DOKK / manpages / debian 12 / slapd / slapd-monitor.5.en
SLAPD-MONITOR(5) File Formats Manual SLAPD-MONITOR(5)

slapd-monitor - Monitor backend to slapd

/etc/ldap/slapd.conf

The monitor backend to slapd(8) is not an actual database; if enabled, it is automatically generated and dynamically maintained by slapd with information about the running status of the daemon.

To inspect all monitor information, issue a subtree search with base cn=Monitor, requesting that attributes "+" and "*" are returned. The monitor backend produces mostly operational attributes, and LDAP only returns operational attributes that are explicitly requested. Requesting attribute "+" is an extension which requests all operational attributes.

These slapd.conf options apply to the monitor backend database. That is, they must follow a "database monitor" line and come before any subsequent "backend" or "database" lines.

As opposed to most databases, the monitor database can be instantiated only once, i.e. only one occurrence of "database monitor" can occur in the slapd.conf(5) file. Moreover, the suffix of the database cannot be explicitly set by means of the suffix directive. The suffix is automatically set to "cn=Monitor".

The monitor database honors the rootdn and the rootpw directives, and the usual ACL directives, e.g. the access directive.

Other database options are described in the slapd.conf(5) manual page.

The usage is:

1) enable the monitor backend at configure:

configure --enable-monitor
2) activate the monitor database in the slapd.conf(5) file:

database monitor
3) add ACLs as detailed in slapd.access(5) to control access to the database, e.g.:

access to dn.subtree="cn=Monitor"
	by dn.exact="uid=Admin,dc=my,dc=org" write
	by users read
	by * none
4) ensure that the core.schema file is loaded.
The monitor backend relies on some standard track attributeTypes that must be already defined when the backend is started.

The monitor backend honors access control semantics as indicated in slapd.access(5), including the disclose access privilege, on all currently implemented operations.

The monitor backend does not honor size/time limits in search operations.

/etc/ldap/slapd.conf
default slapd configuration file

slapd.conf(5), slapd-config(5), slapd.access(5), slapd(8), ldap(3).

OpenLDAP Software is developed and maintained by The OpenLDAP Project <http://www.openldap.org/>. OpenLDAP Software is derived from the University of Michigan LDAP 3.3 Release.

2022/07/14 OpenLDAP 2.5.13+dfsg-5