June 10, 2010

Make monitoring information publicly available

Rationale
  For testing purpose or if you feel your network is safe enough or the monitoring information exposed does not compromise any sensitive data, you may want to easily be able to access your monitoring information anonymously. Here's how.

The Meat
With the default settings you'll get a silent response:

[unboundid@unboundid1 UnboundID-DS]$ bin/ldapsearch -p 1389 -b cn=monitor "(objectclass=*)"
[unboundid@unboundid1 UnboundID-DS]$ 


Let's make cn=monitor accessible publicly then: 
dsconfig set-access-control-handler-prop --add "global-aci:(target=\"ldap:///cn=monitor\")(targetattr=\"*\")(version 3.0; acl \"allow anonymous access to monitoring data\";allow (read,search) userdn=\"ldap:///anyone\";)"


And now:

[unboundid@unboundid1 UnboundID-DS]$ bin/ldapsearch -p 1389 -b cn=monitor -s base "(objectclass=*)"
dn: cn=monitor
objectClass: top
objectClass: ds-monitor-entry
objectClass: ds-general-monitor-entry
objectClass: extensibleObject
cn: monitor
productName: UnboundID Directory Server
productVendor: UnboundID Corp.
productVersion: UnboundID Directory Server 2.2.0.0-r6168
instanceName: unboundid1:1389
startupID: TBEplw==
startupUUID: 8cfc40a4-a176-410b-b5cd-f556b90f712f
startTime: 20100610180627Z
currentTime: 20100610203116Z
upTime: 0 days 2 hours 24 minutes 48 seconds
currentConnections: 2
maxConnections: 3
totalConnections: 14