.-.-.-.-.-.--.-.-.-.-.-.-.-.-.-.-.-.-
> the backend supports the rootdn/rootpw
> directives (only simple bind at present).
> -.--.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
> and
> -.-.-.-.-.-.--.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
> The suffix "cn=Monitor" is implicitly activated (it cannot be given as
> a suffix of the database as usually done for conventional
> backends).
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
>
> How can i bind to the backend, as i dont't want world read access.
Dunno about 2.1.3, didn't go that far; with 2.1.10/HEAD
it works fine:
<slap.conf>
database monitor
rootdn "cn=administrator,cn=monitor"
rootpw secret
</slap.conf>
BTW, note that you don't need to use the rootdn to protect
your monitor backend; sinte it supports regular ACL, you can
add "access" directives that refer to entries in other
databases (assuming your configuration includes other databases).
P.M.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it