Previous     Contents     Index     DocHome     Next     
iPlanet Directory Server Administrator's Guide



Chapter 13   Monitoring Directory Server Using SNMP


The server and database activity monitoring log setup described in Chapter 12 "Monitoring Server and Database Activity" is specific to iPlanet Directory Server. You can also monitor your Directory Server using the Simple Network Management Protocol (SNMP) which is a management protocol used for monitoring network activity which can be used to monitor a wide range of devices in real time.

SNMP has become interoperable on account of its widespread popularity. It is this interoperability combined with the fact that SNMP can take on numerous jobs specific to a whole range of different device classes, that make SNMP the ideal standard mechanism for global network control and monitoring. SNMP allows network administrators to unify all network monitoring activities, with Directory Server monitoring just part of the broader picture.

This chapter contains the following topics:



About SNMP

SNMP is a protocol used to exchange data about network activity. With SNMP, data travels between a managed device and a network management station (NMS) where users remotely manage the network. A managed device is anything that runs SNMP, such as hosts, routers, and your Directory Server. An NMS is usually a powerful workstation with one or more network management applications installed. A network management application graphically shows information about managed devices (which device is up or down, which and how many error messages were received, and so on).

Information is transferred between the NMS and the managed device through the use of two types of agents: the subagent and the master agent. The subagent gathers information about the managed device and passes the information to the master agent. iPlanet Directory Server has a subagent. The master agent exchanges information between the various subagents and the NMS. The master agent runs on the same host machine as the subagents it talks to.

You can have multiple subagents installed on a host machine. For example, if you have Directory Server, Enterprise Server, and Messaging Server all installed on the same host, the subagents for each of these servers communicates with the same master agent. In the Windows NT environment, the master agent is the SNMP service provided by the Windows NT operating system. In the UNIX environment, the master agent is installed with the iPlanet Administration Server.

Values for SNMP attributes, otherwise known as variables, that can be queried are kept on the managed device and reported to the NMS as necessary. Each variable is known as a managed object, which is anything the agent can access and send to the NMS. All managed objects are defined in a management information base (MIB ), which is a database with a tree-like hierarchy. The top level of the hierarchy contains the most general information about the network. Each branch underneath is more specific and deals with separate network areas.


SNMP Overview

SNMP exchanges network information in the form of protocol data unit (PDUs). PDUs contain information about variables stored on the managed device. These variables, also known as managed objects, have values and titles that are reported to the NMS as necessary. Communication between an NMS and a managed device takes place in one of two ways:


NMS-Initiated Communication

NMS-initiated communication is the most common type of communication between an NMS and a managed device. In this type of communication, the NMS either requests information from the managed device or changes the value of a variable stored on the managed device.

These are the steps that make up an NMS-initiated SNMP session:

  1. The NMS determines which managed devices and objects need to be monitored.

  2. The NMS sends a protocol data unit to the managed device's subagent through the master agent. This protocol data unit either requests information from the managed device or tells the subagent to change the values for variables stored on the managed device.

  3. The subagent for the managed device receives the protocol data unit from the master agent.

  4. If the protocol data unit from the NMS is a request for information about variables, the subagent gives information to the master agent and the master agent sends it back to the NMS in the form of another protocol data unit. The NMS then displays the information textually or graphically.

    If the protocol data unit from the NMS requests that the subagent set variable values, the subagent sets these values.


Managed Device-Initiated Communication

This type of communication occurs when the managed device needs to inform the NMS of an event that has occurred. A managed device initiates communication with an NMS to inform the NMS of a shut down or start up. Communication initiated by a managed device is also known as a trap. Directory Server sends a trap to the NMS whenever the Directory Server starts or stops.

These are the steps that make up a managed device-initiated SNMP session:

  1. An event occurs on the managed device.

  2. The subagent informs the master agent of the event.

  3. The master agent sends a PDU to the NMS to inform the NMS of the event.

  4. The NMS displays the information textually or graphically.



Overview of the Directory Server Management Information Base

Each iPlanet server has its own MIB. The Directory Server's MIB is a file called netscape-ldap.mib. This MIB contains definitions for variables pertaining to network management for the directory. These variables are known as managed objects. Using the directory MIB and network management software, such as HP OpenView, you can monitor your directory like all other managed devices on your network.

The directory MIB has the following object identifier: iso.org.dod.internet.private.enterprises.netscape.nsldap (nsldapd OBJECT IDENTIFIER ::= { 1.3.6.1.4.1.1450.7 }).

The object identifier is located in the /usr/iplanet/servers/plugins/snmp directory.

You can see administrative information about your directory and monitor the server in real-time using the directory MIB. The directory MIB is broken into three distinct tables of managed objects:

For information on how to compile MIBs, see your SNMP product documentation. The following sections describe the each table in detail.


About the Operations Table

The Operations Table provides statistical information about Directory Server access, operations, and errors. Table 13-1 describes the managed objects stored in the Operations Table of the netscape-ldap.mib file.


Table 13-1    Operations Table Managed Objects and Descriptions 

Managed Object

Description

dsAnonymousBinds  

The number of anonymous binds to the directory since server startup.  

dsUnauthBinds  

The number of unauthenticated binds to the directory since server startup.  

dsSimpleAuthBinds  

The number of binds to the directory that were established using a simple authentication method (such as password protection) since server startup.  

dsStrongAuthBinds  

The number of binds to the directory that were established using a strong authentication method (such as SSL or an SASL mechanism like Kerberos) since server startup.  

dsBindSecurityErrors  

The number of bind requests that have been rejected by the directory due to authentication failures or invalid credentials since server startup.  

dsInOps  

The number of operations forwarded to this directory from another directory since server startup.  

dsReadOps  

The number of read operations serviced by this directory since application start. The value of this object will always be 0 because LDAP implements read operations indirectly via the search operation.  

dsCompareOps  

The number of compare operations serviced by this directory since server startup.  

dsAddEntryOps  

The number of add operations serviced by this directory since server startup.  

dsRemoveEntryOps  

The number of delete operations serviced by this directory since server startup.  

dsModifyEntryOps  

The number of modify operations serviced by this directory since server startup.  

dsModifyRDNOps  

The number of modify RDN operations serviced by this directory since server startup.  

dsListOps  

The number of list operations serviced by this directory since server startup. The value of this object will always be 0 because LDAP implements list operations indirectly via the search operation.  

dsSearchOps  

The total number of search operations serviced by this directory since server startup.  

dsOneLevelSearchOps  

The number of one-level search operations serviced by this directory since server startup.  

dsWholeSubtreeSearchOps  

The number of whole subtree search operations serviced by this directory since server startup.  

dsReferrals  

The number of referrals returned by this directory in response to client requests since server startup.  

dsSecurityErrors  

The number of operations forwarded to this directory that did not meet security requirements.  

dsErrors  

The number of requests that could not be serviced due to errors (other than security or referral errors). Errors include name errors, update errors, attribute errors, and service errors. Partially serviced requests will not be counted as an error.  


The Entries Table

The Entries Table provides information about the contents of the directory entries. Table 13-2 describes the managed objects stored in the Entries Table in the netscape-ldap.mib file.


Table 13-2    Entries Table Managed Objects and Descriptions 

Managed Object

Description

dsMasterEntries  

The number of directory entries for which this directory contains the master entry. The value of this object will always be 0 (as no updates are currently performed).  

dsCopyEntries  

The number of directory entries for which this directory contains a slave copy. The value of this object will always be 0 (as no updates are currently performed).  

dsCacheEntries  

The number of entries cached in the directory.  

dsCacheHits  

The number of operations serviced from the locally held cache since application startup.  

dsSlaveHits  

The number of operations that were serviced from locally held replications (shadow entries). The value of this object will always be 0.  



Setting Up SNMP


The steps for configuring SNMP monitoring for your directory depend on whether you run your directory on Windows NT, UNIX or AIX. This section contains the following procedures :


Setting Up SNMP on Windows NT

To set up SNMP support for Directory Server on a Windows NT machine:

  1. Install the SNMP service on your NT server.

    Refer to your Windows NT operating system documentation for instructions.

  2. Enable Directory Server statistics collection.

    See "Configuring SNMP for the Directory Server" for information.

  3. Restart the Windows NT SNMP service.

    See "Starting and Stopping the SNMP Service on Windows NT" for information.


Setting Up SNMP on UNIX

To set up SNMP support for your Directory Server on a UNIX machine:

  1. Configure and start the master agent using the Administration Server Console.


    Note If you are using the default port settings (161 for SNMP and 199 for SMUX) then you need to be root user. If you reconfigure the master agent configuration and have ports with values higher than 1000, then it is not necessary to be root user.


    For information on setting up the master agent, refer to Managing Servers with iPlanet Console.

  2. On AIX machines, configure the AIX SNMP Daemon.

    See "Configuring the AIX SNMP Daemon" for information.

  3. Enable the directory subagent.

    See "Configuring SNMP for the Directory Server" for information.

  4. Start the directory subagent.

    See "Starting and Stopping the SNMP Subagent on UNIX" for information.


Configuring the AIX SNMP Daemon

If your SNMP daemon is running on AIX, it supports SMUX . For this reason, you do not need to install a master agent. However, you need to change the AIX SNMP daemon configuration.

AIX uses several configuration files to filter its communications. One of them, snmpd.conf, needs to be changed so that the SNMP daemon accepts the incoming messages from the SMUX subagent. For more information, see the online manual page for snmpd.conf. You need to add a line to define each subagent.

For example, you might add this line to the snmpd.conf:

smux 1.3.6.1.4.1.1.1450.7 "" IP_address net_mask

where IP_address is the IP address of the host the subagent is running on, and net_mask is the network mask of the host.


Note Do not use the loopback address 127.0.0.1; use the real IP address instead.


If you need more information, see your related system documentation.



Starting and Stopping the SNMP Subagent on UNIX


To start, stop, and restart the SNMP subagent for a directory running on UNIX:

  1. On the Directory Server Console, select the Configuration tab and then select the top most entry in the navigation tree in the left pane.

  2. Select the SNMP tab in the right pane.

  3. Click Start to start the subagent, click Stop to stop the subagent, or click Restart to restart the subagent.

    Stopping the directory does not stop the directory subagent. If you want to stop the subagent, you must do so from this tab.


    Note If you add another server instance and you want the instance to be part of the SNMP network, you must restart the subagent.




Starting and Stopping the SNMP Service on Windows NT

It is important to note that the master agent on Windows NT is the SNMP Service and not the SNMP subagent as is the case on other platforms. The SNMP Service is installed and configured via the Windows NT control panel. For a directory running on Windows NT, the SNMP subagent is a DLL which the SNMP service invokes, and it is by using the information stored in the registry that the SNMP Service knows which subagent to load.

To start, stop and restart the SNMP subagent for a directory running on Windows NT :

  1. Open the Control Panel and select Services.

  2. Select SNMP from the Service list.

  3. Click Start to start the SNMP Service, click Stop to stop the SNMP Service, or click Stop then Start to restart the SNMP Service.

    Stopping the directory does not stop the directory subagent. If you want to stop the subagent, you must do so from the Control Panel.


    Note If you add another server instance and you want the instance to be part of the SNMP network, you must restart the subagent.




Configuring SNMP for the Directory Server

To configure SNMP settings from the Directory Server Console:

  1. Make sure the Directory Server is running.

  2. On the Directory Server Console, select the Configuration tab and then select the topmost entry in the navigation tree in the left pane.

  3. Select the SNMP tab in the right pane.

  4. Select the "Enable Statistics Collection" checkbox to enable Directory Server statistics collection. Clear the checkbox to disable it.

  5. For UNIX servers, enter the hostname on which the master agent resides and the port number used to communicate with the master agent in the Master Host and Master Port text boxes.


    Note The hostname and port number are required.


    The defaults are localhost and 199 respectively.

  6. Enter a description that uniquely describes the directory instance in the Description text box.

  7. Type the name the company or organization to which the directory belongs in the Organization text box.

  8. Type the location within the company or organization where the directory resides in the Location text box.

  9. Type the email address of the person responsible for maintaining the directory in the Contact text box.

  10. Click Save.

  11. Restart the subagent (UNIX), or restart the SNMP service (Windows NT).

    See "Starting and Stopping the SNMP Subagent on UNIX" or "Starting and Stopping the SNMP Service on Windows NT" for information as appropriate.


Previous     Contents     Index     DocHome     Next     
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.

Last Updated March 23, 2001