[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Monitor Backend

To: openldap-software@OpenLDAP.org
Subject: Re: Monitor Backend
From: Vincent MATHIEU <Vincent.Mathieu@univ-nancy2.fr>
Date: Wed, 08 Jan 2003 18:44:29 +0100
In-reply-to: <47571.131.175.154.56.1041925878.squirrel@webmail.sys-net.i t>
References: <m3wuli3za4.fsf@marin.l4b.de> <m3wuli3za4.fsf@marin.l4b.de>

A 08:51 07/01/2003 +0100, Pierangelo Masarati a écrit :

>> Hi,
>> I'm using OpenLDAP-2.1.3 and i have added a "database monitor"
>> directive to my slapd.conf, which works fine. But when adding a rootdn
>> and rootpw directive, slapd complains with "rootpw can only
>> be set when rootdn is under suffix", but the README says:
>> -.-.-.-.-.-.-.--.-.-.-.-.-.-.-.-.-.-.-.-
>>  the backend supports the rootdn/rootpw
>> directives (only simple bind at present).
>> -.--.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
>> and
>> -.-.-.-.-.-.--.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
>> The suffix "cn=Monitor" is implicitly activated (it cannot be given  as
>> a suffix of the database as usually done for conventional
>> backends).
>> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
>>
>> How can i bind to the backend, as i dont't want world read access.
>
>Dunno about 2.1.3, didn't go that far; with 2.1.10/HEAD
>it works fine:
>
><slap.conf>
>database monitor
>rootdn  "cn=administrator,cn=monitor"
>rootpw  secret
></slap.conf>
>
>BTW, note that you don't need to use the rootdn to protect
>your monitor backend; sinte it supports regular ACL, you can
>add "access" directives that refer to entries in other
>databases (assuming your configuration includes other databases).

I Use 2.1.11, and if I use the directives 'rootdn' and 'rootpwd' for the monitor, slapd can't start :
slapd.conf: line 57: rootdn DN is invalid

If I don't use these directives for the monitor, the monitor works

Here is my config :
database        monitor
rootdn          "cn=administrator,cn=monitor";
rootpw          ******

database        ldbm
suffix          "ou=etudiants,dc=univ-nancy2,dc=fr" 
subordinate
directory       /home/ldap/ldap392/dataEtud
rootdn          "cn=******,ou=etudiants,dc=univ-nancy2,dc=fr"
rootpw          ******

database        ldbm
suffix          "ou=pers,dc=univ-nancy2,dc=fr" 
subordinate
directory       /home/ldap/ldap392/dataPers
rootdn          "cn=******,ou=pers,dc=univ-nancy2,dc=fr"
rootpw          ******

database        ldbm
suffix          "dc=univ-nancy2,dc=fr"
directory       /home/ldap/ldap392/dataRoot
rootdn          "cn=******,dc=univ-nancy2,dc=fr"
rootpw          ******


Vincent

-- 
Vincent MATHIEU                 
CRI - Universite NANCY 2            | Email : Vincent.Mathieu@univ-nancy2.fr
Pole Lorrain de Gestion             | Tel   : (33) 03.83.39.64.06
13, Rue Michel Ney - C.O. 75        | Fax   : (33) 03.83.39.64.43
54013 Nancy Cedex.   FRANCE

Follow-Ups:
- Re: Monitor Backend
  - From: "Pierangelo Masarati" <ando@sys-net.it>

References:
- Monitor Backend
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: entry has multiple objectClass attributes
Next by Date: Re: Monitor Backend
Index(es):
- Chronological
- Thread