Retro Change Log And The Access Control Policy; Monitoring Replication Status - Netscape DIRECTORY SERVER 6.02 - ADMINISTRATOR Administrator's Manual

As a general rule, you should not perform add or modify operations on the retro
change log entries, although you can delete entries to trim the size of the change
log. The only time you will need to peform a modify operation on the retro change
log, is to modify the default access control policy.
Retro Change Log and the Access Control
Policy
When the retro change log is created, by default, the following access control rules
apply:
• Read, search and compare rights are granted to all authenticated users
(
userdn=all
• Write and delete access are not granted, except implicitly to the Directory
Manager.
You should not grant read access to anonymous users, because the change log
entries can contain modifications to sensitive information, such as passwords. Only
authenticated applications and users should be allowed to access this information.
To modify the default access control policy which applies to the retro change log,
you can modify the

Monitoring Replication Status

You can monitor replication status using the Directory Server Console. To view a
summary of replication status via the Directory Server Console:
Open the Directory Server Console.
1.
Select the Status tab, and then in the left navigation tree, select Replication
2.
Status.
In the right pane, a table appears that contains information about each of the
replication agreements configured for this server.
Click Refresh to update the contents of the tab.
3.
The status information displayed is described in Table 8-3.
, not to be confused with anonymous access where
userdn=anyone
) to the retro change log top entry
attribute of the
aci
cn=changelog
entry.
cn=changelog
Chapter 8
Monitoring Replication Status
.
Managing Replication 323