Monitoring Oracle Internet Directory Servers

Oracle Internet Directory Server Manageability enables you to monitor various types of information about Oracle Internet Directory servers. This section contains these topics:

• Capabilities of Oracle Internet Directory Server Manageability

• Oracle Internet Directory Server Manageability Architecture and Components

• Location of Configuration Information for Oracle Internet Directory Server Manageability

• Configuring Oracle Internet Directory Server Manageability

• Configuring Critical Events

• Using the Oracle Internet Directory Server Manageability Framework Through Oracle Enterprise Manager Application Server Control

Capabilities of Oracle Internet Directory Server Manageability

The Oracle Internet Directory Server Manageability framework enables you to monitor the following directory server statistics:

• Server health statistics about LDAP request queues, memory, LDAP sessions, and database sessions. For example, you can view the number of active database sessions over a period of time.

• General statistics about specific server operations--for example, add, modify, or delete operations. For example, you can view the number of directory server operations over a period of time.

• User statistics comprising successful and failed bind and compare operations to the directory and the user performing each one

• Critical events related to system resources and security--for example, occasions when a user provided the wrong password or had inadequate access rights to perform an operation

• Status information of the directory server and the directory replication server--for example, the date and time at which the directory replication server was invoked

• Status information of Oracle directory integration and provisioning server and the integration profiles--for example, the number of times that the Oracle directory integration and provisioning server failed, or whether an integration profile is enabled

  See Also: Chapter 32, "Oracle Directory Integration and Provisioning Platform Concepts and Components"

You can view monitored information by using the Oracle Enterprise Manager Application Server Control.

See Also: Online help for Oracle Enterprise Manager Application Server Control The chapter about administration tools in the Oracle Application Server 10g Administrator's Guide

Oracle Internet Directory Server Manageability Architecture and Components

Figure 10-2 and the accompanying text explain the relationship between the various components of directory server manageability.

Figure 10-2 Architecture of Oracle Internet Directory Server Manageability

Text description of the illustration oidag058.gif

Oracle Internet Directory

A directory server responds to directory requests from clients. It has four kinds of functional threads: controller, worker, dispatcher, and listener. It accepts LDAP requests from clients, processes them, and sends the LDAP response back to the clients.

When you use the Oracle Internet Directory Server Manageability framework to set runtime monitoring, the four functional threads of the server record the specified information and store it in local memory.

See Also: "An Oracle Directory Server Instance" for a description of the directory server

Memory Resident Storage

This is a local process memory. The Oracle Internet Directory Servers Manageability framework assigns one each for statistics, tracing, and auditing. Each has its own separate data structure maintained in the local memory storage.

Low-Priority Write Threads

These dedicated write threads differ from server functional threads in that they write server statistics, audit logging, and tracing information to the repository. To maintain reduced system overhead, their priorities are kept low.

External Monitoring Application

This module, which is proprietary and external to the server manageability framework, collects the gathered statistics through a standard LDAP interface with the directory server and stores it in its own repository.

External Repository for Server Management Information

This is the repository that the monitoring agent uses to store the gathered directory server statistics. The monitoring agent determines how this repository is implemented.

Oracle Enterprise Manager Application Server Control

The Application Server Control extracts monitored data from the statistics and events repository, presenting it in a Web-based graphical user interface. Users can view the data in a normal browser. A repository can store the collected data for generic and custom queries.

Logging Repository (File System)

This repository uses a file system to store information traced across various modules of the directory server. By using a file system for this purpose, the Oracle Internet Directory Server Manageability framework uses the features and security of the operating system.

Directory Data Repository

This repository contains all user-entered data--for example, user and group entries.

Statistics and Events Repository

This repository is like the tracing repository except that it stores the information in the same database as the directory data repository rather than in a file system. In this way, the Oracle Internet Directory Server Manageability framework uses:

• Normal LDAP operations to store and retrieve the information

• Existing access control policies to manage the security of the gathered information

The directory manageability framework isolates the gathered information from the directory data by storing the two separately.

Location of Configuration Information for Oracle Internet Directory Server Manageability

The Oracle Internet Directory Server Manageability framework stores configuration parameters for all three modules--namely, server statistics, server tracing, and server auditing--in the DSE root of the directory. To specify periodicity, amount, and level of information to be gathered, you must set appropriate values for these parameters.

Configuring Oracle Internet Directory Server Manageability

To configure the Oracle Internet Directory Server Manageability framework, you use ldapmodify to set positive integer values for various attributes in the root DSE.

• To enable health and general statics, set the orclStatsFlag and orclStatsPeriodicity attributes.

• To enable user statistics:
  • Set the orclstatslevel attribute to 1

  • Set the orclStatsPeriodicity attribute

• To enable critical events, set the OrclEventLevel attribute.

• To enable events other than super user, proxy user, and replication administrator login:
  • Set the OrclEventLevel attribute to the appropriate value

  • Set the orclStatsFlag to 1

    See Also: " Attributes for Oracle Internet Directory Server Manageability" for information about each of the attributes you set when using Oracle Internet Directory Server Manageability

For example, to enable the Oracle Internet Directory Server Manageability framework, you create an LDIF file that looks like this:

dn:
changetype: modify
replace: orclstatsflag
orclstatsflag:1

To upload this file, enter the following command:

ldapmodify -h host -p port_number -D bind_DN -w bind_DN_password -f file_name

where the bind DN authorized to perform server manageability configuration is cn=emd admin,cn=oracle internet directory.

See Also: Oracle Enterprise Manager Application Server Control online help for more information about monitoring and managing Oracle Internet Directory servers by using Oracle Internet Directory Server Manageability

Configuring Critical Events

To configure critical events, use ldapmodify to set the OrclEventLevel attribute to one or more of the event levels listed in Table 10-8.

Table 10-8  Critical Event Levels

Level Value	Critical Event	Information It Provides
1	Super user login	Super uses bind (successes or failures)
2	Proxy user login	Proxy user bind (failures)
4	Replication login	Replication bind (failures)
8	Add access	Add access violation
16	Delete access	Delete access violation
32	Write access	Write access violation
64	ORA 3113 error	ORA-3113 Error
128	ORA 3114 error	ORA-3114 Error
255	All critical events

Using the Oracle Internet Directory Server Manageability Framework Through Oracle Enterprise Manager Application Server Control

To exploit the features of Oracle Internet Directory Server Manageability, you use Oracle Enterprise Manager Application Server Control as explained in this section.

Enabling Information Collection by Using Oracle Enterprise Manager Application Server Control

To enable information collection by using Oracle Enterprise Manager Application Server Control:

1. In the Oracle Internet Directory main window, select LDAP Metrics. This displays the LDAP Diagnostic Collection Configuration page.

2. Check Collect Metrics.

3. Select Interval.

4. Enter the required password.

5. Choose Apply.

   Note: To enable critical events, use ldapmodify to set the attribute orclEventLevel to the appropriate value.

Starting a New Directory Server Instance by Using Oracle Enterprise Manager Application Server Control

To start a server:

1. In the Oracle Internet Directory main window, choose Start New Instance. The Start a New LDAP Server Instance Window displays a table that enables you to choose a configuration set.

   Table 10-9  Fields in the Start a New LDAP Server Instance Window

   Column	Description
   Set Number	The configuration set number for the directory server instance
   Default Port	The default port number for the directory server instance
   Port Available	Indicator of whether the default port is available
   Maximum Database Connections	The number of database connections this directory instance can accommodate
   Server Processes	The number of server processes
   Port Number	The port number you assign to the directory server instance if the default port number is not used

2. In the Set Number column, select the configuration set you want to use.

   If the default port is not available, then, in the Port Number column, specify a port number.

3. Choose Start.

Stopping a Directory Server Instance by Using Oracle Enterprise Manager Application Server Control

To stop a directory server instance:

1. In the Oracle Internet Directory main window, in the LDAP Instances section, select the directory server instance you want to stop.

2. Choose Stop.

Restarting a Directory Server Instance by Using Oracle Enterprise Manager Application Server Control

To restart a directory server instance:

1. In the Oracle Internet Directory main window, in the LDAP Instances section, select the server you want to restart.

2. Choose Restart. The Restart an LDAP Server Instance window displays the following table.

   Table 10-10  Fields in the Restart an LDAP Server Instance Window

   Column	Description
   Set Number	The configuration set number for the directory server instance
   Default Port	The default port number for the directory server instance
   Port Available	Indicator of whether the default port is available
   Maximum Database Connections	The number of database connections this directory instance can accommodate
   Server Processes	The number of server processes
   Port Number	The port number you assign to the directory server instance if the default port number is not used

3. Select a configuration. If the default port is not available, then, in the Port Number column, enter a port number.

4. Choose Start.

Viewing Directory Server Activities by Using Oracle Enterprise Manager Application Server Control

To view directory server activities information:

1. In the Directory Server main window, select the directory server instance whose information you want to view.

2. Choose View Load. The LDAP Load window appears.

3. From the Select Load Characteristics list, select the information that you want to view about this instance. The options are:
   • LDAP Repository Database Sessions--Selecting this option displays two graphs--one for open database sessions, the other for active database sessions at the end of the specified time period of statistics collection.

   • Response Time vs. LDAP Operations--Selecting this option displays two graphs. The first shows the average LDAP operation response time over the course of the specified time period of statistics collection. The other shows the number of operations in progress at the end of that period

   • Active LDAP Sessions vs. New LDAP Sessions--Selecting this option displays two graphs. The first shows the number of active LDAP sessions--that is, those that remain open at the end of the specified time period of statistics collection. The second shows new LDAP sessions--that is, those that are opened over the course of the specified time period of statistics collection.

4. When you have made your selection, choose Go.

Viewing Directory Server Operations by Using Oracle Enterprise Manager Application Server Control

You can view directory server operations over the course of the specified time period of statistics collection by using Application Server Control. To do this:

1. In the Directory Server main window, select the directory server instance whose information you want to view.

2. Choose View Operations. This displays charts for all of the LDAP operations. Click any chart to see a larger image of it.