Rich Megginson wrote:
but searching as cn=replication,cn=config or similar results doesn't
return any results.
Can someone point me at the ACI I need to modify (or do I need to
create a new one?) to add read-only access to cn=config on our master
servers for monitoring purposes? Thanks!
The setup-ds-admin.pl script creates ACIs for the console admin user -
look at the ACIs on the cn=config entry for the uid=admin,..... user.
You can probably just duplicate those - change the user to be your
monitoring user, and change the allow() to just read,search,compare.
Ahah. Just in case anybody else is curious, this is effectively what I
ended up setting up for the check_ldap_replication script for nagios, on
the cn=config tree:
(targetattr = "*") (version 3.0;
acl "Monitoring Script";
allow (read,compare,search)(userdn =
"ldap:///uid=nagiosmonitoring,ou=Resource Accounts,dc=itasoftware,dc=com")
;)
I may see if I can restrict it down a little further, but that makes me
much happier than using the Directory Manager user.
Thanks for your help!
--
,___,
{o,o} Anne "Juniper" Cross
(___) Senior Linux Systems Engineer and Extropic Crusader
-"-"-- Information Technology, ITA Software
/^^^
--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
