[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: cn=Log,cn=Monitor



> Pierangelo Masarati wrote:
>>>
>>>>backend; however it'd be of little use; my usual strategy
>>>>is to add ACLs that allow regular users belonging to other
>>>>databases to operate on monitor entries.
>>>
>>>Makes sense to me. I'll try with ACLs. Can you please post an example?
>>
>> database bdb # any other database ...
>> suffix "dc=example,dc=com"
>> # ...
>>
>> database monitor
>> access to *
>>     by dn.exact="uid=Administrator,ou=People,dc=example,dc=com" write
>> by dn="uid=[^,]+,ou=People,dc=example,dc=com" read
>>     by * none
>
> BTW: I'm using REL_ENG_2_1 CVS-updated yesterday with the following
> config:
>
> ----------------------- snip -----------------------
> database        monitor
>
> access to *
>      by dn.exact="cn=root,dc=stroeder,dc=com" write
>      by * read
> ----------------------- snip -----------------------
>
> This does not work for me. I still get unWillingToPerform without info
> message when bound as cn=root,dc=stroeder,dc=com. Why? When bound as
> anonymous I get strongAuthRequired and when bound as other user I get
> insufficientAccessRights which both makes sense to me. But
> unWillingToPerform sounds like this backend is not writeable at all.
>
> Ciao, Michael.

This is the config file as resulting from some
of the test suite (e.g. test003), plus the monitor
backend.  If I bind as babs, with password bjensen,
I can modify the cn=log,cn=monitor entry.
Note that's the only writable entry at the moment,
and all you can write is the description attr.

I'm using HEAD as of 10 minutes ago ;) but I don't
think this has ever changed.  And I know it worked.

p.

database        bdb
#ldbm#cachesize 0
suffix          "o=University of Michigan,c=US"
directory       ./test-db
rootdn          "cn=Manager,o=University of Michigan,c=US"
rootpw          secret
#ldbm#index             objectClass     eq
#ldbm#index             cn,sn,uid       pres,eq,sub
index           objectClass     eq
index           cn,sn,uid       pres,eq,sub

database        monitor
access to *
        by dn.exact="cn=Barbara Jensen,ou=Information Technology
Division,ou=People,o=University of Michigan,c=US" write
        by * read


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it