18.3 eDirectory and SNMP

eDirectory can store and manage millions of objects, such as users, applications, network devices, and data. With the increase in objects, the need to track down the additions and modifications to the eDirectory increases. SNMP renders a solution to this problem by helping you monitor eDirectory servers and thus keep track of the changes.

18.3.1 Benefits of SNMP Instrumentation on eDirectory

  • Real time monitoring for an eDirectory server

  • Monitoring of eDirectory from any third party SNMP MIB browser

  • Tracking the status of eDirectory to verify normal operations

  • Spotting and reacting to potential problems once they are detected

  • Configuring traps and statistics for selective monitoring

  • Plotting a trend on the access of eDirectory

  • Storing and analyzing historical data that has been obtained through SNMP

  • SNMP Get, GetNext request support for statistics

  • Using SNMP native master agent on all the platform

18.3.2 Understanding How SNMP Works with eDirectory

SNMP implementation on eDirectory provides useful eDirectory information on statistics on the accesses, operations, errors, and cache performance. Traps on the occurrence of events can also be sent with SNMP implementation. Traps and statistics are defined in the MIB.

NOTE:You might have to access the encrypted attributes only over a secure channel, if you have specified that you always need a secure channel to access these attributes. For more information, refer to Section 12.1, Encrypted Attributes.

Directory Service Monitoring MIB

The eDirectory MIB defines statistics and traps to monitor eDirectory. This MIB is assigned the following oid:

iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).novell(23).mibDoc(2).ndsMIB(98)

Statistics

The eDirectory MIB is divided into four distinct tables of managed objects:

  • The Cache Database Statistics Table - ndsDbCacheTable: Contains a description of the directory servers as well as summary statistics on the entries cached by these servers.

  • The Config Database Statistics Table - ndsDbConfigTable: Contains a description of the directory servers as well as summary statistics on the entries configured by these servers.

  • The Protocol Statistics Table - ndsProtoIfOpsTable: Provides summary statistics on the accesses, operations, and errors for each application protocol interface of a directory server.

  • The Interaction Statistics Table - ndsServerIntTable: Keeps track of the last “N” directory server with which the monitored directory has interacted or attempted to interact. “N” is a locally defined constant.

NOTE:For more information on statistics, see Statistics.

Traps - ndsTrapVariables

The eDirectory MIB defines 119 traps. Out of this, 117 traps map to eDirectory events and 2 additional traps ndsServerStart and ndsServerStop are directly generated by the SNMP subagent. These two traps cannot be configured.

NOTE:For more information on traps, see Traps.

For more information on statistics and traps, see edir.mib.

edir.mib is located in the following directories:

  • Windows: install_directory\SNMP
  • Linux: /etc/opt/novell/eDirectory/conf/ndssnmp/

SNMP Group Object

The SNMP group object is used to set up and manage the eDirectory SNMP traps. During installation, an SNMP group object named “SNMP Group - server_name” is created (where server_name is the name of the server on which SNMP services for eDirectory are installed). The SNMP group object is created in the same container as the server object. This SNMP configuration utility is used to configure SNMP traps.

On Windows

To create an SNMP group object, enter the following command:

rundll32 snmpinst, snmpinst -c <createobj> -a <userFDN> -p <password> -h <hostname or IP address>

Parameter

Description

-c <createobj>

Trap command that specifies the creation of an object.

-a <userFDN>

Fully distinguished name of a user having administrative rights

-p <password>

userFDN password for authentication

-h <hostname or IP address>

DNS host name or IP address

Example:

rundll32 snmpinst, snmpinst -c createobj -a admin.mycontext -p mypassword -h 160.98.146.26

To delete an SNMP group object, enter the following command:

rundll32 snmpinst, snmpinst -c <deleteobj> -a <userFDN> -p <password> -h <hostname or IP address>

See the table above for more information.

Example:

rundll32 snmpinst, snmpinst -c deleteobj -a admin.mycontext -p mypassword -h 160.98.146.26

On Linux

To create an SNMP group object, enter the following command:

ndsconfig add -m <modulename> -a <userFDN>

Example:

ndsconfig add -m snmp -a admin.mycontext