slapd-monitor

slapd-monitor - Monitor backend to slapd

/etc/ldap/slapd.conf

The monitor backend to slapd(8) is not an actual database; if enabled, it is automatically generated and dynamically maintained by slapd with information about the running status of the daemon.

To inspect all monitor information, issue a subtree search with base cn=Monitor, requesting that attributes "+" and "*" are returned. The monitor backend produces mostly operational attributes, and LDAP only returns operational attributes that are explicitly requested. Requesting attribute "+" is an extension which requests all operational attributes.

These slapd.conf options apply to the monitor backend database. That is, they must follow a "database monitor" line and come before any subsequent "backend" or "database" lines.

As opposed to most databases, the monitor database can be instantiated only once, i.e. only one occurrence of "database monitor" can occur in the slapd.conf(5) file. Moreover, the suffix of the database cannot be explicitly set by means of the suffix directive. The suffix is automatically set to "cn=Monitor".

The monitor database honors the rootdn and the rootpw directives, and the usual ACL directives, e.g. the access directive.

Other database options are described in the slapd.conf(5) manual page.

The usage is:

1) enable the monitor backend at configure:

2) activate the monitor database in the slapd.conf(5) file:

3) add ACLs as detailed in slapd.access(5) to control access to the database, e.g.:

4) ensure that the core.schema file is loaded.

The monitor backend honors access control semantics as indicated in slapd.access(5), including the disclose access privilege, on all currently implemented operations.

The monitor backend does not honor size/time limits in search operations.

/etc/ldap/slapd.conf

slapd.conf(5), slapd.access(5), slapd(8), ldap(3).