mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
127 lines
3.0 KiB
Groff
127 lines
3.0 KiB
Groff
.TH SLAPD-MONITOR 5 "RELEASEDATE" "OpenLDAP LDVERSION"
|
|
.\" Copyright 1998-2017 The OpenLDAP Foundation All Rights Reserved.
|
|
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
|
|
.\" $OpenLDAP$
|
|
.SH NAME
|
|
slapd\-monitor \- Monitor backend to slapd
|
|
.SH SYNOPSIS
|
|
ETCDIR/slapd.conf
|
|
.SH DESCRIPTION
|
|
The
|
|
.B monitor
|
|
backend to
|
|
.BR slapd (8)
|
|
is not an actual database; if enabled, it is automatically generated
|
|
and dynamically maintained by
|
|
.B slapd
|
|
with information about the running status of the daemon.
|
|
.LP
|
|
To inspect all monitor information, issue a subtree search with base
|
|
cn=Monitor, requesting that attributes "+" and "*" are returned.
|
|
The monitor backend produces mostly operational attributes, and LDAP
|
|
only returns operational attributes that are explicitly requested.
|
|
Requesting attribute "+" is an extension which requests all operational
|
|
attributes.
|
|
.SH CONFIGURATION
|
|
These
|
|
.B slapd.conf
|
|
options apply to the
|
|
.B monitor
|
|
backend database.
|
|
That is, they must follow a "database monitor" line and come before any
|
|
subsequent "backend" or "database" lines.
|
|
.LP
|
|
As opposed to most databases, the
|
|
.B monitor
|
|
database can be instantiated only once, i.e. only one occurrence
|
|
of "database monitor" can occur in the
|
|
.BR slapd.conf (5)
|
|
file.
|
|
Moreover, the suffix of the database cannot be explicitly set by means
|
|
of the
|
|
.B suffix
|
|
directive.
|
|
The suffix is automatically set
|
|
to "\fIcn=Monitor\fP".
|
|
.LP
|
|
The
|
|
.B monitor
|
|
database honors the
|
|
.B rootdn
|
|
and the
|
|
.B rootpw
|
|
directives, and the usual ACL directives, e.g. the
|
|
.B access
|
|
directive.
|
|
.\".LP
|
|
.\"The following directives can be used:
|
|
.\".TP
|
|
.\".BI l \ <locality>
|
|
.\"The additional argument \fI<locality>\fP,
|
|
.\"a string, is added to the "\fIcn=Monitor\fP" entry as value of the
|
|
.\".B l
|
|
.\"attribute (Note: this may be subjected to changes).
|
|
.LP
|
|
Other database options are described in the
|
|
.BR slapd.conf (5)
|
|
manual page.
|
|
.SH USAGE
|
|
The usage is:
|
|
.TP
|
|
1) enable the \fBmonitor\fP backend at configure:
|
|
.LP
|
|
.RS
|
|
.nf
|
|
configure \-\-enable\-monitor
|
|
.fi
|
|
.RE
|
|
.TP
|
|
2) activate the \fBmonitor\fP database in the \fBslapd.conf\fP(5) file:
|
|
.LP
|
|
.RS
|
|
.nf
|
|
database monitor
|
|
.fi
|
|
.RE
|
|
.TP
|
|
3) add ACLs as detailed in \fBslapd.access\fP(5) to control access to the database, e.g.:
|
|
.LP
|
|
.RS
|
|
.nf
|
|
access to dn.subtree="cn=Monitor"
|
|
by dn.exact="uid=Admin,dc=my,dc=org" write
|
|
by users read
|
|
by * none
|
|
.fi
|
|
.RE
|
|
.TP
|
|
4) ensure that the \fBcore.schema\fP file is loaded.
|
|
The
|
|
.B monitor
|
|
backend relies on some standard track attributeTypes
|
|
that must be already defined when the backend is started.
|
|
.SH ACCESS CONTROL
|
|
The
|
|
.B monitor
|
|
backend honors access control semantics as indicated in
|
|
.BR slapd.access (5),
|
|
including the
|
|
.B disclose
|
|
access privilege, on all currently implemented operations.
|
|
.SH KNOWN LIMITATIONS
|
|
The
|
|
.B monitor
|
|
backend does not honor size/time limits in search operations.
|
|
.SH FILES
|
|
.TP
|
|
.B ETCDIR/slapd.conf
|
|
default slapd configuration file
|
|
.SH SEE ALSO
|
|
.BR slapd.conf (5),
|
|
.BR slapd\-config (5),
|
|
.BR slapd.access (5),
|
|
.BR slapd (8),
|
|
.BR ldap (3).
|
|
.SH ACKNOWLEDGEMENTS
|
|
.so ../Project
|