diff options
Diffstat (limited to 'doc/man/man5/slapd-monitor.5')
-rw-r--r-- | doc/man/man5/slapd-monitor.5 | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/doc/man/man5/slapd-monitor.5 b/doc/man/man5/slapd-monitor.5 new file mode 100644 index 0000000..84a85ba --- /dev/null +++ b/doc/man/man5/slapd-monitor.5 @@ -0,0 +1,126 @@ +.TH SLAPD-MONITOR 5 "RELEASEDATE" "OpenLDAP LDVERSION" +.\" Copyright 1998-2022 The OpenLDAP Foundation All Rights Reserved. +.\" Copying restrictions apply. See COPYRIGHT/LICENSE. +.\" $OpenLDAP$ +.SH NAME +slapd\-monitor \- Monitor backend to slapd +.SH SYNOPSIS +ETCDIR/slapd.conf +.SH DESCRIPTION +The +.B monitor +backend to +.BR slapd (8) +is not an actual database; if enabled, it is automatically generated +and dynamically maintained by +.B slapd +with information about the running status of the daemon. +.LP +To inspect all monitor information, issue a subtree search with base +cn=Monitor, requesting that attributes "+" and "*" are returned. +The monitor backend produces mostly operational attributes, and LDAP +only returns operational attributes that are explicitly requested. +Requesting attribute "+" is an extension which requests all operational +attributes. +.SH CONFIGURATION +These +.B slapd.conf +options apply to the +.B monitor +backend database. +That is, they must follow a "database monitor" line and come before any +subsequent "backend" or "database" lines. +.LP +As opposed to most databases, the +.B monitor +database can be instantiated only once, i.e. only one occurrence +of "database monitor" can occur in the +.BR slapd.conf (5) +file. +Moreover, the suffix of the database cannot be explicitly set by means +of the +.B suffix +directive. +The suffix is automatically set +to "\fIcn=Monitor\fP". +.LP +The +.B monitor +database honors the +.B rootdn +and the +.B rootpw +directives, and the usual ACL directives, e.g. the +.B access +directive. +.\".LP +.\"The following directives can be used: +.\".TP +.\".BI l \ <locality> +.\"The additional argument \fI<locality>\fP, +.\"a string, is added to the "\fIcn=Monitor\fP" entry as value of the +.\".B l +.\"attribute (Note: this may be subjected to changes). +.LP +Other database options are described in the +.BR slapd.conf (5) +manual page. +.SH USAGE +The usage is: +.TP +1) enable the \fBmonitor\fP backend at configure: +.LP +.RS +.nf +configure \-\-enable\-monitor +.fi +.RE +.TP +2) activate the \fBmonitor\fP database in the \fBslapd.conf\fP(5) file: +.LP +.RS +.nf +database monitor +.fi +.RE +.TP +3) add ACLs as detailed in \fBslapd.access\fP(5) to control access to the database, e.g.: +.LP +.RS +.nf +access to dn.subtree="cn=Monitor" + by dn.exact="uid=Admin,dc=my,dc=org" write + by users read + by * none +.fi +.RE +.TP +4) ensure that the \fBcore.schema\fP file is loaded. +The +.B monitor +backend relies on some standard track attributeTypes +that must be already defined when the backend is started. +.SH ACCESS CONTROL +The +.B monitor +backend honors access control semantics as indicated in +.BR slapd.access (5), +including the +.B disclose +access privilege, on all currently implemented operations. +.SH KNOWN LIMITATIONS +The +.B monitor +backend does not honor size/time limits in search operations. +.SH FILES +.TP +.B ETCDIR/slapd.conf +default slapd configuration file +.SH SEE ALSO +.BR slapd.conf (5), +.BR slapd\-config (5), +.BR slapd.access (5), +.BR slapd (8), +.BR ldap (3). +.SH ACKNOWLEDGEMENTS +.so ../Project |