Retro Change Log And The Access Control Policy; Monitoring Replication Status; Monitoring Replication Status From The Directory Server Console - Netscape DIRECTORY SERVER 6.1 - ADMINISTRATOR Administrator's Manual

As a general rule, you should not perform add or modify operations on the retro
change log entries, although you can delete entries to trim the size of the change
log. The only time you will need to peform a modify operation on the retro change
log, is to modify the default access control policy.
Retro Change Log and the Access Control
Policy
When the retro change log is created, by default, the following access control rules
apply:
• Read, search and compare rights are granted to all authenticated users
(
userdn=all
• Write and delete access are not granted, except implicitly to the Directory
Manager.
You should not grant read access to anonymous users, because the change log
entries can contain modifications to sensitive information, such as passwords. Only
authenticated applications and users should be allowed to access this information.
To modify the default access control policy which applies to the retro change log,
you can modify the

Monitoring Replication Status

You can monitor replication status using the Directory Server Console and
Netscape Administration Express. This section explains both these procedures:
•

Monitoring Replication Status From the Directory Server Console

• Monitoring Replication Status From Administration Express
Monitoring Replication Status From the Directory
Server Console
To view a summary of replication status via the Directory Server Console:
Open the Directory Server Console.
1.
, not to be confused with anonymous access where
userdn=anyone
) to the retro change log top entry
attribute of the
aci
cn=changelog
entry.
cn=changelog
Chapter 8
Monitoring Replication Status
.
Managing Replication 327