Because all server instances provide information for a common set of management information bases (MIBs), each server instance provides its information under a unique SNMPv3 context name equal to the server instance name.
The server instance name is defined in the Global Configuration and is constructed from the host name and the server LDAP port by default. Information must be requested using SNMPv3, specifying the context name that pertains to the desired server instance.
Directory Server supports SNMPv3, and only SNMPv3 can access the MIBs. For systems that implement SNMP v1 and v2c, Net-SNMP provides a proxy function to route requests in one version of SNMP to an agent using a different SNMP version.
To enable Directory Server’s SNMP plugin, use the
The SNMPv3 context name is limited to 30 bytes maximum. Any context name longer than 30 characters returns an error message when you attempt to enable the plugin.
The default context server name is the server instance name and the LDAP port number, so take note of the length of the fully-qualified DNS host name.
- Specify the address and port of the SNMP primary agent.
- On each Directory Server instance, enable the SNMP subagent.
Enable the SNMP Subagent Alert Handler so that the sub-agent sends traps for
administrative alerts generated by the server.
$ bin/dsconfig set-alert-handler-prop \ --handler-name "SNMP Subagent Alert Handler" --set enabled:true
View the error log.
A message displays that the primary agent is not connected because it is not yet online.
The SNMP sub-agent was unable to connect to the master agent at localhost/705: Timeout
Edit the SNMP agent snmpd.conf configuration file and add the
directive to run the agent as an AgentX primary agent.
The file is often located in /etc/snmp/snmpd.conf.
master agentx agentXSocket tcp:localhost:705Note:
Using localhost means that only sub-agents running on the same host can connect to the primary agent. This is necessary because there are no security mechanisms in the AgentX protocol.
Add the trap directive to send SNMPv2 traps to localhost with
the community name, public (or whatever SNMP community has been configured for your
environment) and the port.
trap2sink localhost public 162
To create a SNMPv3 user, add the following lines to the
rwuser initial createUser initial MD5 setup_passphrase DES
To create the SNMPv3 user, run snmpusm.
snmpusm -v3 -u initial -n "" -l authNoPriv -a MD5 -A setup_passphrase \ localhost create snmpuser initial
Start the snmpd daemon.
A message displays in the Directory Server error log.
The SNMP subagent connected successfully to the master agent at localhost:705. The SNMP context name is host.example.com:389
To see the alerts that are generated by Directory Server, set up a
- Create a config file in /tmp/snmptrapd.conf.
authcommunity log, execute publicdirective to the file.Note:
The directive specifies that the trap client can process traps using the public community string and can log and trigger executable actions.
Install the MIB definitions for the Net-SNMP client tools in the
$ cp resource/mib/* /usr/share/snmp/mibs
To run the trap client, run the snmptrapd command.
This example specifies that the command should not create a new process using fork() from the calling shell (-f), should not read any configuration files (-C) except the one specified with the -c option, should print to standard output (-Lo), and then specifies that debugging output should be turned on for the User-based Security Module (-Dusm). The path after the
-Moption is a directory that contains the MIBs shipped with our product ( server-root/resource/mib).
$ snmptrapd -f -C -c /tmp/snmptrapd.conf -Lf /root/trap.log -Dusm \ -m all -M +/usr/share/snmp/mibs
To test the feature, run the Net-SNMP client tools.
You must use the following options:
- -v <SNMP version>
- -u <user name>
- -l <security level>
- -n <context name (instance name)>
- -A <user password>
In this example, the -m alloption loads all MIBs in the default MIB directory in /usr/share/snmp/mibs so that MIB names can be used in place of numeric OIDs.
$ snmpget -v 3 -u snmpuser -A password -l authNoPriv -n host.example.com:389 \ -m all localhost localDBBackendCount.0 $ snmpwalk -v 3 -u snmpuser -A password -l authNoPriv -n host.example.com:389 \ -m all localhost systemStatus