PingDirectory

Configuring the JMX connection handler and alert handler

You can configure the Java Management Extensions (JMX) connection handler and the alert handler using the dsconfig tool.

To allow users to receive JMX notifications, enable the jmx-read and jmx-notify privileges. By default, these privileges aren’t granted to any users, including root users or global administrators.

For security reasons, you should create a separate user account that has only these privileges.

You can also configure the JMX connection handler and the alert handler using dsconfig in interactive command-line mode, which is visible in the Standard object menu.

Configuring the JMX connection handler

About this task

To enable the JMX connection handler:

Steps

  1. Run dsconfig.

    Example:

    $ bin/dsconfig set-connection-handler-prop \
      --handler-name "JMX Connection Handler" \
      --set enabled:true \
      --set listen-port:1689
  2. Add a new non-root user account with the jmx-read and jmx-notify privileges using the ldapmodify tool using an LDIF representation.

    Example:

    dn: cn=JMX User,cn=Root DNs,cn=config
    changetype: add
    objectClass: top
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetOrgPerson
    objectClass: ds-cfg-root-dn-user
    givenName: JMX
    sn: User
    cn: JMX User
    userPassword: password
    ds-cfg-inherit-default-root-privileges: false
    ds-cfg-alternate-bind-dn: cn=JMX User
    ds-privilege-name: jmx-read
    ds-privilege-name: jmx-notify

Configuring the JMX alert handler

About this task

To configure the Java Management Extensions (JMX) alert handler:

Steps

  • Run dsconfig.

    Example:

    $ bin/dsconfig set-alert-handler-prop --handler-name "JMX Alert Handler" \
      --set enabled:true