Directory Services 7.4.3

SNMP-based monitoring

The interface stability of this legacy feature is Deprecated.

DS servers support SNMP, including the Management Information Base described in RFC 2605: Directory Server Monitoring MIB.

SNMP is not enabled by default. SNMP-based monitoring depends on an OpenDMK library. The OpenDMK binary bundle containing this library ships with DS servers as snmp/opendmk.jar. Installation requires that you accept the OpenDMK Binary License. OpenDMK installation is a separate step that you must perform before you can use SNMP.

  1. Run the OpenDMK installer and accept the license, use the self-extracting .jar:

    $ java -jar /path/to/opendj/snmp/opendmk.jar

  2. Install OpenDMK, and then copy the libraries to the opendj/extlib directory. For example, if you install OpenDMK in the /path/to directory, copy the libraries from the /path/to/OpenDMK-bin/lib directory:

    $ cp /path/to/OpenDMK-bin/lib/* /path/to/opendj/extlib/

  3. Set up an SNMP connection handler:

    $ dsconfig \
 set-connection-handler-prop \
 --handler-name SNMP \
 --set enabled:true \
 --hostname localhost \
 --port 4444 \
 --bindDN uid=admin \
 --bindPassword password \
 --usePkcs12TrustStore /path/to/opendj/config/keystore \
 --trustStorePassword:file /path/to/opendj/config/keystore.pin \
 --no-prompt

  4. If the server does not have access to the default ports, change them.

    By default, the SNMP connection handler listens on port 161, and uses port 162 for traps. On Linux systems, only root can normally open these ports. The following command installs as a normal user, changing the listen and trap ports:

    $ dsconfig \
 set-connection-handler-prop \
 --handler-name SNMP \
 --set listen-port:11161 \
 --set trap-port:11162 \
 --hostname localhost \
 --port 4444 \
 --bindDN uid=admin \
 --bindPassword password \
 --usePkcs12TrustStore /path/to/opendj/config/keystore \
 --trustStorePassword:file /path/to/opendj/config/keystore.pin \
 --no-prompt

  5. Restart the SNMP connection handler to take the changes into account:

    $ dsconfig \
 set-connection-handler-prop \
 --handler-name SNMP \
 --set enabled:false \
 --hostname localhost \
 --port 4444 \
 --bindDN uid=admin \
 --bindPassword password \
 --usePkcs12TrustStore /path/to/opendj/config/keystore \
 --trustStorePassword:file /path/to/opendj/config/keystore.pin \
 --no-prompt

$ dsconfig \
 set-connection-handler-prop \
 --handler-name SNMP \
 --set enabled:true \
 --hostname localhost \
 --port 4444 \
 --bindDN uid=admin \
 --bindPassword password \
 --usePkcs12TrustStore /path/to/opendj/config/keystore \
 --trustStorePassword:file /path/to/opendj/config/keystore.pin \
 --no-prompt

  6. Check that connection handler works as expected.

    The following command reads the response on the SNMP listen port:

    $ snmpwalk -v 2c -c OpenDJ@OpenDJ localhost:11161

iso.3.6.1.2.1.66.1.1.1.1 = STRING: "ForgeRock Directory Services version"
iso.3.6.1.2.1.66.1.1.2.1 = STRING: "/path/to/opendj" ...