Quoting Pierangelo Masarati ando@sys-net.it:
Pierangelo Masarati wrote:
Turbo Fredriksson wrote:
Also, I have a problem getting 'cn=Monitor' running.
Oops, the internal operation that registers specific per-database monitoring runs an anonymous search in the monitor database, but your ACLs disable anonymous access to the monitor database. That operation obviously needs to be privileged.
Actually, the internal search is run as the rootdn, but you didn't configure any for the monitor database, while you should.
I never liked that part, that's why I started using Kerberos (so i didn't have to have rootdn defined).
But can I have different 'rootdn' in my different places (need one for syncrepl to, right?) with random DN's (that don't exists) without any password defined in the config file?
Will any ACL's still be honored?
If I understand all this (we've had this discussion previously a while back - LOONG way back :) this is only for internal use, right?