Because all server instances provide information for a common set of MIBs, each server instance provides its information under a unique SNMPv3 context name, equal to the server instance name. The server instance name is defined in the Global Configuration, and is constructed from the host name and the server LDAP port by default. Consequently, information must be requested using SNMPv3, specifying the context name that pertains to the desired server instance. This context name is limited to 30 characters or less. Any context name longer than 30 characters will result in an error message. Since the default context name is limited to 30 characters or less, and defaults to the server instance name and the LDAP port number, pay special attention to the length of the fully-qualified (DNS) host name.
Note: The Directory Proxy Server supports SNMPv3, and only SNMPv3 can access the MIBs. For systems that implement SNMP v1 and v2c, Net-SNMP provides a proxy function to route requests in one version of SNMP to an agent using a different SNMP version.
  1. Enable the Directory Proxy Server’s SNMP plugin by using the dsconfig tool. Make sure to specify the address and port of the SNMP master agent. On each Directory Proxy Server instance, enable the SNMP subagent. Note that the SNMPv3 context name is limited to 30 bytes maximum. If the default dynamically-constructed instance name is greater than 30 bytes, there will be an error when attempting to enable the plugin. Enable the SNMP Subagent Alert Handler so that the sub-agent will send traps for administrative alerts generated by the server.
    $ bin/dsconfig set-alert-handler-prop \
      --handler-name "SNMP Subagent Alert Handler" --set enabled:true
  2. View the error log. You will see a message that the master agent is not connected, because it is not yet online.
    The SNMP sub-agent was unable to connect to the master 
    agent at localhost/705: Timeout
  3. Edit the SNMP agent configuration file, snmpd.conf, which is often located in /etc/snmp/snmpd.conf. Add the directive to run the agent as an AgentX master agent:
    master agentx agentXSocket tcp:localhost:705
    Note that the use of localhost means that only sub-agents running on the same host can connect to the master agent. This requirement is necessary since there are no security mechanisms in the AgentX protocol.
  4. Add the trap directive to send SNMPv2 traps to localhost with the community name, public (or whatever SNMP community has been configured for your environment) and the port.
    trap2sink localhost public 162
  5. To create a SNMPv3 user, add the following lines to the /etc/snmp/snmpd.conf file.
    rwuser initial  
    createUser initial MD5 setup_passphrase DES    
  6. Run the following command to create the SNMPv3 user.
    snmpusm -v3 -u initial -n "" -l authNoPriv -a MD5 -A setup_passphrase \
    localhost create snmpuser initial    
  7. Start the snmpd daemon and after a few seconds you should see the following message in the Directory Proxy Server error log:
    The SNMP subagent connected successfully to the master agent 
    at localhost:705. The SNMP context name is
  8. Set up a trap client to see the alerts that are generated by the Directory Proxy Server. Create a config file in /tmp/snmptrapd.conf and add the directive below to it. The directive specifies that the trap client can process traps using the public community string, and can log and trigger executable actions.
    authcommunity log, execute public
  9. Install the MIB definitions for the Net-SNMP client tools, usually located in the /usr/share/snmp/mibs directory.
    $ cp resource/mib/* /usr/share/snmp/mibs
  10. Then, run the trap client using the snmptrapd command. The following example specifies that the command should not create a new process using fork() from the calling shell (-f), do not read any configuration files (-C) except the one specified with the -c option, print to standard output (-Lo), and then specify that debugging output should be turned on for the User-based Security Module (-Dusm). The path after the -M option is a directory that contains the MIBs shipped with our product (i.e., server-root/resource/mib) .
    $ snmptrapd -f -C -c /tmp/snmptrapd.conf -Lf /root/trap.log -Dusm \
      -m all -M +/usr/share/snmp/mibs  
  11. Run the Net-SNMP client tools to test the feature. The following options are required: -v <SNMP version>, -u <user name>, -A <user password>, -l <security level>, -n <context name (instance name)> . The -m all option loads all MIBs in the default MIB directory in /usr/share/snmp/mibs so that MIB names can be used in place of numeric OIDs.
    $ snmpget -v 3 -u snmpuser -A password -l authNoPriv -n \ 
    -m all localhost localDBBackendCount.0
    $ snmpwalk -v 3 -u snmpuser -A password -l authNoPriv -n \ 
    -m all localhost systemStatus