Previous     Contents     Index     DocHome     Next     
iPlanet Directory Server 5.1 Administrator's Guide



Chapter 13   Monitoring iPlanet Directory Server Using SNMP


The server and database activity monitoring log setup described in Chapter 12, "Monitoring Server and Database Activity" is specific to iPlanet Directory Server. You can also monitor your iPlanet Directory Server using the Simple Network Management Protocol (SNMP). SNMP is a management protocol used for monitoring network activity that can be used to monitor a wide range of devices in real time.

SNMP is the ideal standard mechanism for global network control and monitoring. It allows network administrators to unify all network monitoring activities, with iPlanet Directory Server monitoring just part of the broader picture.

This chapter contains the following topics:



About SNMP

SNMP is a protocol used to exchange data about network activity. With SNMP, data travels between a managed device and a network management station (NMS) where users remotely manage the network. A managed device is anything that runs SNMP, such as hosts, routers, and your iPlanet Directory Server. An NMS is usually a powerful workstation with one or more network management applications installed. A network management application graphically shows information about managed devices (which device is up or down, which and how many error messages were received, and so on).

Information is transferred between the NMS and the managed device through the use of two types of agents: the subagent and the master agent. The subagent gathers information about the managed device and passes the information to the master agent. iPlanet Directory Server has a subagent. The master agent exchanges information between the various subagents and the NMS. The master agent runs on the same host machine as the subagents it talks to.

You can have multiple subagents installed on a host machine. For example, if you have iPlanet Directory Server, Enterprise Server, and Messaging Server all installed on the same host, the subagents for each of these servers communicates with the same master agent. In the UNIX environment, the master agent is installed with the iPlanet Administration Server.

Values for SNMP attributes, otherwise known as variables, that can be queried are kept on the managed device and reported to the NMS as necessary. Each variable is known as a managed object, which is anything the agent can access and send to the NMS. All managed objects are defined in a management information base (MIB), which is a database with a tree-like hierarchy. The top level of the hierarchy contains the most general information about the network. Each branch underneath is more specific and deals with separate network areas.


SNMP Overview

SNMP exchanges network information in the form of protocol data unit (PDUs). PDUs contain information about variables stored on the managed device. These variables, also known as managed objects, have values and titles that are reported to the NMS as necessary. Communication between an NMS and a managed device takes place in one of two ways:


NMS-Initiated Communication

NMS-initiated communication is the most common type of communication between an NMS and a managed device. In this type of communication, the NMS either requests information from the managed device or changes the value of a variable stored on the managed device.

These are the steps that make up an NMS-initiated SNMP session:

  1. The NMS determines which managed devices and objects need to be monitored.

  2. The NMS sends a protocol data unit to the managed device's subagent through the master agent. This protocol data unit either requests information from the managed device or tells the subagent to change the values for variables stored on the managed device.

  3. The subagent for the managed device receives the protocol data unit from the master agent.

  4. If the protocol data unit from the NMS is a request for information about variables, the subagent gives information to the master agent and the master agent sends it back to the NMS in the form of another protocol data unit. The NMS then displays the information textually or graphically.

    If the protocol data unit from the NMS requests that the subagent set variable values, the subagent sets these values.


Managed Device-Initiated Communication

This type of communication occurs when the managed device needs to inform the NMS of an event that has occurred. A managed device initiates communication with an NMS to inform the NMS of a shut down or start up. Communication initiated by a managed device is also known as a trap. iPlanet Directory Server sends a trap to the NMS whenever the iPlanet Directory Server starts or stops.

These are the steps that make up a managed device-initiated SNMP session:

  1. An event occurs on the managed device.

  2. The subagent informs the master agent of the event.

  3. The master agent sends a PDU to the NMS to inform the NMS of the event.

  4. The NMS displays the information textually or graphically.



Overview of the iPlanet Directory Server Management Information Base

Each iPlanet server has its own MIB. The iPlanet Directory Server's MIB is defined in the following file:

/usr/iplanet/ds5/plugins/snmp/netscape-ldap.mib

This MIB contains definitions for variables pertaining to network management for the directory. These variables are known as managed objects. Using the directory MIB and network management software, such as Sun Net Manager, you can monitor your directory like all other managed devices on your network.

The directory MIB has the following object identifier:

iso.org.dod.internet.private.enterprises.netscape.nsldap
(nsldapd OBJECT IDENTIFIER ::= { 1.3.6.1.4.1.1450.7 })

You can see administrative information about your directory and monitor the server in real-time using the directory MIB. The directory MIB is broken into three distinct tables of managed objects:

Before you can use the directory's MIB, you must compile it along with the MIBs that you will find in the following directory:

/usr/iplanet/ds5/plugins/snmp/mibs

For information on how to compile MIBs, see your SNMP product documentation. The following sections describe each table in detail.


About the Operations Table

The Operations Table provides statistical information about iPlanet Directory Server access, operations, and errors. The following table describes the managed objects stored in the Operations Table of the netscape-ldap.mib file.


Table 13-1    Operations Table Managed Objects and Descriptions 

Managed Object

Description

dsAnonymousBinds  

The number of anonymous binds to the directory since server startup.  

dsUnauthBinds  

The number of unauthenticated binds to the directory since server startup.  

dsSimpleAuthBinds  

The number of binds to the directory that were established using a simple authentication method (such as password protection) since server startup.  

dsStrongAuthBinds  

The number of binds to the directory that were established using a strong authentication method (such as SSL or an SASL mechanism like Kerberos) since server startup.  

dsBindSecurityErrors  

The number of bind requests that have been rejected by the directory due to authentication failures or invalid credentials since server startup.  

dsInOps  

The number of operations forwarded to this directory from another directory since server startup.  

dsReadOps  

The number of read operations serviced by this directory since application start. The value of this object will always be 0 because LDAP implements read operations indirectly via the search operation.  

dsCompareOps  

The number of compare operations serviced by this directory since server startup.  

dsAddEntryOps  

The number of add operations serviced by this directory since server startup.  

dsRemoveEntryOps  

The number of delete operations serviced by this directory since server startup.  

dsModifyEntryOps  

The number of modify operations serviced by this directory since server startup.  

dsModifyRDNOps  

The number of modify RDN operations serviced by this directory since server startup.  

dsListOps  

The number of list operations serviced by this directory since server startup. The value of this object will always be 0 because LDAP implements list operations indirectly via the search operation.  

dsSearchOps  

The total number of search operations serviced by this directory since server startup.  

dsOneLevelSearchOps  

The number of one-level search operations serviced by this directory since server startup.  

dsWholeSubtreeSearchOps  

The number of whole subtree search operations serviced by this directory since server startup.  

dsReferrals  

The number of referrals returned by this directory in response to client requests since server startup.  

dsSecurityErrors  

The number of operations forwarded to this directory that did not meet security requirements.  

dsErrors  

The number of requests that could not be serviced due to errors (other than security or referral errors). Errors include name errors, update errors, attribute errors, and service errors. Partially serviced requests are not counted as errors.  


The Entries Table

The Entries Table provides information about the contents of the directory entries. Table 13-2 describes the managed objects stored in the Entries Table in the netscape-ldap.mib file.


Table 13-2    Entries Table Managed Objects and Descriptions 

Managed Object

Description

dsMasterEntries  

The number of directory entries for which this directory contains the master entry. The value of this object will always be 0 (as no updates are currently performed).  

dsCopyEntries  

The number of directory entries for which this directory contains a slave copy. The value of this object will always be 0 (as no updates are currently performed).  

dsCacheEntries  

The number of entries cached in the directory.  

dsCacheHits  

The number of operations serviced from the locally held cache since application startup.  

dsSlaveHits  

The number of operations that were serviced from locally held replications (shadow entries). The value of this object will always be 0.  



Setting Up SNMP


To set up SNMP support for your iPlanet Directory Server:

  1. Configure and start the master agent using the Administration Server Console.


    Note If you are using the default port settings (161 for SNMP and 199 for SMUX) then you need to be root user. If you reconfigure the master agent configuration and have ports with values higher than 1000, then it is not necessary to be root user.


    For information on setting up the master agent, refer to Managing Servers with iPlanet Console.

  2. Enable the directory subagent.

    See "Configuring SNMP for the iPlanet Directory Server" for information.

  3. Start the directory subagent.

    See "Starting and Stopping the SNMP Subagent" for information.



Starting and Stopping the SNMP Subagent

To start, stop, and restart the SNMP subagent:

  1. On the iPlanet Directory Server Console, select the Configuration tab and then select the top most entry in the navigation tree in the left pane.

  2. Select the SNMP tab in the right pane.

  3. Click Start to start the subagent, click Stop to stop the subagent, or click Restart to restart the subagent.

    Stopping the directory does not stop the directory subagent. If you want to stop the subagent, you must do so from this tab.


    Note If you add another server instance and you want the instance to be part of the SNMP network, you must restart the subagent.




Configuring SNMP for the iPlanet Directory Server

To configure SNMP settings from the iPlanet Directory Server Console:

  1. Make sure the iPlanet Directory Server is running.

  2. On the iPlanet Directory Server Console, select the Configuration tab and then select the topmost entry in the navigation tree in the left pane.

  3. Select the SNMP tab in the right pane.

  4. Select the "Enable Statistics Collection" checkbox to enable iPlanet Directory Server statistics collection. Clear the checkbox to disable it.

  5. Enter the hostname on which the master agent resides and the port number used to communicate with the master agent in the Master Host and Master Port text boxes.


    Note The hostname and port number are required.


    The defaults are localhost and 199 respectively.

  6. Enter a description that uniquely describes the directory instance in the Description text box.

  7. Type the name the company or organization to which the directory belongs in the Organization text box.

  8. Type the location within the company or organization where the directory resides in the Location text box.

  9. Type the email address of the person responsible for maintaining the directory in the Contact text box.

  10. Click Save.

  11. Restart the subagent.

    See "Configuring SNMP for the iPlanet Directory Server".


Previous     Contents     Index     DocHome     Next     
Copyright © 2002 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.

Last Updated February 26, 2002