openldap/doc/man/man5/slapd-monitor.5
Quanah Gibson-Mount 1df85d3427 Happy New Year!
2017-01-03 12:36:47 -08:00

127 lines
3.0 KiB
Groff

.TH SLAPD-MONITOR 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 1998-2017 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
slapd\-monitor \- Monitor backend to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.SH DESCRIPTION
The
.B monitor
backend to
.BR slapd (8)
is not an actual database; if enabled, it is automatically generated
and dynamically maintained by
.B slapd
with information about the running status of the daemon.
.LP
To inspect all monitor information, issue a subtree search with base
cn=Monitor, requesting that attributes "+" and "*" are returned.
The monitor backend produces mostly operational attributes, and LDAP
only returns operational attributes that are explicitly requested.
Requesting attribute "+" is an extension which requests all operational
attributes.
.SH CONFIGURATION
These
.B slapd.conf
options apply to the
.B monitor
backend database.
That is, they must follow a "database monitor" line and come before any
subsequent "backend" or "database" lines.
.LP
As opposed to most databases, the
.B monitor
database can be instantiated only once, i.e. only one occurrence
of "database monitor" can occur in the
.BR slapd.conf (5)
file.
Moreover, the suffix of the database cannot be explicitly set by means
of the
.B suffix
directive.
The suffix is automatically set
to "\fIcn=Monitor\fP".
.LP
The
.B monitor
database honors the
.B rootdn
and the
.B rootpw
directives, and the usual ACL directives, e.g. the
.B access
directive.
.\".LP
.\"The following directives can be used:
.\".TP
.\".BI l \ <locality>
.\"The additional argument \fI<locality>\fP,
.\"a string, is added to the "\fIcn=Monitor\fP" entry as value of the
.\".B l
.\"attribute (Note: this may be subjected to changes).
.LP
Other database options are described in the
.BR slapd.conf (5)
manual page.
.SH USAGE
The usage is:
.TP
1) enable the \fBmonitor\fP backend at configure:
.LP
.RS
.nf
configure \-\-enable\-monitor
.fi
.RE
.TP
2) activate the \fBmonitor\fP database in the \fBslapd.conf\fP(5) file:
.LP
.RS
.nf
database monitor
.fi
.RE
.TP
3) add ACLs as detailed in \fBslapd.access\fP(5) to control access to the database, e.g.:
.LP
.RS
.nf
access to dn.subtree="cn=Monitor"
by dn.exact="uid=Admin,dc=my,dc=org" write
by users read
by * none
.fi
.RE
.TP
4) ensure that the \fBcore.schema\fP file is loaded.
The
.B monitor
backend relies on some standard track attributeTypes
that must be already defined when the backend is started.
.SH ACCESS CONTROL
The
.B monitor
backend honors access control semantics as indicated in
.BR slapd.access (5),
including the
.B disclose
access privilege, on all currently implemented operations.
.SH KNOWN LIMITATIONS
The
.B monitor
backend does not honor size/time limits in search operations.
.SH FILES
.TP
.B ETCDIR/slapd.conf
default slapd configuration file
.SH SEE ALSO
.BR slapd.conf (5),
.BR slapd\-config (5),
.BR slapd.access (5),
.BR slapd (8),
.BR ldap (3).
.SH ACKNOWLEDGEMENTS
.so ../Project