openldap/servers/slapd/back-ldap/monitor.c

/* monitor.c - monitor ldap backend */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
 *
 * Copyright 2003-2012 The OpenLDAP Foundation.
 * Portions Copyright 1999-2003 Howard Chu.
 * Portions Copyright 2000-2003 Pierangelo Masarati.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted only as authorized by the OpenLDAP
 * Public License.
 *
 * A copy of this license is available in the file LICENSE in the
 * top-level directory of the distribution or, alternatively, at
 * <http://www.OpenLDAP.org/license.html>.
 */
/* ACKNOWLEDGEMENTS:
 * This work was initially developed by the Howard Chu for inclusion
 * in OpenLDAP Software and subsequently enhanced by Pierangelo
 * Masarati.
 */

#include "portable.h"

#include <stdio.h>
#include <ac/string.h>
#include <ac/unistd.h>
#include <ac/stdlib.h>
#include <ac/errno.h>
#include <sys/stat.h>
#include "lutil.h"
#include "back-ldap.h"

#include "config.h"

static ObjectClass		*oc_olmLDAPDatabase;
static ObjectClass		*oc_olmLDAPConnection;

static AttributeDescription	*ad_olmDbURIList;
static AttributeDescription	*ad_olmDbOperations;
static AttributeDescription	*ad_olmDbBoundDN;

/*
 * Stolen from back-monitor/operations.c
 * We don't need the normalized rdn's though.
 */
struct ldap_back_monitor_ops_t {
	struct berval		rdn;
} ldap_back_monitor_op[] = {
	{ BER_BVC( "cn=Bind" ) },
	{ BER_BVC( "cn=Unbind" ) },
	{ BER_BVC( "cn=Search" ) },
	{ BER_BVC( "cn=Compare" ) },
	{ BER_BVC( "cn=Modify" ) },
	{ BER_BVC( "cn=Modrdn" ) },
	{ BER_BVC( "cn=Add" ) },
	{ BER_BVC( "cn=Delete" ) },
	{ BER_BVC( "cn=Abandon" ) },
	{ BER_BVC( "cn=Extended" ) },

	{ BER_BVNULL }
};


/*
 * NOTE: there's some confusion in monitor OID arc;
 * by now, let's consider:
 * 
 * Subsystems monitor attributes	1.3.6.1.4.1.4203.666.1.55.0
 * Databases monitor attributes		1.3.6.1.4.1.4203.666.1.55.0.1
 * LDAP database monitor attributes	1.3.6.1.4.1.4203.666.1.55.0.1.2
 *
 * Subsystems monitor objectclasses	1.3.6.1.4.1.4203.666.3.16.0
 * Databases monitor objectclasses	1.3.6.1.4.1.4203.666.3.16.0.1
 * LDAP database monitor objectclasses	1.3.6.1.4.1.4203.666.3.16.0.1.2
 */

static struct {
	char			*name;
	char			*oid;
}		s_oid[] = {
	{ "olmLDAPAttributes",			"olmDatabaseAttributes:2" },
	{ "olmLDAPObjectClasses",		"olmDatabaseObjectClasses:2" },

	{ NULL }
};

static struct {
	char			*desc;
	AttributeDescription	**ad;
}		s_at[] = {
	{ "( olmLDAPAttributes:1 "
		"NAME ( 'olmDbURIList' ) "
		"DESC 'List of URIs a proxy is serving; can be modified run-time' "
		"SUP managedInfo )",
		&ad_olmDbURIList },
	{ "( olmLDAPAttributes:2 "
		"NAME ( 'olmDbOperation' ) "
		"DESC 'monitor operations performed' "
		"SUP monitorCounter "
		"NO-USER-MODIFICATION "
		"USAGE dSAOperation )",
		&ad_olmDbOperations },
	{ "( olmLDAPAttributes:3 "
		"NAME ( 'olmDbBoundDN' ) "
		"DESC 'monitor connection authorization DN' "
		"SUP monitorConnectionAuthzDN "
		"NO-USER-MODIFICATION "
		"USAGE dSAOperation )",
		&ad_olmDbBoundDN },

	{ NULL }
};

static struct {
	char		*desc;
	ObjectClass	**oc;
}		s_oc[] = {
	/* augments an existing object, so it must be AUXILIARY
	 * FIXME: derive from some ABSTRACT "monitoredEntity"? */
	{ "( olmLDAPObjectClasses:1 "
		"NAME ( 'olmLDAPDatabase' ) "
		"SUP top AUXILIARY "
		"MAY ( "
			"olmDbURIList "
			") )",
		&oc_olmLDAPDatabase },
	{ "( olmLDAPObjectClasses:2 "
		"NAME ( 'olmLDAPConnection' ) "
		"SUP monitorConnection STRUCTURAL "
		"MAY ( "
			"olmDbBoundDN "
			") )",
		&oc_olmLDAPConnection },

	{ NULL }
};

static int
ldap_back_monitor_update(
	Operation	*op,
	SlapReply	*rs,
	Entry		*e,
	void		*priv )
{
	ldapinfo_t		*li = (ldapinfo_t *)priv;

	Attribute		*a;

	/* update olmDbURIList */
	a = attr_find( e->e_attrs, ad_olmDbURIList );
	if ( a != NULL ) {
		struct berval	bv;

		assert( a->a_vals != NULL );
		assert( !BER_BVISNULL( &a->a_vals[ 0 ] ) );
		assert( BER_BVISNULL( &a->a_vals[ 1 ] ) );

		ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
		if ( li->li_uri ) {
			ber_str2bv( li->li_uri, 0, 0, &bv );
			if ( !bvmatch( &a->a_vals[ 0 ], &bv ) ) {
				ber_bvreplace( &a->a_vals[ 0 ], &bv );
			}
		}
		ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );
	}

	return SLAP_CB_CONTINUE;
}

static int
ldap_back_monitor_modify(
	Operation	*op,
	SlapReply	*rs,
	Entry		*e,
	void		*priv )
{
	ldapinfo_t		*li = (ldapinfo_t *) priv;
	
	Attribute		*save_attrs = NULL;
	Modifications		*ml,
				*ml_olmDbURIList = NULL;
	struct berval		ul = BER_BVNULL;
	int			got = 0;

	for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
		if ( ml->sml_desc == ad_olmDbURIList ) {
			if ( ml_olmDbURIList != NULL ) {
				rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
				rs->sr_text = "conflicting modifications";
				goto done;
			}

			if ( ml->sml_op != LDAP_MOD_REPLACE ) {
				rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
				rs->sr_text = "modification not allowed";
				goto done;
			}

			ml_olmDbURIList = ml;
			got++;
			continue;
		}
	}

	if ( got == 0 ) {
		return SLAP_CB_CONTINUE;
	}

	save_attrs = attrs_dup( e->e_attrs );

	if ( ml_olmDbURIList != NULL ) {
		Attribute	*a = NULL;
		LDAPURLDesc	*ludlist = NULL;
		int		rc;

		ml = ml_olmDbURIList;
		assert( ml->sml_nvalues != NULL );

		if ( BER_BVISNULL( &ml->sml_nvalues[ 0 ] ) ) {
			rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
			rs->sr_text = "no value provided";
			goto done;
		}

		if ( !BER_BVISNULL( &ml->sml_nvalues[ 1 ] ) ) {
			rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
			rs->sr_text = "multiple values provided";
			goto done;
		}

		rc = ldap_url_parselist_ext( &ludlist,
			ml->sml_nvalues[ 0 ].bv_val, NULL,
			LDAP_PVT_URL_PARSE_NOEMPTY_HOST
				| LDAP_PVT_URL_PARSE_DEF_PORT );
		if ( rc != LDAP_URL_SUCCESS ) {
			rs->sr_err = LDAP_INVALID_SYNTAX;
			rs->sr_text = "unable to parse URI list";
			goto done;
		}

		ul.bv_val = ldap_url_list2urls( ludlist );
		ldap_free_urllist( ludlist );
		if ( ul.bv_val == NULL ) {
			rs->sr_err = LDAP_OTHER;
			goto done;
		}
		ul.bv_len = strlen( ul.bv_val );
		
		a = attr_find( e->e_attrs, ad_olmDbURIList );
		if ( a != NULL ) {
			if ( a->a_nvals == a->a_vals ) {
				a->a_nvals = ch_calloc( sizeof( struct berval ), 2 );
			}

			ber_bvreplace( &a->a_vals[ 0 ], &ul );
			ber_bvreplace( &a->a_nvals[ 0 ], &ul );

		} else {
			attr_merge_normalize_one( e, ad_olmDbURIList, &ul, NULL );
		}
	}

	/* apply changes */
	if ( !BER_BVISNULL( &ul ) ) {
		ldap_pvt_thread_mutex_lock( &li->li_uri_mutex );
		if ( li->li_uri ) {
			ch_free( li->li_uri );
		}
		li->li_uri = ul.bv_val;
		ldap_pvt_thread_mutex_unlock( &li->li_uri_mutex );

		BER_BVZERO( &ul );
	}

done:;
	if ( !BER_BVISNULL( &ul ) ) {
		ldap_memfree( ul.bv_val );
	}

	if ( rs->sr_err == LDAP_SUCCESS ) {
		attrs_free( save_attrs );
		return SLAP_CB_CONTINUE;
	}

	attrs_free( e->e_attrs );
	e->e_attrs = save_attrs;

	return rs->sr_err;
}

static int
ldap_back_monitor_free(
	Entry		*e,
	void		**priv )
{
	ldapinfo_t		*li = (ldapinfo_t *)(*priv);

	*priv = NULL;

	if ( !slapd_shutdown ) {
		memset( &li->li_monitor_info, 0, sizeof( li->li_monitor_info ) );
	}

	return SLAP_CB_CONTINUE;
}

static int
ldap_back_monitor_subsystem_destroy(
	BackendDB		*be,
	monitor_subsys_t	*ms)
{
	free(ms->mss_dn.bv_val);
	BER_BVZERO(&ms->mss_dn);

	free(ms->mss_ndn.bv_val);
	BER_BVZERO(&ms->mss_ndn);

	return LDAP_SUCCESS;
}

/*
 * Connection monitoring subsystem:
 * Tries to mimick what the cn=connections,cn=monitor subsystem does
 * by creating volatile entries for each connection and populating them
 * according to the information attached to the connection.
 * At this moment the only exposed information is the DN used to bind it.
 * Also note that the connection IDs are not and probably never will be
 * stable.
 */

struct ldap_back_monitor_conn_arg {
	monitor_subsys_t *ms;
	Entry **ep;
};

static int
ldap_back_monitor_conn_entry(
	ldapconn_t *lc,
	struct ldap_back_monitor_conn_arg *arg )
{
	Entry *e;
	monitor_entry_t		*mp;
	char buf[SLAP_TEXT_BUFLEN];
	struct berval bv, dn, ndn;

	e = entry_alloc();

	bv.bv_val = buf;
	bv.bv_len = snprintf( bv.bv_val, SLAP_TEXT_BUFLEN,
		"cn=Connection %lu", lc->lc_connid );

	build_new_dn( &dn, &arg->ms->mss_dn, &bv, NULL );
	build_new_dn( &ndn, &arg->ms->mss_ndn, &bv, NULL );

	e->e_name = dn;
	e->e_nname = ndn;

	bv.bv_val += 3;
	bv.bv_len -= 3;
	attr_merge_normalize_one( e, slap_schema.si_ad_cn, &bv, NULL );

	BER_BVSTR( &bv, "monitorContainer" );
	attr_merge_normalize_one( e, slap_schema.si_ad_objectClass, &bv, NULL );

	attr_merge_normalize_one( e, ad_olmDbBoundDN, &lc->lc_bound_ndn, NULL );

	mp = monitor_entrypriv_create();
	e->e_private = mp;
	mp->mp_info = arg->ms;
	mp->mp_flags = MONITOR_F_SUB | MONITOR_F_VOLATILE;

	*arg->ep = e;
	arg->ep = &mp->mp_next;

	return 0;
}

static int
ldap_back_monitor_conn_create(
	Operation	*op,
	SlapReply	*rs,
	struct berval	*ndn,
	Entry 		*e_parent,
	Entry		**ep )
{
	monitor_entry_t		*mp_parent;
	monitor_subsys_t	*ms;
	ldapinfo_t		*li;
	ldapconn_t		*lc;

	struct ldap_back_monitor_conn_arg *arg;
	int conn_type;

	assert( e_parent->e_private != NULL );

	mp_parent = e_parent->e_private;
	ms = (monitor_subsys_t *)mp_parent->mp_info;
	li = (ldapinfo_t *)ms->mss_private;

	arg = ch_calloc( 1, sizeof(struct ldap_back_monitor_conn_arg) );
	arg->ep = ep;
	arg->ms = ms;

	for ( conn_type = LDAP_BACK_PCONN_FIRST;
		conn_type < LDAP_BACK_PCONN_LAST;
		conn_type++ )
	{
		LDAP_TAILQ_FOREACH( lc,
			&li->li_conn_priv[ conn_type ].lic_priv,
			lc_q )
		{
			ldap_back_monitor_conn_entry( lc, arg );
		}
	}

	avl_apply( li->li_conninfo.lai_tree, ldap_back_monitor_conn_entry,
		arg, -1, AVL_INORDER );

	ch_free( arg );

	return 0;
}

static int
ldap_back_monitor_conn_init(
	BackendDB		*be,
	monitor_subsys_t	*ms )
{
	ldapinfo_t	*li = (ldapinfo_t *) ms->mss_private;
	monitor_info_t	*mi;
	monitor_extra_t	*mbe;

	Entry		*e;
	int		rc;

	assert( be != NULL );
	mi = (monitor_info_t *) be->be_private;
	mbe = (monitor_extra_t *) be->bd_info->bi_extra;

	ms->mss_dn = ms->mss_ndn = li->li_monitor_info.lmi_ndn;
	ms->mss_rdn = li->li_monitor_info.lmi_conn_rdn;
	ms->mss_create = ldap_back_monitor_conn_create;
	ms->mss_destroy = ldap_back_monitor_subsystem_destroy;

	e = monitor_entry_stub( &ms->mss_dn, &ms->mss_ndn,
		&ms->mss_rdn,
		mi->mi_oc_monitorContainer, mi, NULL, NULL );
	if ( e == NULL ) {
		Debug( LDAP_DEBUG_ANY,
			"ldap_back_monitor_conn_init: "
			"unable to create entry \"%s,%s\"\n",
			li->li_monitor_info.lmi_conn_rdn.bv_val,
			ms->mss_ndn.bv_val, 0 );
		return( -1 );
	}

	ber_dupbv( &ms->mss_dn, &e->e_name );
	ber_dupbv( &ms->mss_ndn, &e->e_nname );

	rc = mbe->register_entry( e, NULL, ms, MONITOR_F_VOLATILE_CH );

	/* add labeledURI and special, modifiable URI value */
	if ( rc == LDAP_SUCCESS && li->li_uri != NULL ) {
		struct berval		bv;
		Attribute		*a;
		LDAPURLDesc		*ludlist = NULL;
		monitor_callback_t	*cb = NULL;

		a = attr_alloc( ad_olmDbURIList );

		ber_str2bv( li->li_uri, 0, 0, &bv );
		attr_valadd( a, &bv, NULL, 1 );
		attr_normalize( a->a_desc, a->a_vals, &a->a_nvals, NULL );

		rc = ldap_url_parselist_ext( &ludlist,
			li->li_uri, NULL,
			LDAP_PVT_URL_PARSE_NOEMPTY_HOST
				| LDAP_PVT_URL_PARSE_DEF_PORT );
		if ( rc != LDAP_URL_SUCCESS ) {
			Debug( LDAP_DEBUG_ANY,
				"ldap_back_monitor_db_open: "
				"unable to parse URI list (ignored)\n",
				0, 0, 0 );
		} else {
			Attribute *a2 = attr_alloc( slap_schema.si_ad_labeledURI );

			a->a_next = a2;

			for ( ; ludlist != NULL; ) {
				LDAPURLDesc	*next = ludlist->lud_next;

				bv.bv_val = ldap_url_desc2str( ludlist );
				assert( bv.bv_val != NULL );
				ldap_free_urldesc( ludlist );
				bv.bv_len = strlen( bv.bv_val );
				attr_valadd( a2, &bv, NULL, 1 );
				ch_free( bv.bv_val );

				ludlist = next;
			}

			attr_normalize( a2->a_desc, a2->a_vals, &a2->a_nvals, NULL );
		}

		cb = ch_calloc( sizeof( monitor_callback_t ), 1 );
		cb->mc_update = ldap_back_monitor_update;
		cb->mc_modify = ldap_back_monitor_modify;
		cb->mc_free = ldap_back_monitor_free;
		cb->mc_private = (void *)li;

		rc = mbe->register_entry_attrs( &ms->mss_ndn, a, cb, NULL, 0, NULL );

		attr_free( a->a_next );
		attr_free( a );

		if ( rc != LDAP_SUCCESS )
		{
			ch_free( cb );
		}
	}

	entry_free( e );

	return rc;
}

/*
 * Operation monitoring subsystem:
 * Looks a lot like the cn=operations,cn=monitor subsystem except that at this
 * moment, only completed operations are counted. Each entry has a separate
 * callback with all the needed information linked there in the structure
 * below so that the callback need not locate it over and over again.
 */

struct ldap_back_monitor_op_counter {
	ldap_pvt_mp_t		*data;
	ldap_pvt_thread_mutex_t	*mutex;
};

static void
ldap_back_monitor_ops_dispose(
	void	**priv)
{
	struct ldap_back_monitor_op_counter *counter = *priv;

	ch_free( counter );
	counter = NULL;
}

static int
ldap_back_monitor_ops_free(
	Entry *e,
	void **priv)
{
	ldap_back_monitor_ops_dispose( priv );
	return LDAP_SUCCESS;
}

static int
ldap_back_monitor_ops_update(
	Operation	*op,
	SlapReply	*rs,
	Entry		*e,
	void		*priv )
{
	struct ldap_back_monitor_op_counter *counter = priv;
	Attribute *a;

	/*TODO
	 * what about initiated/completed?
	 */
	a = attr_find( e->e_attrs, ad_olmDbOperations );
	assert( a != NULL );

	ldap_pvt_thread_mutex_lock( counter->mutex );
	UI2BV( &a->a_vals[ 0 ], *counter->data );
	ldap_pvt_thread_mutex_unlock( counter->mutex );

	return SLAP_CB_CONTINUE;
}

static int
ldap_back_monitor_ops_init(
	BackendDB		*be,
	monitor_subsys_t	*ms )
{
	ldapinfo_t	*li = (ldapinfo_t *) ms->mss_private;

	monitor_info_t	*mi;
	monitor_extra_t	*mbe;
	Entry		*e, *parent;
	int		rc;
	slap_op_t	op;
	struct berval	value = BER_BVC( "0" );

	assert( be != NULL );

	mi = (monitor_info_t *) be->be_private;
	mbe = (monitor_extra_t *) be->bd_info->bi_extra;

	ms->mss_dn = ms->mss_ndn = li->li_monitor_info.lmi_ndn;
	ms->mss_rdn = li->li_monitor_info.lmi_ops_rdn;
	ms->mss_destroy = ldap_back_monitor_subsystem_destroy;

	parent = monitor_entry_stub( &ms->mss_dn, &ms->mss_ndn,
		&ms->mss_rdn,
		mi->mi_oc_monitorContainer, mi, NULL, NULL );
	if ( parent == NULL ) {
		Debug( LDAP_DEBUG_ANY,
			"ldap_back_monitor_ops_init: "
			"unable to create entry \"%s,%s\"\n",
			li->li_monitor_info.lmi_ops_rdn.bv_val,
			ms->mss_ndn.bv_val, 0 );
		return( -1 );
	}

	ber_dupbv( &ms->mss_dn, &parent->e_name );
	ber_dupbv( &ms->mss_ndn, &parent->e_nname );

	rc = mbe->register_entry( parent, NULL, ms, MONITOR_F_PERSISTENT_CH );
	if ( rc != LDAP_SUCCESS )
	{
		Debug( LDAP_DEBUG_ANY,
			"ldap_back_monitor_ops_init: "
			"unable to register entry \"%s\" for monitoring\n",
			parent->e_name.bv_val, 0, 0 );
		goto done;
	}

	for ( op = 0; op < SLAP_OP_LAST; op++ )
	{
		monitor_callback_t *cb;
		struct ldap_back_monitor_op_counter *counter;

		e = monitor_entry_stub( &parent->e_name, &parent->e_nname,
			&ldap_back_monitor_op[op].rdn,
			mi->mi_oc_monitorCounterObject, mi, NULL, NULL );
		if ( e == NULL ) {
			Debug( LDAP_DEBUG_ANY,
				"ldap_back_monitor_ops_init: "
				"unable to create entry \"%s,%s\"\n",
				ldap_back_monitor_op[op].rdn.bv_val,
				parent->e_nname.bv_val, 0 );
			return( -1 );
		}

		attr_merge_normalize_one( e, ad_olmDbOperations, &value, NULL );

		counter = ch_malloc( sizeof( struct ldap_back_monitor_op_counter ) );
		counter->data = &li->li_ops_completed[ op ];
		counter->mutex = &li->li_counter_mutex;

		/*
		 * We cannot share a single callback between entries.
		 *
		 * monitor_cache_destroy() tries to free all callbacks and it's called
		 * before mss_destroy() so we have no chance of handling it ourselves
		 */
		cb = ch_calloc( sizeof( monitor_callback_t ), 1 );
		cb->mc_update = ldap_back_monitor_ops_update;
		cb->mc_free = ldap_back_monitor_ops_free;
		cb->mc_dispose = ldap_back_monitor_ops_dispose;
		cb->mc_private = (void *)counter;

		rc = mbe->register_entry( e, cb, ms, 0 );

		/* TODO: register_entry has stored a duplicate so we might actually reuse it
		 * instead of recreating it every time... */
		entry_free( e );

		if ( rc != LDAP_SUCCESS )
		{
			Debug( LDAP_DEBUG_ANY,
				"ldap_back_monitor_ops_init: "
				"unable to register entry \"%s\" for monitoring\n",
				e->e_name.bv_val, 0, 0 );
			ch_free( cb );
			break;
		}
	}

done:
	entry_free( parent );

	return rc;
}

/*
 * call from within ldap_back_initialize()
 */
static int
ldap_back_monitor_initialize( void )
{
	int		i, code;
	ConfigArgs c;
	char	*argv[ 3 ];

	static int	ldap_back_monitor_initialized = 0;

	/* set to 0 when successfully initialized; otherwise, remember failure */
	static int	ldap_back_monitor_initialized_failure = 1;

	/* register schema here; if compiled as dynamic object,
	 * must be loaded __after__ back_monitor.la */

	if ( ldap_back_monitor_initialized++ ) {
		return ldap_back_monitor_initialized_failure;
	}

	if ( backend_info( "monitor" ) == NULL ) {
		return -1;
	}

	argv[ 0 ] = "back-ldap monitor";
	c.argv = argv;
	c.argc = 3;
	c.fname = argv[0];
	for ( i = 0; s_oid[ i ].name; i++ ) {
	
		argv[ 1 ] = s_oid[ i ].name;
		argv[ 2 ] = s_oid[ i ].oid;

		if ( parse_oidm( &c, 0, NULL ) != 0 ) {
			Debug( LDAP_DEBUG_ANY,
				"ldap_back_monitor_initialize: unable to add "
				"objectIdentifier \"%s=%s\"\n",
				s_oid[ i ].name, s_oid[ i ].oid, 0 );
			return 2;
		}
	}

	for ( i = 0; s_at[ i ].desc != NULL; i++ ) {
		code = register_at( s_at[ i ].desc, s_at[ i ].ad, 1 );
		if ( code != LDAP_SUCCESS ) {
			Debug( LDAP_DEBUG_ANY,
				"ldap_back_monitor_initialize: register_at failed for attributeType (%s)\n",
				s_at[ i ].desc, 0, 0 );
			return 3;

		} else {
			(*s_at[ i ].ad)->ad_type->sat_flags |= SLAP_AT_HIDE;
		}
	}

	for ( i = 0; s_oc[ i ].desc != NULL; i++ ) {
		code = register_oc( s_oc[ i ].desc, s_oc[ i ].oc, 1 );
		if ( code != LDAP_SUCCESS ) {
			Debug( LDAP_DEBUG_ANY,
				"ldap_back_monitor_initialize: register_oc failed for objectClass (%s)\n",
				s_oc[ i ].desc, 0, 0 );
			return 4;

		} else {
			(*s_oc[ i ].oc)->soc_flags |= SLAP_OC_HIDE;
		}
	}

	return ( ldap_back_monitor_initialized_failure = LDAP_SUCCESS );
}

/*
 * call from within ldap_back_db_init()
 */
int
ldap_back_monitor_db_init( BackendDB *be )
{
	int	rc;

	rc = ldap_back_monitor_initialize();
	if ( rc != LDAP_SUCCESS ) {
		return rc;
	}

#if 0	/* uncomment to turn monitoring on by default */
	SLAP_DBFLAGS( be ) |= SLAP_DBFLAG_MONITORING;
#endif

	return 0;
}

/*
 * call from within ldap_back_db_open()
 */
int
ldap_back_monitor_db_open( BackendDB *be )
{
	ldapinfo_t		*li = (ldapinfo_t *) be->be_private;
	monitor_subsys_t	*mss = li->li_monitor_info.lmi_mss;
	int			rc = 0;
	BackendInfo		*mi;
	monitor_extra_t		*mbe;

	if ( !SLAP_DBMONITORING( be ) ) {
		return 0;
	}

	/* check if monitor is configured and usable */
	mi = backend_info( "monitor" );
	if ( !mi || !mi->bi_extra ) {
		SLAP_DBFLAGS( be ) ^= SLAP_DBFLAG_MONITORING;
		return 0;
 	}
 	mbe = mi->bi_extra;

	/* don't bother if monitor is not configured */
	if ( !mbe->is_configured() ) {
		static int warning = 0;

		if ( warning++ == 0 ) {
			Debug( LDAP_DEBUG_ANY, "ldap_back_monitor_db_open: "
				"monitoring disabled; "
				"configure monitor database to enable\n",
				0, 0, 0 );
		}

		return 0;
	}

	/* caller (e.g. an overlay based on back-ldap) may want to use
	 * a different DN and RDNs... */
	if ( BER_BVISNULL( &li->li_monitor_info.lmi_ndn ) ) {
		rc = mbe->register_database( be, &li->li_monitor_info.lmi_ndn );
		if ( rc != 0 ) {
			Debug( LDAP_DEBUG_ANY, "ldap_back_monitor_db_open: "
				"failed to register the databse with back-monitor\n",
				0, 0, 0 );
		}
	}
	if ( BER_BVISNULL( &li->li_monitor_info.lmi_conn_rdn ) ) {
		ber_str2bv( "cn=Connections", 0, 1,
			&li->li_monitor_info.lmi_conn_rdn );
	}
	if ( BER_BVISNULL( &li->li_monitor_info.lmi_ops_rdn ) ) {
		ber_str2bv( "cn=Operations", 0, 1,
			&li->li_monitor_info.lmi_ops_rdn );
	}

	/* set up the subsystems used to create the operation and
	 * volatile connection entries */

	mss->mss_name = "back-ldap connections";
	mss->mss_flags = MONITOR_F_VOLATILE_CH;
	mss->mss_open = ldap_back_monitor_conn_init;
	mss->mss_private = li;

	if ( mbe->register_subsys( mss ) )
	{
		Debug( LDAP_DEBUG_ANY,
			"ldap_back_monitor_db_open: "
			"failed to register connection subsystem", 0, 0, 0 );
		return -1;
	}

	mss++;

	mss->mss_name = "back-ldap operations";
	mss->mss_flags = MONITOR_F_PERSISTENT_CH;
	mss->mss_open = ldap_back_monitor_ops_init;
	mss->mss_private = li;

	if ( mbe->register_subsys( mss ) )
	{
		Debug( LDAP_DEBUG_ANY,
			"ldap_back_monitor_db_open: "
			"failed to register operation subsystem", 0, 0, 0 );
		return -1;
	}

	return rc;
}

/*
 * call from within ldap_back_db_close()
 */
int
ldap_back_monitor_db_close( BackendDB *be )
{
	ldapinfo_t		*li = (ldapinfo_t *) be->be_private;

	if ( li && !BER_BVISNULL( &li->li_monitor_info.lmi_ndn ) ) {
		BackendInfo		*mi;
		monitor_extra_t		*mbe;

		/* check if monitor is configured and usable */
		mi = backend_info( "monitor" );
		if ( mi && mi->bi_extra ) {
 			mbe = mi->bi_extra;

			/*TODO
			 * Unregister all entries our subsystems have created.
			 * Will only really be necessary when
			 * SLAPD_CONFIG_DELETE is enabled.
			 *
			 * Might need a way to unregister subsystems instead.
			 */
		}
	}

	return 0;
}

/*
 * call from within ldap_back_db_destroy()
 */
int
ldap_back_monitor_db_destroy( BackendDB *be )
{
	ldapinfo_t		*li = (ldapinfo_t *) be->be_private;

	if ( li ) {
		memset( &li->li_monitor_info, 0, sizeof( li->li_monitor_info ) );
	}

	return 0;
}