#50609 monitoring replication via anonymous srch on cn=monitor
Opened 2 months ago by tbordaz. Modified 2 months ago

Issue Description

Currently monitoring replication is done via a search of nsds50ruv on "cn=replica,cn=<suffix>,cn=mapping tree,cn=config" that requires privilege.

So to monitor a full topology, it requires to store the DM password of each server that is complex/sensitive.

Would it be possible, for example during RUV write back thread, to update a monitor entry.
I order to hide the server url, only replicaID would be stored in addition to csn.
For not replicated backend, no 'replicaID' attributes are stored.

dn: cn=monitor
...
nbackends: 3
backendmonitordn: cn=monitor,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
backendmonitordn: cn=monitor,cn=ipaca,cn=ldbm database,cn=plugins,cn=config
backendmonitordn: cn=monitor,cn=changelog,cn=ldbm database,cn=plugins,cn=config

dn: cn=replication,cn=monitor

dn: cn=userRoot,cn=replication,cn=monitor
..
replicaId: 1 57fe0206000700010000
replicaId: 2 57fe020a000000020000
replicaId: 6 57fe0b0a000000060000

dn: cn=ipaca,cn=replication,cn=monitor
..
replicaId: 11 57fe53060007000b0000
replicaId: 12 57fe530a0000000c0000
replicaId: 16 57fe4b0a000000100000

dn: cn=changelog,cn=replication,cn=monitor

Package Version and Platform

N/A

Steps to reproduce

NA

Actual results

monitoring of replication requires credential

Expected results

monitoring of replication can be done anonymously


Metadata Update from @mreynolds:
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None
- Issue set to the milestone: 1.4.2

2 months ago

Login to comment on this ticket.

Metadata