Chapter 4. cn=monitor

download PDF

Information used to monitor the server is stored under cn=monitor. This entry and its children are read-only; clients cannot directly modify them. The server updates this information automatically. This section describes the cn=monitor attributes. The only attribute that can be changed by a user to set access control is the aci attribute.

If the nsslapd-counters attribute in cn=config is set to on (the default setting), then all of the counters kept by Directory Server instance increment using 64-bit integers, even on 32-bit machines or with a 32-bit version of Directory Server. For the cn=monitor entry, the 64-bit integers are used with the opsinitiated, opscompleted, entriessent, and bytessent counters.


The nsslapd-counters attribute enables 64-bit support for these specific database and server counters. The counters which use 64-bit integers are not configurable; the 64-bit integers are either enabled for all the allowed counters or disabled for all allowed counters.

4.1. backendMonitorDN

This attribute shows the DN for each Directory Server database backend. For further information on monitoring the database, see the following sections:

4.2. bytesSent

This attribute shows the number of bytes sent by Directory Server.

4.3. connection

This attribute lists open connections and associated status and performance related information and values. These are given in the following format:

connection: pass:quotes[A:YYYYMMDDhhmmssZ:B:C:D:E:F:G:H:I:IP_address]

For example:

connection: pass:quotes[69:20200604081953Z:6086:6086:-:cn=proxy,ou=special_users,dc=example,dc=test:0:11:27:7448846:ip=]
  • A is the connection number, which is the number of the slot in the connection table associated with this connection. This is the number logged as slot=A in the access log message when this connection was opened, and usually corresponds to the file descriptor associated with the connection. The attribute dTableSize shows the total size of the connection table.
  • YYYYMMDDhhmmssZ is the date and time, in GeneralizedTime form, at which the connection was opened. This value gives the time in relation to Greenwich Mean Time.
  • B is the number of operations received on this connection.
  • C is the number of completed operations.
  • D is r if the server is in the process of reading BER from the network, empty otherwise. This value is usually empty (as in the example).
  • E this is the bind DN. This may be empty or have value of NULLDN for anonymous connections.
  • F is the connection maximum threads state: 1 is in max threads, 0 is not.
  • G is the number of times this thread has hit the maximum threads value.
  • H is the number of operations attempted that were blocked by the maximum number of threads.
  • I is the connection ID as reported in the logs as conn=connection_ID.
  • IP_address is the IP address of the LDAP client.

B and C for the initiated and completed operations should ideally be equal.

4.4. currentConnections

This attribute shows the number of currently open and active Directory Server connections

4.5. currentTime

This attribute shows the current time, given in Greenwich Mean Time (indicated by generalizedTime syntax Z notation; for example, 20220202131102Z).

4.6. dTableSize

The dTableSize attribute shows the size of Directory Server connection table. Each connection is associated with a slot in this table and usually corresponds to the file descriptor used by this connection. For more information, see nsslapd-maxdescriptors and nsslapd-reservedescriptors.

4.7. entriesSent

This attribute shows the number of entries sent by Directory Server.

4.8. nbackEnds

This attribute shows the number of Directory Server database back ends.

4.9. opsInitiated

This attribute shows the number of Directory Server operations completed.

4.10. readWaiters

This attribute shows the number of connections where some requests are pending and not currently being serviced by a thread in Directory Server.

4.11. startTime

This attribute shows Directory Server start time given in Greenwich Mean Time, indicated by generalizedTime syntax Z notation. For example, 20220202131102Z.

4.12. threads

This attribute shows the number of threads used by Directory Server. This should correspond to nsslapd-threadnumber in cn=config.

4.13. totalConnections

This attribute shows the total number of Directory Server connections. This number includes connections that have been opened and closed since the server was last started in addition to the currentConnections.

4.14. version

This attribute shows Directory Server vendor, version, and build number. For example, 389-Directory/2.0.14 B2022.082.0000.

Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.