[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Questions about the Monitor Backend
Thierry Lacoste wrote:
Hello,
I have recently upgraded from 2.3.24 to 2.4.16.
I find two points confusing in the "Monitor Backend" section
of the B annex "Upgrading from 2.3.x" in the admin guide
(http://www.openldap.org/doc/admin24/appendix-upgrading.html#Monitor%20Backend
).
First my slapd happily starts even when I have no rootdn in my
"database monitor" section.
Second the example of the admin guide reads:
database monitor
rootdn cn=monitor
rootpw change_me
Is it on purpose that the rootdn equals the hadcoded suffix of the
monitor database?
Yes.
In the "Monitor" section of the admin guide, the example reads:
database monitor
rootdn "cn=monitoring,cn=Monitor"
rootpw monitoring
The choice of the rootdn seems much more intuitive
Seems less intuitive to me... "root" means the base / origin / trunk /
whatever. Calling something that is clearly *below* the root the "rootdn" is
nonsensical. The fact that it's been standard practice for others says to me
that those other folks' brains were muddled when they defined all these things.
but then it seems
a bit weird to not use it in the ACL below:
You seem to have forgotten that the current database's rootdn always ignores
all ACLs on that database. The purpose of this ACL is to allow the "uid=Admin"
identity that resides in some *other* database to have privileges in this
database.
access to dn.subtree="cn=Monitor"
by dn.exact="uid=Admin,dc=my,dc=org" write
by users read
by * none
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/