1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
.TH SLAPD-MONITOR 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2018 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
slapd\-monitor \- Monitor backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The
.B monitor
backend to
.BR slapd (8)
is not an actual database; if enabled, it is automatically generated
and dynamically maintained by
.B slapd
with information about the running status of the daemon.
.LP
To inspect all monitor information, issue a subtree search with base
cn=Monitor, requesting that attributes "+" and "*" are returned.
The monitor backend produces mostly operational attributes, and LDAP
only returns operational attributes that are explicitly requested.
Requesting attribute "+" is an extension which requests all operational
attributes.
.SH CONFIGURATION
These
.B slapd.conf
options apply to the
.B monitor
backend database.
That is, they must follow a "database monitor" line and come before any
subsequent "backend" or "database" lines.
.LP
As opposed to most databases, the
.B monitor
database can be instantiated only once, i.e. only one occurrence
of "database monitor" can occur in the
.BR slapd.conf (5)
file.
Moreover, the suffix of the database cannot be explicitly set by means
of the
.B suffix
directive.
The suffix is automatically set
to "\fIcn=Monitor\fP".
.LP
The
.B monitor
database honors the
.B rootdn
and the
.B rootpw
directives, and the usual ACL directives, e.g. the
.B access
directive.
.\".LP
.\"The following directives can be used:
.\".TP
.\".BI l \ <locality>
.\"The additional argument \fI<locality>\fP,
.\"a string, is added to the "\fIcn=Monitor\fP" entry as value of the
.\".B l
.\"attribute (Note: this may be subjected to changes).
.LP
Other database options are described in the
.BR slapd.conf (5)
manual page.
.SH USAGE
The usage is:
.TP
1) enable the \fBmonitor\fP backend at configure:
.LP
.RS
.nf
configure \-\-enable\-monitor
.fi
.RE
.TP
2) activate the \fBmonitor\fP database in the \fBslapd.conf\fP(5) file:
.LP
.RS
.nf
database monitor
.fi
.RE
.TP
3) add ACLs as detailed in \fBslapd.access\fP(5) to control access to the database, e.g.:
.LP
.RS
.nf
access to dn.subtree="cn=Monitor"
by dn.exact="uid=Admin,dc=my,dc=org" write
by users read
by * none
.fi
.RE
.TP
4) ensure that the \fBcore.schema\fP file is loaded.
The
.B monitor
backend relies on some standard track attributeTypes
that must be already defined when the backend is started.
.SH ACCESS CONTROL
The
.B monitor
backend honors access control semantics as indicated in
.BR slapd.access (5),
including the
.B disclose
access privilege, on all currently implemented operations.
.SH KNOWN LIMITATIONS
The
.B monitor
backend does not honor size/time limits in search operations.
.SH FILES
.TP
.B ETCDIR/slapd.conf
default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd\-config (5),
.BR slapd.access (5),
.BR slapd (8),
.BR ldap (3).
.SH ACKNOWLEDGEMENTS
.so ../Project
|