Project

General

Profile

Actions

Bug #9818

closed

Rudder's LDAP server configuration does not allow to query the monitor DB

Added by Jonathan CLARKE over 7 years ago. Updated about 7 years ago.

Status:
Released
Priority:
N/A
Category:
Server components
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

Since we added strict ACLs in the LDAP server configuration for Rudder, it is no longer possible to query the cn=monitor backend, that provides useful statistics about the database usage and queries, in particular cache usage for the BDB/HDB backend.

This is because the ACLs do not allow any access except for the strict minimum, but the root DN for the main database bypasses ACLs so that has never been a problem. Since cn=monitor is actually a different database, the root DN from the main database doesn't have that bypass.

We need to add in an ACL to allow this.

Actions #1

Updated by Jonathan CLARKE over 7 years ago

  • Status changed from New to In progress
Actions #2

Updated by Jonathan CLARKE over 7 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Jonathan CLARKE to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/1151
Actions #3

Updated by Jonathan CLARKE over 7 years ago

  • Status changed from Pending technical review to Pending release
  • % Done changed from 0 to 100
Actions #4

Updated by Vincent MEMBRÉ about 7 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.18, 3.2.11, 4.0.3 and 4.1.0~beta3 which were released today.

Actions

Also available in: Atom PDF