summaryrefslogtreecommitdiffstats
path: root/doc/man/man5/slapd-monitor.5
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man/man5/slapd-monitor.5')
-rw-r--r--doc/man/man5/slapd-monitor.5126
1 files changed, 126 insertions, 0 deletions
diff --git a/doc/man/man5/slapd-monitor.5 b/doc/man/man5/slapd-monitor.5
new file mode 100644
index 0000000..84a85ba
--- /dev/null
+++ b/doc/man/man5/slapd-monitor.5
@@ -0,0 +1,126 @@
+.TH SLAPD-MONITOR 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2022 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapd\-monitor \- Monitor backend to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.B monitor
+backend to
+.BR slapd (8)
+is not an actual database; if enabled, it is automatically generated
+and dynamically maintained by
+.B slapd
+with information about the running status of the daemon.
+.LP
+To inspect all monitor information, issue a subtree search with base
+cn=Monitor, requesting that attributes "+" and "*" are returned.
+The monitor backend produces mostly operational attributes, and LDAP
+only returns operational attributes that are explicitly requested.
+Requesting attribute "+" is an extension which requests all operational
+attributes.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the
+.B monitor
+backend database.
+That is, they must follow a "database monitor" line and come before any
+subsequent "backend" or "database" lines.
+.LP
+As opposed to most databases, the
+.B monitor
+database can be instantiated only once, i.e. only one occurrence
+of "database monitor" can occur in the
+.BR slapd.conf (5)
+file.
+Moreover, the suffix of the database cannot be explicitly set by means
+of the
+.B suffix
+directive.
+The suffix is automatically set
+to "\fIcn=Monitor\fP".
+.LP
+The
+.B monitor
+database honors the
+.B rootdn
+and the
+.B rootpw
+directives, and the usual ACL directives, e.g. the
+.B access
+directive.
+.\".LP
+.\"The following directives can be used:
+.\".TP
+.\".BI l \ <locality>
+.\"The additional argument \fI<locality>\fP,
+.\"a string, is added to the "\fIcn=Monitor\fP" entry as value of the
+.\".B l
+.\"attribute (Note: this may be subjected to changes).
+.LP
+Other database options are described in the
+.BR slapd.conf (5)
+manual page.
+.SH USAGE
+The usage is:
+.TP
+1) enable the \fBmonitor\fP backend at configure:
+.LP
+.RS
+.nf
+configure \-\-enable\-monitor
+.fi
+.RE
+.TP
+2) activate the \fBmonitor\fP database in the \fBslapd.conf\fP(5) file:
+.LP
+.RS
+.nf
+database monitor
+.fi
+.RE
+.TP
+3) add ACLs as detailed in \fBslapd.access\fP(5) to control access to the database, e.g.:
+.LP
+.RS
+.nf
+access to dn.subtree="cn=Monitor"
+ by dn.exact="uid=Admin,dc=my,dc=org" write
+ by users read
+ by * none
+.fi
+.RE
+.TP
+4) ensure that the \fBcore.schema\fP file is loaded.
+The
+.B monitor
+backend relies on some standard track attributeTypes
+that must be already defined when the backend is started.
+.SH ACCESS CONTROL
+The
+.B monitor
+backend honors access control semantics as indicated in
+.BR slapd.access (5),
+including the
+.B disclose
+access privilege, on all currently implemented operations.
+.SH KNOWN LIMITATIONS
+The
+.B monitor
+backend does not honor size/time limits in search operations.
+.SH FILES
+.TP
+.B ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd\-config (5),
+.BR slapd.access (5),
+.BR slapd (8),
+.BR ldap (3).
+.SH ACKNOWLEDGEMENTS
+.so ../Project
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-06 17:24:49 +0000