eDirectory is monitored using the traps and statistics feature of SNMP.
To monitor an eDirectory server using SNMP, you need the following rights over the NCP server, LDAP group and LDAP server objects:
Supervisor rights over the NCP server object
Read rights over the LDAP Allow Clear Text Password attribute of the LDAP Group object
Read rights over the LDAP TCP Port and LDAP SSL Port attributes of the LDAP Server object
By default a user who has logged in with the administrative rights does not face any problem in monitoring an eDirectory server using SNMP.
The SNMP component generates a total of 119 traps out of which traps ndsServerStart (2001) and ndsServerStop (2002) cannot be configured. These traps are enabled by default.
You can use a MIB browser to check the generated traps.
|
Trap Number |
Trap Name |
Trap Is Generated When |
|---|---|---|
|
1 |
ndsCreateEntry |
A new object is added in the directory. Example: Create an object using LDAP tools, ICE, or iManager. |
|
2 |
ndsDeleteEntry |
An existing object is deleted. Example: Create an object using LDAP tools, ICE, or iManager. |
|
3 |
ndsRenameEntry |
An existing object is renamed. Example: Rename an object using LDAP tools, ICE, or iManager. |
|
4 |
ndsMoveSourceEntry |
An object is moved to a different context. The trap gives the context of the object before movement. Example: Move an object using ldapmodrdn or ldapsdk. |
|
5 |
ndsAddValue |
A value is added to an object attribute. Example: Add new values to attributes using LDAP tools, ICE, or iManager. NOTE:If the return value is NULL, you might have to access the directory over a secure channel. For more information, refer to Accessing the Encrypted Attributes |
|
6 |
ndsDeleteValue |
A value is deleted from an object attribute. Example: Delete new values to attributes using LDAP tools, ICE, or iManager. NOTE:If the return value is NULL, you might have to access the directory over a secure channel. For more information, refer to Accessing the Encrypted Attributes |
|
7 |
ndsCloseStream |
A stream attribute is modified. |
|
8 |
ndsDeleteAttribute |
A value is deleted from a single-value attribute. Example: Delete an attribute using LDAP tools, ICE, or iManager. NOTE:If the return value is NULL, you might have to access the directory over a secure channel. For more information, refer to Accessing the Encrypted Attributes. |
|
9 |
ndsCheckSecurityEquiv |
The security equivalence vector for the particular entry is checked. Example: Change the security equivalence attribute using LDAP tools, ICE, or iManager. |
|
10 |
ndsUpdateSecurityEquiv |
The security equivalence vector for the particular entry is modified. Example: Change the security equivalence attribute using LDAP tools, ICE, or iManager. |
|
11 |
ndsMoveDestEntry |
An object is moved to a different context. The trap will give the context that the object is moved to. Example: Move objects using ldapmodrdn or ldapsdk. |
|
12 |
ndsDeleteUnusedExtref |
A backlink object is deleted. |
|
13 |
ndsAgentOpenLocal |
The local directory agent is opened. Example: Run unattended repair. |
|
14 |
ndsAgentCloseLocal |
The local directory agent is closed. Example: Run unattended repair. |
|
15 |
ndsDSABadVerb |
An incorrect verb number is associated with an DSAgent request. Example: Pass a bad verb request to eDirectory using DClient calls. |
|
16 |
ndsMoveSubtree |
A container and its subordinate object are moved. Example: When a partition is moved to a different context using LDAP tools, ICE, or iManager. |
|
17 |
ndsNoReplicaPointer |
A replica has no replica pointer associated with it. |
|
18 |
ndsSyncInEnd |
Inbound synchronization is completed. |
|
19 |
ndsBacklinkSecurEquiv |
A backlink operation has updated an object’s security equivalence vector. Example: Change the security equivalence attribute using LDAP tools, ICE, or iManager. |
|
20 |
ndsBacklinkOperPrivChg |
A backlink operation has changed an object’s console operator privileges. |
|
21 |
ndsDeleteSubtree |
A container and its subordinate objects have been deleted. |
|
22 |
ndsReferral |
A referral is created. |
|
23 |
ndsUpdateClassDef |
A schema class definition is updated. Example: When a new class or attribute is added to a primary and this gets synchronized with the secondary using LDAP tools, ICE, or iManager, this trap is generated. |
|
24 |
ndsUpdateAttributeDef |
A schema attribute definition is updated. Example: When a new attribute is added to a primary and this is synchronized with the secondary using LDAP tools, ICE, or iManager, this trap is generated. |
|
25 |
ndsLostEntry |
eDirectory encounters a lost entry. A lost entry is an entry that does not exist on the local server, but for which updates are being received. |
|
26 |
ndsPurgeEntryFail |
The purge operation fails. |
|
27 |
ndsPurgeStart |
The purge operation is started. Example: Run DSTrace and Set ndstrace=*j. |
|
28 |
ndsPurgeEnd |
The purge operation is completed. Example: Run DSTrace and Set ndstrace=*j. |
|
29 |
ndsLimberDone |
The limber operation is completed. Example: Configure DSTrace to start limber after a particular interval of time. |
|
30 |
ndsPartitionSplitDone |
The split partition operation is completed. Example: Create a partition using iManager. |
|
31 |
ndsSyncServerOutStart |
Outbound synchronization from a particular server is started. Example: Configure DSTrace to start outbound synchronization after a particular interval of time. |
|
32 |
ndsSyncServerOutEnd |
Outbound synchronization from a particular server is completed. Example: Configure DSTrace to stop outbound synchronization after a particular interval of time. |
|
33 |
ndsSyncPartitionStart |
Partition synchronization is started. Example: Partition one of the containers. |
|
34 |
ndsSyncPartitionEnd |
Partition synchronization is completed. Example: Partition one of the containers. |
|
35 |
ndsMoveTreeStart |
Movement of a subtree is started. A subtree is moved when a partition is moved. Example: Using iManager, create a partition and move the partition to another container. |
|
36 |
ndsMoveTreeEnd |
Movement of a subtree is completed. A subtree is moved when a partition is merged. Example: Using iManager, create a partition and move the partition to another container. |
|
37 |
ndsJoinPartitionDone |
Joining of partitions is completed. Example: Using iManager, create a partition and merge the partition. |
|
38 |
ndsPartitionLocked |
A partition gets locked (for example, before merging the partitions). Example: Using iManager, create a partition. |
|
39 |
ndsPartitionUnlocked |
A partition gets unlocked (for example, after merging the partitions). Example: Using iManager, create a partition. |
|
40 |
ndsSchemaSync |
Schema are synchronized. Example: Schedule schema synchronization using ldapsdk schsync. |
|
41 |
ndsNameCollision |
Two objects on different servers have the same name (they collide). Example: Disable the outbound synchronization of the primary and secondary servers of a tree using iMonitor. Add some User objects to both the servers using LDAP tools. Then enable the outbound synchronization of both servers using iMonitor. |
|
43 |
ndsChangeModuleState |
An eDirectory module (NLM / DLM) is loaded or unloaded. Example: Load or unload the nldap module. |
|
44 |
ndsLumberDone |
The limber background process is started. |
|
45 |
ndsBacklinkProcDone |
The backlink process is completed. Example: Configure DSTrace to start backlink after a particular interval of time. |
|
46 |
ndsServerRename |
A server is renamed. Example: Use ldapmodrdn or ldapsdk to rename the server. |
|
47 |
ndsSyntheticTime |
Objects are created with future time stamps. To synchronize eDirectory servers, synthetic time might be invoked. Example: Add a secondary server to the tree using ndsconfig. |
|
48 |
ndsServerAddressChange |
Limber changes a server referral. Example: Change the IP address of the server and restart ndsd. |
|
49 |
ndsDSARead |
An entry is read. This trap is generated for all operations on eDirectory. Example: Use ldapsearch to generate traps. |
|
50 |
ndsLogin |
eDirectory is logged in to. Example: Login to the tree using ndslogin. |
|
51 |
ndsChangePassword |
A password is changed. Example: Change the password of a user object using ldapmodify. |
|
52 |
ndsLogout |
eDirectory is logged out of. Example: Detach the connection to the tree from Novell Client. |
|
53 |
ndsAddReplica |
A replica is added to a server partition. Example: Add a new replica to the tree using ndsconfig. |
|
54 |
ndsRemoveReplica |
A replica is deleted. Example: Delete a replica from one of the servers using iManager. |
|
55 |
ndsSplitPartition |
A partition is split. Example: Create a partition using iManager. |
|
56 |
ndsJoinPartition |
A parent partition is joined with a child partition. Example: Create a partition and join the partition using iManager. |
|
57 |
ndsChangeReplicaType |
A partition replica's type is changed. Example: Change the replica type from Master replica to Read-Write replica. |
|
58 |
ndsAddEntry |
A new object is added. Example: Add a user object using iManager. |
|
59 |
ndsAbortPartitionOp |
A partition operation is aborted. Example: Partition a container and abort the partitioning operation. |
|
60 |
ndsRecvReplicaUpdates |
A replica receives an update during synchronization. Example: An eDirectory server in a multiple-server tree setup requests updates on the replica that it holds. This operation can be done using iManager. |
|
61 |
ndsRepairTimeStamps |
A replica's time stamps are repaired. Example: Perform a DIB repair operation for timestamps using DSRepair (ndsrepair on Linux, or NDSCons on Windows). |
|
62 |
ndsSendReplicaUpdates |
A replica is updated during synchronization. Example: When an eDirectory server in a multiple servers tree setup sends for updates on the replica that it holds. This operation can be done using iManager. |
|
63 |
ndsVerifyPass |
A password is verified. Example: When the password expires, re-enter the password for confirmation at the change password prompt. |
|
64 |
ndsBackupEntry |
An entry is backed up. Example: Back up Directory objects using the Backup utility (ndsbackup on Linux, NDSCons on Windows). |
|
65 |
ndsRestoreEntry |
An entry is restored. Example: Restore the backed-up Directory objects using the Backup utility (ndsbackup on Linux , NDSCons on Windows). |
|
66 |
ndsDefineAttributeDef |
An attribute definition is added to the schema. Example: Extend the eDirectory tree schema by adding a new attribute definition. The schema can get extended when an eDirectory dependent application is installed such as ZENWorks® or NMAS™. The schema can also be extended using iManager or the schema extension utility ndssch on Linux. |
|
67 |
ndsRemoveAttributeDef |
An attribute definition is removed from the schema. Example: Delete an attribute definition from the eDirectory tree schema. The attribute can be deleted using iManager or the schema extension utility ndssch on Linux. |
|
68 |
ndsRemoveClassDef |
A class definition is removed from the schema. Example: Delete an object class definition from the eDirectory tree schema. This can be deleted using iManager or the schema extension utility ndssch on Linux. |
|
69 |
ndsDefineClassDef |
A class definition is added to the schema. Example: Extend the eDirectory tree schema by adding a new class. The schema can get extended when an eDirectory dependent application is installed such as ZENWorks or NMAS. The schema can also be extended using iManager or the schema extension utility ndssch on Linux. |
|
70 |
ndsModifyClassDef |
A class definition is modified. Example: Modify an existing object class or attribute definitions. |
|
71 |
ndsResetDSCounters |
The internal eDirectory counters are reset. |
|
72 |
ndsRemoveEntryDir |
A file directory associated with an entry is removed. |
|
73 |
ndsCompAttributeValue |
Attribute values are compared. Example: Compare an attribute value against any object.Perform an LDAP search operation against a User object to check if its telephone number is the same as the input value. |
|
74 |
ndsOpenStream |
A stream attribute is opened or closed. Example: Create or open a stream for read or write operations. Create a login script for a User object. It creates a file under the DIB directory, which results in the generation of this trap. |
|
75 |
ndsListSubordinates |
A List Subordinate Entries operation is performed on a container object. It is a one-level search. Example: Using iManager, click a container object to list the objects under it. |
|
76 |
ndsListContainerClasses |
A List Containable Classes operation is performed on an entry. Example: For a given object, list the container classes that can contain the given object. When queried against a user object, the container classes that can contain it are Organization, Organizational Unit, and Domain Classes. |
|
77 |
ndsInspectEntry |
An Inspect Entry operation is performed on an entry. Example: Inspect any entry to obtain information about the entry and to check if there are any errors that the entry has experienced.This event is generated as part of the Flat Cleaner background process of eDirectory, which results in this trap generation. |
|
78 |
ndsResendEntry |
A Resend Entry operation is performed on an entry. Example: During replication operation when an entry is resent because of a failure in sending the object earlier as a result of connection between the servers. |
|
79 |
ndsMutateEntry |
A Mutate Entry operation is performed on an entry. Example: Mutate a bindery object class to User object class. |
|
80 |
ndsMergeEntries |
Two entries are merged. Example: Merge two User objects. Merge Entry2 (ndsEntryName2) into Entry (ndsEntryName). |
|
81 |
ndsMergeTree |
Two eDirectory trees are merged. Example: Merge two eDirectory trees using DSMerge (ndsmerge on Linux, NDSCons on Windows). |
|
82 |
ndsCreateSubref |
A subordinate reference is created. Example: Delete the replica of the child partition from a server, the Subordinate Reference replica gets created automatically which results in the generation of this trap. |
|
83 |
ndsListPartitions |
A List Partitions operation is performed. Example: Using iManager, from Partition and Schema view, click the eDirectory Server object to list the partitions held by the server. |
|
84 |
ndsReadAttribute |
A value of an attribute is read. Example: Perform a search operation on the tree. |
|
85 |
ndsReadReferences |
An entry’s references are read. |
|
86 |
ndsUpdateReplica |
An Update Replica operation is performed on a partition replica. Example: Delete a user from one of the servers. The other replica is updated for the delete operation. |
|
87 |
ndsStartUpdateReplica |
A Start Update Replica operation is performed on a partition replica. Example: Delete a user from one of the servers. The other replica is updated for the delete operation. |
|
88 |
ndsEndUpdateReplica |
An End Update Replica operation is performed on a partition replica. Example: Delete a user from one of the servers. The other replica is updated for the delete operation. |
|
89 |
ndsSyncPartition |
A Synchronize Partition operation is performed on a partition replica. Example: Delete a user from one of the partitions. The sync can be observed using DSTrace. |
|
90 |
ndsSyncSchema |
The master replica of the root receives a request to synchronize its schema with the server. Example: Add a new class using iManager, LDAP tools, or ndssch utilities. |
|
91 |
ndsCreateBackLink |
A backlink is created. A backlink is created when an object not present locally is being referenced. Example: In a multi-server scenario, create a partition with some users. Delete this partition from one of the servers. This will create a subordinate reference. A backlink will be created for all the users present in the deleted partition. |
|
93 |
ndsChangeTreeName |
The tree name is changed. Example: Using the merge utility DSMerge/ndsmerge to rename the tree. |
|
94 |
ndsStartJoinPartition |
A Start Join operation is performed to merge partitions. Example: Merge or join partitions using LDAP tools. |
|
95 |
ndsAbortJoinPartition |
A Join Partition operation is aborted to stop merge partition. Example: Merge or join partitions using LDAP tools. |
|
96 |
ndsUpdateSchema |
An Update Schema operation is performed. Example: Add a new class using iManager, LDAP tools, or ndssch. |
|
97 |
ndsStartUpdateSchema |
A Start Update Schema operation is performed. Example: Add a new class using iManager, LDAP tools, or ndssch. |
|
98 |
ndsEndUpdateSchema |
An End Update Schema operation is performed. Example: Add a new class using iManager, LDAP tools, or ndssch. |
|
99 |
ndsMoveTree |
A Move Tree operation is performed. Example: Move a partition from one container to another. |
|
101 |
ndsConnectToAddress |
A connection is established with a particular address. Example: Browse the tree using iManager. |
|
102 |
ndsSearch |
A Search operation is performed. Example: Perform ldapsearch on the tree using LDAP tools. |
|
103 |
ndsPartitionStateChange |
A partition is created or deleted. Example: Create a new partition. |
|
104 |
ndsRemoveBacklink |
Unused external references are removed and the server sends a remove backlink request to the server holding the object. |
|
105 |
ndsLowLevelJoinPartition |
A low-level join is performed during merge partition operations. Example: Merge or join partitions using iManager or LDAP tools. |
|
106 |
ndsCreateNameBase |
An eDirectory namebase is created. |
|
107 |
ndsChangeSecurityEquals |
The Security Equals attribute is modified. Example: Change the security equivalent of any user and make it equal to admin using iManager. |
|
108 |
ndsRemoveEntry |
An entry is removed from eDirectory. Example: Delete any user using iManager. |
|
109 |
ndsCRCFailure |
A CRC failure occurs when fragmented NCP requests are being reconstructed. |
|
110 |
ndsModifyEntry |
An eDirectory entry is modified. Example: Modify attributes of any user using iManager. |
|
111 |
ndsNewSchemaEpoch |
The schema is reset using DSRepair. Example: Create a new schema epoch using ndsrepair -S -Ad on Linux. |
|
112 |
ndsLowLevelSplitPartition |
A low-level split is performed when a partition is being created. Example: Create a partition using iManager or LDAP tools. |
|
113 |
ndsReplicaInTransition |
A replica is added or removed. |
|
114 |
ndsAclModify |
A trustee of an object is changed (an Access Control List (ACL) object is changed). Example: Add, modify, or delete a trustee of an object using LDAP tools, ICE, or iManager. |
|
115 |
ndsLoginEnable |
A request for enabling the user account is received by the server. Example: Enable the Account Disable attribute using LDAP tools, ICE, or iManager. |
|
116 |
ndsLoginDisable |
A request for disabling the user account is received by the server. Example: Disable the Account Disable attribute using LDAP tools, ICE, or iManager. |
|
117 |
ndsDetectIntruder |
A user account is locked out because of intruder detection. Example: Locked by Intruder attribute using LDAP tools, ICE, or iManager. |
|
2001 |
ndsServerStart |
The subagent successfully reconnects to the eDirectory server. This trap consists of two variables:
Example: Bring down and bring up the eDirectory server when the subagent is up and running. |
|
2002 |
ndsServerStop |
The subagent loses its connection with the eDirectory server. This trap consists of two variables:
Example: Bring down the eDirectory server when the subagent is up and running. |
In eDirectory 8.8 and later, you can protect specific sensitive data when you store them on the disk and when you are trying to access them over the wire, by encrypting them. You can specify if you always need a secure channel to access the encrypted attributes or not. For more information, refer to Accessing the Encrypted Attributes.
When you have specified that you need only secure channels to access the encrypted attributes, NDS Value Events are blocked.Traps that are related to value events will have value data as NULL and you get an error, -6089, indicating that you need a secure channel to get the encrypted attributes value. Following are the traps which will have the value data as NULL:
ndsAddValue
ndsDeleteValue
ndsDeleteAttribute
The method of configuring traps differs from platform to platform.
|
Platform |
Utility |
|---|---|
|
Windows |
ndssnmpcfg |
|
Linux |
ndssnmpconfig |
The utility to configure traps on Windows is ndssnmpcfg. This utility is present in the install_path\ directory. Use this utility to enable and disable traps, set a time interval for individual traps, set a default time interval, enable traps for failure operations, and list all traps.
Usage:
ndssnmpcfg -h [hostname[:port]] -p password -a userFDN -c command
|
Parameter |
Description |
|---|---|
|
-h |
DNS host name or IP address |
|
-p |
userFDN password for authentication |
|
-a |
Fully Distinguished Name of a user having administrative rights |
|
-c |
Trap Commands (See Windows Trap Commands.) |
|
Trap Commands |
Description |
Usage |
|---|---|---|
|
DISABLE |
Disabling a trap refers to the NMS not receiving traps although they are being generated. |
To disable specific traps (for example, traps 10, 11, and 100): ndssnmpcfg "DISABLE 10, 11, 100" To disable all traps except 10, 11, and 100: ndssnmpcfg "DISABLE ID != 10, 11, 100" To disable all traps in the range 20 to 30: ndssnmpcfg "DISABLE 20-29" To disable all traps: ndssnmpcfg "DISABLE ALL" |
|
ENABLE |
Enabling a trap refers to the NMS receiving traps when they are generated. |
ndssnmpcfg "ENABLE trapSpec" trapSpec can be any one of the following: To enable specific traps (for example, traps 10, 11, and 100): ndssnmpcfg "ENABLE 10, 11, 100" To enable all traps except 10, 11, and 100: ndssnmpcfg "ENABLE ID != 10, 11, 100" To enable all traps in the range 20 to 30: ndssnmpcfg "ENABLE 20-29" To enable all traps: ndssnmpcfg "ENABLE ALL" |
|
INTERVAL |
This utility is used to set and view the time interval. The time interval determines how many seconds to delay before sending duplicate traps. The time interval set should be between 0 and 2592000 seconds. If the time interval set is out of range, then the default time interval is considered. If the time interval is set to zero, all the traps are sent. |
To view the time interval: ndssnmpcfg "213,240,79 INTERVAL" To set the time interval between multiple traps (for example, to set the time interval between traps 12, 17, and 101 to 5): ndssnmpcfg "12 17 101 INTERVAL 5" To view the default time interval: ndssnmpcfg "DEFAULT INTERVAL" To set the default time interval: ndssnmpcfg "DEFAULT INTERVAL=10" |
|
LIST |
Use this utility to view lists of trap numbers that meet specified criteria. |
ndssnmpcfg LIST trapSpec trapSpec is used to specify groups of trap numbers and can be any of the following keywords: ALL, ENABLED, DISABLED, FAILED, or a logical expression Examples: To list all enabled traps along with trap names: ndssnmpcfg LIST ENABLED To list all disabled traps along with trap names: ndssnmpcfg LIST DISABLED To list all traps (117) along with trap names: ndssnmpcfg LIST ALL To list specific traps like 12, 224, and 300 along with trap names: ndssnmpcfg LIST ID = 12,224,300 To list all traps except selected traps like 12, 224, and 300 along with trap names: ndssnmpcfg LIST ID != 12,224,300 To list all traps which have been enabled for failure with trap names: ndssnmpcfg LIST FAILED |
|
READ_CFG |
Use this command to reconfigure the directory configuration from the configuration file ndstrap.cfg. Any changes specified in the configuration file will then take effect. This utility is primarily used to put various commands together in the ndstrap.cfg and do the operation in one instance. The ndstrap.cfg is located in install directory\SNMP The ndstrap.cfg file specifies operational parameters to be used for trap configuration and provides a way to configure the operation of SNMP traps. This file is read whenever the trap configuration utility, ndssnmpcfg is executed with the READ_CFG command. |
ndssnmpcfg "READ_CFG" |
|
FAILURE |
This command is used to list all traps enabled for failure. Whenever an event fails, a failure trap is generated. NOTE:If the trap is enabled for failure and then disabled and again enabled using the enable trapid command, the trap is enabled for success and not for failure. |
ndssnmpcfg "FAILURE trapSpec" trapSpec consists of one or more trap numbers separated by commas or spaces, the keyword ALL, or a logical expression.Examples: To set failure for multiple traps: ndssnmpcfg "FAILURE 10,11,100" To set failure for all traps except the traps mentioned: ndssnmpcfg "FAILURE ID != 24,30" To set failure for all traps: ndssnmpcfg "FAILURE ALL" |
The utility to configure traps on Linux is ndssnmpconfig. This utility is present in the /etc/ndssnmp/ directory. Use this utility to enable and disable traps, set a time interval for individual traps, set a default time interval, enable traps for failure operations, and list all traps.
Usage:
ndssnmpconfig -h [hostname[:port]] -p password -a userFDN -c command
|
Parameter |
Description |
|---|---|
|
-h |
DNS host name or IP address |
|
-p |
userFDN password for authentication |
|
-a |
Fully distinguished name of a user having administrative rights |
|
-c |
Trap commands (See Linux Trap Commands.) |
|
Trap Commands |
Description |
Usage |
|---|---|---|
|
DISABLE |
Disabling a trap refers to the NMS not receiving traps though they are being generated. |
To disable specific traps (for example, traps 10, 11 and 100): ndssnmpconfig "DISABLE 10, 11, 100" To disable all traps except 10, 11, and 100: ndssnmpconfig "DISABLE ID != 10, 11, 100" To disable all traps in the range 20 to 30: ndssnmpconfig "DISABLE 20-29" To disable all traps: ndssnmpconfig "DISABLE ALL" |
|
ENABLE |
Enabling a trap refers to the NMS receiving traps when they are generated. |
ndssnmpconfig "ENABLE trapSpec" trapSpec can be any one of the following: To enable specific traps (for example, traps 10, 11, and 100): ndssnmpconfig "ENABLE 10, 11, 100" To enable all traps except 10, 11, and 100: ndssnmpconfig "ENABLE ID != 10, 11, 100" To enable all traps in the range 20 to 30: ndssnmpconfig "ENABLE 20-29" To enable all traps: ndssnmpconfig "ENABLE ALL" |
|
INTERVAL |
This utility is used to set and view the time interval. The time interval determines how many seconds to delay before sending duplicate traps. The time interval should be between 0 and 2592000 seconds. If the time interval is out of range, then the default time interval is considered. If the time interval is set to zero, all the traps are sent. |
To view the time interval: ndssnmpconfig "213,240,79 INTERVAL" To set the time interval between multiple traps (for example, to set the time interval between traps 12, 17, and 101 to 5): ndssnmpconfig "12 17 101 INTERVAL 5" To view the default time interval: ndssnmpconfig "DEFAULT INTERVAL" To set the default time interval: ndssnmpconfig "DEFAULT INTERVAL=10" |
|
LIST |
Use this utility to view lists of trap numbers that meet specified criteria. |
ndssnmpconfig LIST <trapSpec> trapSpec is used to specify groups of trap numbers and can be any of the following keywords: ALL, ENABLED, DISABLED, FAILED, or a logical expression Examples: To list all enabled traps along with trap names: ndssnmpconfig LIST ENABLED To list all disabled traps along with trap names: ndssnmpconfig LIST DISABLED To list all traps (117) along with trap names: ndssnmpconfig LIST ALL To list specific traps like 12, 224, and 300 along with trap names: ndssnmpconfig LIST ID = 12,224,300 To list all traps except selected traps like 12, 224, and 300 along with trap names: ndssnmpconfig LIST ID != 12,224,300 To list all traps that have been enabled for failure with trap names: ndssnmpconfig LIST FAILED |
|
READ_CFG |
Use this command to reconfigure the directory configuration from the configuration file ndstrap.cfg. Any changes specified in the configuration file will then take effect. This utility is primarily used to put various commands together in the ndstrap.cfg file and perform the operation in one instance. The ndstrap.cfg file is located in /etc/ndssnmp/. The ndstrap.cfg file specifies operational parameters to be used for trap configuration and provides a way to configure the operation of SNMP traps. This file is read whenever the trap configuration utility ndssnmpcfg is executed with the READ_CFG command. |
ndssnmpconfig "READ_CFG" |
|
FAILURE |
This command is used to list all traps enabled for failure. Whenever an event fails, a failure trap is generated. NOTE:If the trap is enabled for failure and then disabled and again enabled using the enable trapid command, the trap is enabled for success and not for failure. |
ndssnmpconfig "FAILURE trapSpec" trapSpec consists of one or more trap numbers separated by commas or spaces, the keyword ALL, or a logical expression. Examples: To set failure for multiple traps: ndssnmpconfig "FAILURE 10,11,100" To set failure for all traps except the traps mentioned: ndssnmpconfig "FAILURE ID != 24,30" To set failure for all traps: ndssnmpconfig "FAILURE ALL" |
|
Managed Objects in Directory |
Description |
|---|---|
|
ndsDbSrvApplIndex |
An index to uniquely identify the eDirectory Server Application. |
|
ndsDbDibSize |
Current size of the eDirectory Database in KB. |
|
ndsDbBlockSize |
Block size of the eDirectory Database in KB. |
|
ndsDbEntryCacheMaxSize |
Information on max size of the entry cache in KB. |
|
ndsDbBlockCacheMaxSize |
Information on max size of the block cache in KB. |
|
ndsDbEntryCacheCurrentSize |
Information on the current entry cache size. |
|
ndsDbBlockCacheCurrentSize |
Information on the current block cache size. |
|
ndsDbEntryCacheCount |
Information on the number of entries in the cache. |
|
ndsDbBlockCacheCount |
Information on the number of blocks in the cache. |
|
ndsDbEntryCacheOldVerCount |
Information on prior version entries in the cache. |
|
ndsDbBlockCacheOldVerCount |
Information on prior version blocks in the cache. |
|
ndsDbEntryCacheOldVerSize |
Information on prior version entry cache size. |
|
ndsDbBlockCacheOldVerSize |
Information on prior version block cache size. |
|
ndsDbEntryCacheHits |
Information on the number of entry hits. |
|
ndsDbBlockCacheHits |
Information on the number of block hits. |
|
ndsDbEntryCacheHitLooks |
Information on the number of entries examined to find hits. |
|
ndsDbBlockCacheHitLooks |
Information on the number of blocks examined to find hits. |
|
ndsDbEntryCacheFaults |
Information on the number of entry faults. |
|
ndsDbBlockCacheFaults |
Information on the number of block faults. |
|
ndsDbEntryCacheFaultLooks |
Information on the number of entries examined to determine misses. |
|
ndsDbBlockCacheFaultLooks |
Information on the number of blocks examined to determine misses. |
|
Managed Objects in Directory |
Description |
|---|---|
|
ndsDbCfgSrvApplIndex |
An index to uniquely identify the eDirectory Server Application. |
|
ndsDbCfgDynamicCacheAdjust |
Information on whether Dynamic Cache Adjust is on or off. 0 = off 1 = on |
|
ndsDbCfgDynamicCacheAdjustPercent |
Information on the Dynamic Cache Adjust percentage parameter of available memory. |
|
ndsDbCfgDynamicCacheAdjustMin |
Information on the Dynamic Cache Adjust Minimum value parameter. This is cache size constraint values in KB. |
|
ndsDbCfgDynamicCacheAdjustMinToLeave |
Information on the Dynamic Cache Adjust Minimum value parameter in KB that is to be subtracted from the total available memory in KB. |
|
ndsDbCfgHardLimitCacheAdjust |
Information on whether Hard Limit Cache Adjust is on or off. 0 = off 1 = on |
|
ndsDbCfgHardLimitCacheAdjustMax |
Information on the cache maximum size in KB. This is a hard limit parameter. |
|
ndsDbCfgBlockCachePercent |
Information on the block cache percentage. |
|
ndsDbCfgCacheAdjustInterval |
Information on the cache adjust interval in seconds. |
|
ndsDbCfgCacheCleanupInterval |
Information on the cache cleanup interval in seconds. |
|
ndsDbCfgPermanentSettings |
Information on whether Permanent Settings is on or off. 0 = off 1 = on |
|
Managed Objects in Directory |
Description |
|---|---|
|
ndsProtoIfSrvApplIndex |
An index to uniquely identify the eDirectory Server Application. |
|
ndsProtoIfIndex |
An index to uniquely identify an entry corresponding to an eDirectory Server protocol interface. |
|
ndsProtoIfDescription |
Information on the port being used by the DS protocol interface. |
|
ndsProtoIfUnauthBinds |
Number of unauthenticated/anonymous bind requests received. |
|
ndsProtoIfSimpleAuthBinds |
Number of bind requests that were authenticated using simple authentication procedures where the password is sent over the wire in encrypted or clear text format. |
|
ndsProtoIfStrongAuthBinds |
Number of bind requests that were authenticated using SASL and X.500 strong authentication procedures. This includes the binds that were authenticated using external authentication procedures. |
|
ndsProtoIfBindSecurityErrors |
Number of bind requests that have been rejected due to inappropriate authentication or invalid credentials. |
|
ndsProtoIfInOps |
Number of requests received from DUAs or other eDirectory servers. |
|
ndsProtoIfReadOps |
Number of read requests received. |
|
ndsProtoIfCompareOps |
Number of compare requests received. |
|
ndsProtoIfAddEntryOps |
Number of addEntry requests received. |
|
ndsProtoIfRemoveEntryOps |
Number of removeEntry requests received. |
|
ndsProtoIfModifyEntryOps |
Number of modifyEntry requests received. |
|
ndsProtoIfModifyRDNOps |
Number of modifyRDN requests received. |
|
ndsProtoIfListOps |
Number of list requests received. |
|
ndsProtoIfSearchOps |
Number of search requests (baseObject searches, oneLevel searches, and whole subtree searches) received. |
|
ndsProtoIfOneLevelSearchOps |
Number of oneLevel search requests received. |
|
ndsProtoIfWholeSubtreeSearchOps |
Number of whole subtree search requests received. |
|
ndsProtoIfExtendedOps |
Number of extended operations. |
|
ndsProtoIfReferrals |
Number of referrals returned in response to requests for operations. |
|
ndsProtoIfChainings |
Number of operations forwarded by this eDirectory server to other eDirectory servers. |
|
ndsProtoIfSecurityErrors |
Number of requests received that did not meet the security requirements. |
|
ndsProtoIfErrors |
Number of requests that could not be serviced because of errors other than security errors and referrals. A partially serviced operation is not counted as an error. The errors include naming-related, update-related, attribute-related, and service-related errors. |
|
ndsProtoIfReplicationUpdatesIn |
Number of replication updates fetched or received from eDirectory servers. |
|
ndsProtoIfReplicationUpdatesOut |
Number of replication updates sent to or taken by eDirectory servers. |
|
ndsProtoIfInBytes |
Incoming traffic, in bytes, on the interface. This includes requests from DUAs as well as responses from other eDirectory servers. |
|
ndsProtoIfOutBytes |
Outgoing traffic, in bytes, on the interface. This includes responses to DUAs and eDirectory servers as well as requests to other eDirectory servers. |
|
Managed Objects in Directory |
Description |
|---|---|
|
ndsSrvIntSrvApplIndex |
An index to uniquely identify an eDirectory server application. |
|
ndsSrvIntProtoIfIndex |
An index to uniquely identify an entry corresponding to an eDirectory server protocol interface. |
|
ndsSrvIntIndex |
Together with ndsSrvIntSrvApplIndex and ndsSrvIntProtoIfIndex, this object forms the unique key to identify the conceptual row that contains useful information on the (attempted) interaction between the eDirectory server (referred to by applIndex) and a peer eDirectory server using a particular protocol. |
|
ndsSrvIntURL |
URL of the peer eDirectory server. |
|
ndsSrvIntTimeOfCreation |
The total number of seconds since midnight (12 a.m.) of 1 January 1970 GMT (UT) when this row was created. |
|
ndsSrvIntTimeOfLastAttempt |
The total number of seconds since midnight (12 a.m.) of 1 January 1970 GMT (UT) when the last attempt was made to contact the peer eDirectory server. |
|
ndsSrvIntTimeOfLastSuccess |
The total number of seconds since midnight (12 a.m.) of 1 January 1970 GMT (UT) when the last attempt made to contact the peer eDirectory server was successful. |
|
ndsSrvIntFailuresSinceLastSuccess |
The number of failures since the last time an attempt to contact the peer eDirectory server was successful. If there have been no successful attempts, this counter will contain the number of failures since this entry was created. |
|
ndsSrvIntFailures |
Cumulative failures in contacting the peer eDirectory server since the creation of this entry. |
|
ndsSrvIntSuccesses |
Cumulative successes in contacting the peer eDirectory server since the creation of this entry. |