Skip Navigation Links | |
Exit Print View | |
Oracle Fusion Middleware Administration Guide for Oracle Unified Directory 11g Release 1 (11.1.1) |
1. Starting and Stopping the Server
2. Configuring the Server Instance
3. Configuring the Proxy Components
4. Configuring Security Between Clients and Servers
5. Configuring Security Between the Proxy and the Data Source
6. Managing Oracle Unified Directory With Oracle Directory Services Manager
10. Managing Users and Groups With dsconfig
11. Managing Password Policies
13. Monitoring Oracle Unified Directory
Configuring Logs With the Log Publisher
To List Existing Log Publishers
Configuring Log Retention Policies
To View the Log Retention Policies
To Create a Log Retention Policy
To Modify a Log Retention Policy
Configuring Log Rotation Policies
To View the Log Rotation Policies
To Create a Log Rotation Policy
To Set Log Rotation or Retention for a Specific Log File
Configuring Alerts and Account Status Notification Handlers
To View All Configured Alert Handlers
Managing Account Status Notification Handlers
To View the Configured Account Status Notification Handlers
To Enable Account Status Notification Handlers
Monitoring the Server With LDAP
Viewing Monitoring Information Using the cn=monitor Entry
Monitored Attributes in the Oracle Unified Directory proxy
To View the Available Monitoring Information
To Monitor General-Purpose Server Information
To Monitor Version Information
To Monitor the User Root Back End
To Monitor the Backup Back End
To Monitor the monitor Back End
To Monitor the Schema Back End
To Monitor the adminRoot Back End
To Monitor the ads-truststore Back End
To Monitor the LDAP Connection Handler
To Monitor LDAP Connection Handler Statistics
To Monitor Connections on the LDAP Connection Handler
To Monitor the Administration Connector
To Monitor Administration Connector Statistics
To Monitor Connections on the Administration Connector
To Monitor the LDIF Connection Handler
To Monitor JVM Stack Trace Information
To Monitor the JVM Memory Usage
To Monitor the userRoot Database Environment
To Monitor Remote LDAP Servers
To Monitor a Global Index Catalog
Monitoring Using the manage-tasks Command
Monitoring the Server With JConsole
To Configure JMX on a Server Instance
Accessing a Server Instance From JConsole
Viewing Monitoring Information With JConsole
To View the Replication Repair Logs
Monitoring the Server With SNMP
Configuring the SNMP Connection Handler and Its Dependencies
To Configure SNMP in the Server
To View the SNMP Connection Handler Properties
To Access SNMP on a Server Instance
SNMP Security Configuration: V1 and V2c
SNMP Security Configuration: V3
Monitoring a Replicated Topology
Monitoring Replication Status With dsreplication
Advanced Replication Monitoring
To Monitor the Topology and Its Connections
To Monitor Replication Latency
To Monitor Replication Security
To Monitor Replication Conflicts
Oracle Unified Directory provides mechanisms for transmitting alert and account status notifications by means of JMX extensions or SMTP extensions. You can configure the directory server to send alert notifications when an event occurs during processing. Typical server events include server starts and shut downs, or problems that are detected by the server, such as an attempt to write to the configuration file.
You can also receive account status notifications when an event occurs during password policy processing, such as when accounts are locked out, accounts expire, passwords expire, and so on.
Alerts and account status notification handlers are configured by using the dsconfig command. For more information, see Managing the Server Configuration With dsconfig.
For additional information about the topics in this section, see Chapter 11, Managing Password Policies and The Alert Handler Configuration.
Oracle Unified Directory supports the following alert handlers:
JMX alert handler for JMX notifications
SMTP alert handler for email notifications.
Custom alert handlers
Oracle Unified Directory stores alert handlers information in the configuration file under the cn=Alert Handlers,cn=config subtree. You can access the information using the dsconfig command.
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ list-alert-handlers Alert Handler : Type : enabled ------------------:------:-------- JMX Alert Handler : jmx : false
The JMX alert handler is disabled by default. Before you begin, you must configure JMX on the server. For more information, see Monitoring the Server With JConsole.
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ get-alert-handler-prop \ --handler-name "JMX Alert Handler" Property : Value(s) --------------------:--------------------------------------------- disabled-alert-type : - enabled : false enabled-alert-type : -
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ set-alert-handler-prop \ --handler-name "JMX Alert Handler" --set enabled:true
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ get-alert-handler-prop \ --handler-name "JMX Alert Handler" Property : Value(s) --------------------:--------------------------------------------- disabled-alert-type : - enabled : true enabled-alert-type : -
You can create a new alert handler by using dsconfig. This example configures a new SMTP handler. Before starting this procedure, ensure that you have configured an SMTP server for your server.
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ create-alert-handler \ --handler-name "my SMTP Handler" --type smtp --set enabled:true \ --set message-body:"Alert Type: %%alert-type%%\n\nAlert ID: \ %%alert-id%%\n\nAlert Message: %%alert-message%%" \ --set message-subject:"Alert Message" \ --set recipient-address:directorymanager@example.com \ --set sender-address:OUD-Alerts@directory.example.com
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ list-alert-handlers
The server sends out message alerts when an alert type event occurs in the system. The supported alert types are defined in the following table.
|
The following example removes an alert handler from the directory server.
Note - You can simply disable an alert handler instead of deleting it. In this case, the alert handler is available if you need to enable it again in the future. For more information, see To Disable an Alert Type.
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ delete-alert-handler \ --handler-name "JMX Alert Handler"
By default, all alert types are allowed. If you specify a value for the enabled-alert-type property, only alerts with one of those types are allowed. If you specify a value for the disabled-alert-type property, all alert types except for the values in that property are allowed. Alert types are specified by their Java class, as shown in this example.
This command disables the startup alert from the JMX Alert Handler.
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ set-alert-handler-prop \ --handler-name "JMX Alert Handler" \ --set disabled-alert-type:org.opends.server.DirectoryServerStarted
Account status notification handlers provide alerts on events during password policy processing. By default, the Error Log Account Status Notification handler is set to enabled upon initial configuration. The server writes a message to the server error log when one of the following events has been configured in the password policy and occurs during the course of password policy processing:
account-temporarily-locked
account-permanently-locked
account-unlocked
account-idle-locked
account-reset-locked
account-disabled
account-expired
password-expired
password expiring
password-reset
password-changed
The error log is located at install-dir/logs/errors.
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ list-account-status-notification-handlers Account Status Notification Handler : Type : enabled ------------------------------------:-----------:-------- Error Log Handler : error-log : true SMTP Handler : smtp : false
You can enable an existing account status notification handler using the dsconfig command. By default, the directory server enables the Error Log Handler when the server is initially configured. This example enables the SMTP notification handler.
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ get-account-status-notification-handler-prop --handler-name "SMTP Handler" \ --property enabled Property : Value(s) ---------:--------- enabled : false
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ set-account-status-notification-handler-prop --handler-name "SMTP Handler" \ --set property:enabled
When you specify the type, you can use either error-log or generic (default).
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ create-account-status-notification-handler \ --handler-name "My Password Reset Logger" --type error-log --set enabled:true \ --set account-status-notification-type:password-reset
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ list-account-status-notification-handlers Account Status Notification Handler : Type : enabled ------------------------------------:-----------:-------- Error Log Handler : error-log : true my Password Reset Logger : error-log : true SMTP Handler : smtp : false
You can disable an account status notification handler instead of deleting it. In this case, the alert handler is available if you need to enable it again in the future.
You can remove an account status notification handler entirely by using dsconfig.
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ delete-account-status-notification-handler --handler-name "My Password Reset Logger"