Wikis - Page

Knowledge Document: What are the minimum eDirectory rights to gather information from cn=monitor via LDAP

0 Likes

This article should provide information about the needed eDirectory rights for a non-admin account to gather monitoring information of an eDirectory server.

Labels:

Support Tips/Knowledge Docs
Comment List
  • Worth mentioning that the way this permission works is perhaps different than you might think if you have never seen this model in use before.

    The attribute you need Write permission to, NDSRightsToMonitor does not exist as part of an object class, nor does any object in the tree actually have an attriibute of that name with a value.  Rather the process checks if you have the EffectiveRight to Write to the attribute, not ACTUALLY write to it.

    The dxcmd, User App, permissions are done the same way.  Confusing if you go looking at schema to see the attribute just 'floating' there, not part of any class, nor instantiated anywhere.

Related
Recommended