[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: cn=Log,cn=Monitor (was: Open LDAP and SNMP)
> Hi,
>
> "Pierangelo Masarati" <ando@sys-net.it> writes:
>
>>> Pierangelo Masarati wrote:
> [...]
>> I don't remenber if a rootdn/rootpw is honored by the
>> backend; however it'd be of little use; my usual strategy
>> is to add ACLs that allow regular users belonging to other
>> databases to operate on monitor entries. Note that
>> changing log level affects only syslog writings and not
>> debugging output as a design choice.
>
> rootdn/rootpw doesn't work as there ist no suffix declaration for this
> backend,
actually, there is, but it is implicitly made
when the database is defined. In future devel,
we may have the suffix be set to a user defined
value, which is stored in monitorContext
in root DSE.
> but ACLs work fine.
I checked out, and rootdn/roopw work fine together
with ACLs; try
database monitor
rootdn cn=Manager,cn=Monitor
rootpw secret
access to * by * none
and you'll see that only rootdn can monitor the system :)
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it