[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cn=Log,cn=Monitor

To: <michael@stroeder.com>
Subject: Re: cn=Log,cn=Monitor
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Mon, 7 Apr 2003 12:48:08 +0200 (CEST)
Cc: <ando@sys-net.it>, <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <3E915260.3040806@stroeder.com>
References: <DC7AAC9FAF16D711B8A7000629A81695676B6E@C010893.winterthur.ch> <20030331134241.GB10095@brick.skills-1st.co.uk> <3E8ED65A.6010909@swissonline.ch> <2437.81.74.43.82.1049554096.squirrel@webmail.sys-net.it> <3E8EF91F.3080106@stroeder.com> <2648.81.74.43.82.1049557932.squirrel@webmail.sys-net.it> <3E8EFFBF.4030705@stroeder.com> <63327.81.72.89.40.1049695217.squirrel@webmail.sys-net.it> <3E915260.3040806@stroeder.com>

> Pierangelo Masarati wrote:
>>>
>>>>backend; however it'd be of little use; my usual strategy
>>>>is to add ACLs that allow regular users belonging to other
>>>>databases to operate on monitor entries.
>>>
>>>Makes sense to me. I'll try with ACLs. Can you please post an example?
>>
>> database bdb # any other database ...
>> suffix "dc=example,dc=com"
>> # ...
>>
>> database monitor
>> access to *
>>     by dn.exact="uid=Administrator,ou=People,dc=example,dc=com" write
>> by dn="uid=[^,]+,ou=People,dc=example,dc=com" read
>>     by * none
>
> BTW: I'm using REL_ENG_2_1 CVS-updated yesterday with the following
> config:
>
> ----------------------- snip -----------------------
> database        monitor
>
> access to *
>      by dn.exact="cn=root,dc=stroeder,dc=com" write
>      by * read
> ----------------------- snip -----------------------
>
> This does not work for me. I still get unWillingToPerform without info
> message when bound as cn=root,dc=stroeder,dc=com. Why? When bound as
> anonymous I get strongAuthRequired and when bound as other user I get
> insufficientAccessRights which both makes sense to me. But
> unWillingToPerform sounds like this backend is not writeable at all.
>
> Ciao, Michael.

This is the config file as resulting from some
of the test suite (e.g. test003), plus the monitor
backend.  If I bind as babs, with password bjensen,
I can modify the cn=log,cn=monitor entry.
Note that's the only writable entry at the moment,
and all you can write is the description attr.

I'm using HEAD as of 10 minutes ago ;) but I don't
think this has ever changed.  And I know it worked.

p.

database        bdb
#ldbm#cachesize 0
suffix          "o=University of Michigan,c=US"
directory       ./test-db
rootdn          "cn=Manager,o=University of Michigan,c=US"
rootpw          secret
#ldbm#index             objectClass     eq
#ldbm#index             cn,sn,uid       pres,eq,sub
index           objectClass     eq
index           cn,sn,uid       pres,eq,sub

database        monitor
access to *
        by dn.exact="cn=Barbara Jensen,ou=Information Technology
Division,ou=People,o=University of Michigan,c=US" write
        by * read


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

References:
- Re: Open LDAP and SNMP
  - From: vadim tarassov <vadim.tarassov@swissonline.ch>
- Re: Open LDAP and SNMP
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- cn=Log,cn=Monitor (was: Open LDAP and SNMP)
  - From: Michael Ströder <michael@stroeder.com>
- Re: cn=Log,cn=Monitor (was: Open LDAP and SNMP)
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: cn=Log,cn=Monitor
  - From: Michael Ströder <michael@stroeder.com>
- Re: cn=Log,cn=Monitor
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: cn=Log,cn=Monitor
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Newbie: can't populate LDAP database
Next by Date: Re: ./configure on Redhat 8 -- Problems
Index(es):
- Chronological
- Thread