Bug#927256: add a monitor database to the default configuration

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#927256: add a monitor database to the default configuration

Ryan Tandy-4
Package: slapd
Severity: wishlist
Control: submitter -1 [hidden email]

In IRC, Quanah suggested that we add a monitor instance to the default
configuration.

The monitor DB should not be world readable. Granting access to
cn=admin,... and the cn=config owner would be a good start.

Reply | Threaded
Open this post in threaded view
|

Bug#927256: add a monitor database to the default configuration

Ryan Tandy-4
Below is an example config from Quanah that demonstrates a monitor setup
as well as his suggestion of using an authz-regexp for the cn=config
root.

dn: cn=config
objectClass: olcGlobal
cn: config
olcLogLevel: sync
olcLogLevel: stats
olcPidFile: /var/run/slapd/slapd.pid
olcArgsFile: /var/run/slapd/slapd.args
olcToolThreads: 2
olcAuthzRegexp: {0}gidNumber=0\+uidNumber=0,cn=peercred,cn=external,cn=auth cn
 =config

dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema

include: file:///etc/ldap/schema/core.ldif
include: file:///etc/ldap/schema/cosine.ldif
include: file:///etc/ldap/schema/inetorgperson.ldif

dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_mdb
olcModuleLoad: {1}back_monitor

dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to dn=""  by * read
olcAccess: {1}to *  by self write  by users read  by anonymous auth

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to *  by * none

dn: olcDatabase={1}monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to dn.subtree="cn=monitor"  by dn.exact=cn=config read  by dn.ex
 act=cn=manager,dc=example,dc=com read

dn: olcDatabase={2}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcmdbConfig
olcDatabase: {2}mdb
olcSuffix: dc=example,dc=com
olcRootDN: cn=manager,dc=example,dc=com
olcRootPW: secret
olcSizeLimit: unlimited
olcTimeLimit: unlimited
olcMirrorMode: TRUE
olcDbCheckpoint: 512 30
olcDbDirectory: /var/lib/ldap
olcDbIndex: default eq
olcDbIndex: objectClass
olcDbIndex: entryUUID
olcDbIndex: entryCSN
olcDbIndex: cn pres,eq,sub
olcDbIndex: uid pres,eq,sub
olcDbIndex: mail pres,eq,sub
olcDbIndex: sn pres,eq,sub
olcDbIndex: description pres,eq,sub
olcDbIndex: title pres,eq,sub
olcDbIndex: givenName pres,eq,sub
olcDbMaxSize: 85899345920
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * non
 e
olcAccess: {1}to * by * read