18.5 Monitoring eDirectory Using SNMP

eDirectory is monitored using the traps and statistics feature of SNMP.

To monitor an eDirectory server using SNMP, you need the following rights over the NCP server, LDAP group and LDAP server objects:

By default a user who has logged in with the administrative rights does not face any problem in monitoring an eDirectory server using SNMP.

18.5.1 Traps

The SNMP component generates a total of 119 traps out of which traps ndsServerStart (2001) and ndsServerStop (2002) cannot be configured. These traps are enabled by default.

You can use a MIB browser to check the generated traps.

Trap Number

Trap Name

Trap Is Generated When

1

ndsCreateEntry

A new object is added in the directory.

Example:

Create an object using LDAP tools, ICE, ConsoleOne®, or iManager.

2

ndsDeleteEntry

An existing object is deleted.

Example:

Create an object using LDAP tools, ICE, ConsoleOne, or iManager.

3

ndsRenameEntry

An existing object is renamed.

Example:

Rename an object using LDAP tools, ICE, ConsoleOne, or iManager.

4

ndsMoveSourceEntry

An object is moved to a different context. The trap gives the context of the object before movement.

Example:

Move an object using ldapmodrdn or ldapsdk.

5

ndsAddValue

A value is added to an object attribute.

Example:

Add new values to attributes using LDAP tools, ICE, ConsoleOne, or iManager.

NOTE:If the return value is NULL, you might have to access the directory over a secure channel. For more information, refer to Accessing the Encrypted Attributes

6

ndsDeleteValue

A value is deleted from an object attribute.

Example:

Delete new values to attributes using LDAP tools, ICE, ConsoleOne, or iManager.

NOTE:If the return value is NULL, you might have to access the directory over a secure channel. For more information, refer to Accessing the Encrypted Attributes

7

ndsCloseStream

A stream attribute is modified.

8

ndsDeleteAttribute

A value is deleted from a single-value attribute.

Example:

Delete an attribute using LDAP tools, ICE, ConsoleOne, or iManager.

NOTE:If the return value is NULL, you might have to access the directory over a secure channel. For more information, refer to Accessing the Encrypted Attributes.

9

ndsCheckSecurityEquiv

The security equivalence vector for the particular entry is checked.

Example:

Change the security equivalence attribute using LDAP tools, ICE, ConsoleOne, or iManager.

10

ndsUpdateSecurityEquiv

The security equivalence vector for the particular entry is modified.

Example:

Change the security equivalence attribute using LDAP tools, ICE, ConsoleOne, or iManager.

11

ndsMoveDestEntry

An object is moved to a different context. The trap will give the context that the object is moved to.

Example:

Move objects using ldapmodrdn or ldapsdk.

12

ndsDeleteUnusedExtref

A backlink object is deleted.

13

ndsAgentOpenLocal

The local directory agent is opened.

Example:

Run unattended repair.

14

ndsAgentCloseLocal

The local directory agent is closed.

Example:

Run unattended repair.

15

ndsDSABadVerb

An incorrect verb number is associated with an DSAgent request.

Example:

Pass a bad verb request to eDirectory using DClient calls.

16

ndsMoveSubtree

A container and its subordinate object are moved.

Example: When a partition is moved to a different context using LDAP tools, ICE, ConsoleOne, or iManager.

17

ndsNoReplicaPointer

A replica has no replica pointer associated with it.

18

ndsSyncInEnd

Inbound synchronization is completed.

19

ndsBacklinkSecurEquiv

A backlink operation has updated an object’s security equivalence vector.

Example:

Change the security equivalence attribute using LDAP tools, ICE, ConsoleOne, or iManager.

20

ndsBacklinkOperPrivChg

A backlink operation has changed an object’s console operator privileges.

21

ndsDeleteSubtree

A container and its subordinate objects have been deleted.

22

ndsReferral

A referral is created.

23

ndsUpdateClassDef

A schema class definition is updated.

Example:

When a new class or attribute is added to a primary and this gets synchronized with the secondary using LDAP tools, ICE, ConsoleOne, or iManager, this trap is generated.

24

ndsUpdateAttributeDef

A schema attribute definition is updated.

Example:

When a new attribute is added to a primary and this is synchronized with the secondary using LDAP tools, ICE, ConsoleOne, or iManager, this trap is generated.

25

ndsLostEntry

eDirectory encounters a lost entry. A lost entry is an entry that does not exist on the local server, but for which updates are being received.

26

ndsPurgeEntryFail

The purge operation fails.

27

ndsPurgeStart

The purge operation is started.

Example:

Run DSTrace and Set ndstrace=*j.

28

ndsPurgeEnd

The purge operation is completed.

Example:

Run DSTrace and Set ndstrace=*j.

29

ndsLimberDone

The limber operation is completed.

Example:

Configure DSTrace to start limber after a particular interval of time.

30

ndsPartitionSplitDone

The split partition operation is completed.

Example:

Create a partition using ConsoleOne or iManager.

31

ndsSyncServerOutStart

Outbound synchronization from a particular server is started.

Example:

Configure DSTrace to start outbound synchronization after a particular interval of time.

32

ndsSyncServerOutEnd

Outbound synchronization from a particular server is completed.

Example:

Configure DSTrace to stop outbound synchronization after a particular interval of time.

33

ndsSyncPartitionStart

Partition synchronization is started.

Example:

Partition one of the containers.

34

ndsSyncPartitionEnd

Partition synchronization is completed.

Example:

Partition one of the containers.

35

ndsMoveTreeStart

Movement of a subtree is started.

A subtree is moved when a partition is moved.

Example:

Using ConsoleOne or iManager, create a partition and move the partition to another container.

36

ndsMoveTreeEnd

Movement of a subtree is completed.

A subtree is moved when a partition is merged.

Example:

Using ConsoleOne or iManager, create a partition and move the partition to another container.

37

ndsJoinPartitionDone

Joining of partitions is completed.

Example:

Using ConsoleOne or iManager, create a partition and merge the partition.

38

ndsPartitionLocked

A partition gets locked (for example, before merging the partitions).

Example:

Using ConsoleOne or iManager, create a partition.

39

ndsPartitionUnlocked

A partition gets unlocked (for example, after merging the partitions).

Example:

Using ConsoleOne or iManager, create a partition.

40

ndsSchemaSync

Schema are synchronized.

Example:

Schedule schema synchronization using ldapsdk schsync.

41

ndsNameCollision

Two objects on different servers have the same name (they collide).

Example:

Disable the outbound synchronization of the primary and secondary servers of a tree using iMonitor. Add some User objects to both the servers using LDAP tools. Then enable the outbound synchronization of both servers using iMonitor.

43

ndsChangeModuleState

An eDirectory module (NLM / DLM) is loaded or unloaded.

Example:

Load or unload the nldap module.

44

ndsLumberDone

The limber background process is started.

45

ndsBacklinkProcDone

The backlink process is completed.

Example:

Configure DSTrace to start backlink after a particular interval of time.

46

ndsServerRename

A server is renamed.

Example:

Use ldapmodrdn or ldapsdk to rename the server.

47

ndsSyntheticTime

Objects are created with future time stamps. To synchronize eDirectory servers, synthetic time might be invoked.

Example:

Add a secondary server to the tree using ndsconfig.

48

ndsServerAddressChange

Limber changes a server referral.

Example:

Change the IP address of the server and restart ndsd.

49

ndsDSARead

An entry is read.

This trap is generated for all operations on eDirectory.

Example:

Use ldapsearch to generate traps.

50

ndsLogin

eDirectory is logged in to.

Example:

Login to the tree using ndslogin.

51

ndsChangePassword

A password is changed.

Example:

Change the password of a user object using ldapmodify.

52

ndsLogout

eDirectory is logged out of.

Example:

Detach the connection to the tree from Novell Client.

53

ndsAddReplica

A replica is added to a server partition.

Example:

Add a new replica to the tree using ndsconfig.

54

ndsRemoveReplica

A replica is deleted.

Example:

Delete a replica from one of the servers using ConsoleOne or iManager.

55

ndsSplitPartition

A partition is split.

Example:

Create a partition using ConsoleOne or iManager.

56

ndsJoinPartition

A parent partition is joined with a child partition.

Example:

Create a partition and join the partition using ConsoleOne or iManager.

57

ndsChangeReplicaType

A partition replica's type is changed.

Example:

Change the replica type from Master replica to Read-Write replica.

58

ndsAddEntry

A new object is added.

Example:

Add a user object using ConsoleOne or iManager.

59

ndsAbortPartitionOp

A partition operation is aborted.

Example:

Partition a container and abort the partitioning operation.

60

ndsRecvReplicaUpdates

A replica receives an update during synchronization.

Example:

An eDirectory server in a multiple-server tree setup requests updates on the replica that it holds. This operation can be done using ConsoleOne or iManager.

61

ndsRepairTimeStamps

A replica's time stamps are repaired.

Example:

Perform a DIB repair operation for timestamps using DSRepair (ndsrepair on Linux, or NDSCons on Windows).

62

ndsSendReplicaUpdates

A replica is updated during synchronization.

Example:

When an eDirectory server in a multiple servers tree setup sends for updates on the replica that it holds. This operation can be done using ConsoleOne or iManager.

63

ndsVerifyPass

A password is verified.

Example:

When the password expires, re-enter the password for confirmation at the change password prompt.

64

ndsBackupEntry

An entry is backed up.

Example:

Back up Directory objects using the Backup utility (ndsbackup on Linux, NDSCons on Windows).

65

ndsRestoreEntry

An entry is restored.

Example:

Restore the backed-up Directory objects using the Backup utility (ndsbackup on Linux , NDSCons on Windows).

66

ndsDefineAttributeDef

An attribute definition is added to the schema.

Example:

Extend the eDirectory tree schema by adding a new attribute definition. The schema can get extended when an eDirectory dependent application is installed such as ZENWorks® or NMAS™. The schema can also be extended using ConsoleOne, iManager, or the schema extension utility ndssch on Linux.

67

ndsRemoveAttributeDef

An attribute definition is removed from the schema.

Example:

Delete an attribute definition from the eDirectory tree schema. The attribute can be deleted using ConsoleOne, iManager or the schema extension utility ndssch on Linux.

68

ndsRemoveClassDef

A class definition is removed from the schema.

Example:

Delete an object class definition from the eDirectory tree schema. This can be deleted using ConsoleOne, iManager, or the schema extension utility ndssch on Linux.

69

ndsDefineClassDef

A class definition is added to the schema.

Example:

Extend the eDirectory tree schema by adding a new class. The schema can get extended when an eDirectory dependent application is installed such as ZENWorks or NMAS. The schema can also be extended using ConsoleOne, iManager, or the schema extension utility ndssch on Linux.

70

ndsModifyClassDef

A class definition is modified.

Example:

Modify an existing object class or attribute definitions.

71

ndsResetDSCounters

The internal eDirectory counters are reset.

72

ndsRemoveEntryDir

A file directory associated with an entry is removed.

73

ndsCompAttributeValue

Attribute values are compared.

Example:

Compare an attribute value against any object.Perform an LDAP search operation against a User object to check if its telephone number is the same as the input value.

74

ndsOpenStream

A stream attribute is opened or closed.

Example:

Create or open a stream for read or write operations. Create a login script for a User object. It creates a file under the DIB directory, which results in the generation of this trap.

75

ndsListSubordinates

A List Subordinate Entries operation is performed on a container object. It is a one-level search.

Example:

Using ConsoleOne or iManager, click a container object to list the objects under it.

76

ndsListContainerClasses

A List Containable Classes operation is performed on an entry.

Example:

For a given object, list the container classes that can contain the given object.

When queried against a user object, the container classes that can contain it are Organization, Organizational Unit, and Domain Classes.

77

ndsInspectEntry

An Inspect Entry operation is performed on an entry.

Example:

Inspect any entry to obtain information about the entry and to check if there are any errors that the entry has experienced.This event is generated as part of the Flat Cleaner background process of eDirectory, which results in this trap generation.

78

ndsResendEntry

A Resend Entry operation is performed on an entry.

Example:

During replication operation when an entry is resent because of a failure in sending the object earlier as a result of connection between the servers.

79

ndsMutateEntry

A Mutate Entry operation is performed on an entry.

Example:

Mutate a bindery object class to User object class.

80

ndsMergeEntries

Two entries are merged.

Example:

Merge two User objects. Merge Entry2 (ndsEntryName2) into Entry (ndsEntryName).

81

ndsMergeTree

Two eDirectory trees are merged.

Example:

Merge two eDirectory trees using DSMerge (ndsmerge on Linux, NDSCons on Windows).

82

ndsCreateSubref

A subordinate reference is created.

Example:

Delete the replica of the child partition from a server, the Subordinate Reference replica gets created automatically which results in the generation of this trap.

83

ndsListPartitions

A List Partitions operation is performed.

Example:

Using ConsoleOne or iManager, from Partition and Schema view, click the eDirectory Server object to list the partitions held by the server.

84

ndsReadAttribute

A value of an attribute is read.

Example:

Perform a search operation on the tree.

85

ndsReadReferences

An entry’s references are read.

86

ndsUpdateReplica

An Update Replica operation is performed on a partition replica.

Example:

Delete a user from one of the servers. The other replica is updated for the delete operation.

87

ndsStartUpdateReplica

A Start Update Replica operation is performed on a partition replica.

Example:

Delete a user from one of the servers. The other replica is updated for the delete operation.

88

ndsEndUpdateReplica

An End Update Replica operation is performed on a partition replica.

Example:

Delete a user from one of the servers. The other replica is updated for the delete operation.

89

ndsSyncPartition

A Synchronize Partition operation is performed on a partition replica.

Example:

Delete a user from one of the partitions. The sync can be observed using DSTrace.

90

ndsSyncSchema

The master replica of the root receives a request to synchronize its schema with the server.

Example:

Add a new class using ConsoleOne > Wizard > Schema, LDAP tools, or ndssch utilities.

91

ndsCreateBackLink

A backlink is created. A backlink is created when an object not present locally is being referenced.

Example:

In a multi-server scenario, create a partition with some users. Delete this partition from one of the servers. This will create a subordinate reference. A backlink will be created for all the users present in the deleted partition.

93

ndsChangeTreeName

The tree name is changed.

Example:

Using the merge utility DSMerge/ndsmerge to rename the tree.

94

ndsStartJoinPartition

A Start Join operation is performed to merge partitions.

Example:

Merge or join partitions using ConsoleOne or LDAP tools.

95

ndsAbortJoinPartition

A Join Partition operation is aborted to stop merge partition.

Example:

Merge or join partitions using ConsoleOne or LDAP tools.

96

ndsUpdateSchema

An Update Schema operation is performed.

Example:

Add a new class using ConsoleOne > Wizard > Schema, LDAP tools, or ndssch.

97

ndsStartUpdateSchema

A Start Update Schema operation is performed.

Example:

Add a new class using ConsoleOne > Wizard > Schema, LDAP tools, or ndssch.

98

ndsEndUpdateSchema

An End Update Schema operation is performed.

Example:

Add a new class using ConsoleOne > Wizard > Schema, LDAP tools, or ndssch.

99

ndsMoveTree

A Move Tree operation is performed.

Example:

Move a partition from one container to another.

101

ndsConnectToAddress

A connection is established with a particular address.

Example:

Browse the tree using ConsoleOne or iManager.

102

ndsSearch

A Search operation is performed.

Example:

Perform ldapsearch on the tree using LDAP tools.

103

ndsPartitionStateChange

A partition is created or deleted.

Example:

Create a new partition.

104

ndsRemoveBacklink

Unused external references are removed and the server sends a remove backlink request to the server holding the object.

105

ndsLowLevelJoinPartition

A low-level join is performed during merge partition operations.

Example:

Merge or join partitions using ConsoleOne, iManager, or LDAP tools.

106

ndsCreateNameBase

An eDirectory namebase is created.

107

ndsChangeSecurityEquals

The Security Equals attribute is modified.

Example:

Change the security equivalent of any user and make it equal to admin using ConsoleOne or iManager.

108

ndsRemoveEntry

An entry is removed from eDirectory.

Example:

Delete any user using ConsoleOne or iManager.

109

ndsCRCFailure

A CRC failure occurs when fragmented NCP requests are being reconstructed.

110

ndsModifyEntry

An eDirectory entry is modified.

Example:

Modify attributes of any user using ConsoleOne or iManager.

111

ndsNewSchemaEpoch

The schema is reset using DSRepair.

Example:

Create a new schema epoch using ndsrepair -S -Ad on Linux.

112

ndsLowLevelSplitPartition

A low-level split is performed when a partition is being created.

Example:

Create a partition using ConsoleOne, iManager, or LDAP tools.

113

ndsReplicaInTransition

A replica is added or removed.

114

ndsAclModify

A trustee of an object is changed (an Access Control List (ACL) object is changed).

Example:

Add, modify, or delete a trustee of an object using LDAP tools, ICE, ConsoleOne, or iManager.

115

ndsLoginEnable

A request for enabling the user account is received by the server.

Example:

Enable the Account Disable attribute using LDAP tools, ICE, ConsoleOne, or iManager.

116

ndsLoginDisable

A request for disabling the user account is received by the server.

Example:

Disable the Account Disable attribute using LDAP tools, ICE, ConsoleOne, or iManager.

117

ndsDetectIntruder

A user account is locked out because of intruder detection.

Example:

Locked by Intruder attribute using LDAP tools, ICE, ConsoleOne, or iManager.

2001

ndsServerStart

The subagent successfully reconnects to the eDirectory server. This trap consists of two variables:

  • ndsTrapTime: This variable contains the total number of seconds since midnight (12 a.m.) of 1 January 1970 GMT (UT), when the subagent successfully reconnected to the eDirectory server.

  • ndsServerName: eDirectory server to which the subagent reconnected successfully.

Example:

Bring down and bring up the eDirectory server when the subagent is up and running.

2002

ndsServerStop

The subagent loses its connection with the eDirectory server. This trap consists of two variables:

  • ndsTrapTime: This variable contains the total number of seconds since midnight (12 a.m.) of 1 January 1970 GMT (UT), when the subagent lost connection with the eDirectory server.

  • ndsServerName: eDirectory server to which the subagent lost its connection.

Example:

Bring down the eDirectory server when the subagent is up and running.

Accessing the Encrypted Attributes

In eDirectory 8.8 and later, you can protect specific sensitive data when you store them on the disk and when you are trying to access them over the wire, by encrypting them. You can specify if you always need a secure channel to access the encrypted attributes or not. For more information, refer to Section 12.1.3, Accessing the Encrypted Attributes.

When you have specified that you need only secure channels to access the encrypted attributes, NDS Value Events are blocked.Traps that are related to value events will have value data as NULL and you get an error, -6089, indicating that you need a secure channel to get the encrypted attributes value. Following are the traps which will have the value data as NULL:

  • ndsAddValue

  • ndsDeleteValue

  • ndsDeleteAttribute

18.5.2 Configuring Traps

The method of configuring traps differs from platform to platform.

Platform

Utility

Windows

ndssnmpcfg

Linux

ndssnmpconfig

Windows

The utility to configure traps on Windows is ndssnmpcfg. This utility is present in the install_path\ directory. Use this utility to enable and disable traps, set a time interval for individual traps, set a default time interval, enable traps for failure operations, and list all traps.

Usage:

ndssnmpcfg -h [hostname[:port]] -p password -a userFDN -c command

Parameter

Description

-h

DNS host name or IP address

-p

userFDN password for authentication

-a

Fully Distinguished Name of a user having administrative rights

-c

Trap Commands (See Windows Trap Commands.)

Windows Trap Commands

Trap Commands

Description

Usage

DISABLE

Disabling a trap refers to the NMS not receiving traps although they are being generated.

To disable specific traps (for example, traps 10, 11, and 100):

ndssnmpcfg "DISABLE 10, 11, 100"

To disable all traps except 10, 11, and 100:

ndssnmpcfg "DISABLE ID != 10, 11, 100"

To disable all traps in the range 20 to 30:

ndssnmpcfg "DISABLE 20-29"

To disable all traps:

ndssnmpcfg "DISABLE ALL"

ENABLE

Enabling a trap refers to the NMS receiving traps when they are generated.

ndssnmpcfg "ENABLE trapSpec"

trapSpec can be any one of the following:

To enable specific traps (for example, traps 10, 11, and 100):

ndssnmpcfg "ENABLE 10, 11, 100"

To enable all traps except 10, 11, and 100:

ndssnmpcfg "ENABLE ID != 10, 11, 100"

To enable all traps in the range 20 to 30:

ndssnmpcfg "ENABLE 20-29"

To enable all traps:

ndssnmpcfg "ENABLE ALL"

INTERVAL

This utility is used to set and view the time interval.

The time interval determines how many seconds to delay before sending duplicate traps.

The time interval set should be between 0 and 2592000 seconds.

If the time interval set is out of range, then the default time interval is considered.

If the time interval is set to zero, all the traps are sent.

To view the time interval:

ndssnmpcfg "213,240,79 INTERVAL"

To set the time interval between multiple traps (for example, to set the time interval between traps 12, 17, and 101 to 5):

ndssnmpcfg "12 17 101 INTERVAL 5"

To view the default time interval:

ndssnmpcfg "DEFAULT INTERVAL"

To set the default time interval:

ndssnmpcfg "DEFAULT INTERVAL=10"

LIST

Use this utility to view lists of trap numbers that meet specified criteria.

ndssnmpcfg LIST trapSpec

trapSpec is used to specify groups of trap numbers and can be any of the following keywords:

ALL, ENABLED, DISABLED, FAILED, or a logical expression

Examples:

To list all enabled traps along with trap names:

ndssnmpcfg LIST ENABLED

To list all disabled traps along with trap names:

ndssnmpcfg LIST DISABLED

To list all traps (117) along with trap names:

ndssnmpcfg LIST ALL

To list specific traps like 12, 224, and 300 along with trap names:

ndssnmpcfg LIST ID = 12,224,300

To list all traps except selected traps like 12, 224, and 300 along with trap names:

ndssnmpcfg LIST ID != 12,224,300

To list all traps which have been enabled for failure with trap names:

ndssnmpcfg LIST FAILED

READ_CFG

Use this command to reconfigure the directory configuration from the configuration file ndstrap.cfg.

Any changes specified in the configuration file will then take effect. This utility is primarily used to put various commands together in the ndstrap.cfg and do the operation in one instance.

The ndstrap.cfg is located in install directory\SNMP

The ndstrap.cfg file specifies operational parameters to be used for trap configuration and provides a way to configure the operation of SNMP traps. This file is read whenever the trap configuration utility, ndssnmpcfg is executed with the READ_CFG command.

ndssnmpcfg "READ_CFG"

FAILURE

This command is used to list all traps enabled for failure.

Whenever an event fails, a failure trap is generated.

NOTE:If the trap is enabled for failure and then disabled and again enabled using the enable trapid command, the trap is enabled for success and not for failure.

ndssnmpcfg "FAILURE trapSpec"

trapSpec consists of one or more trap numbers separated by commas or spaces, the keyword ALL, or a logical expression.Examples:

To set failure for multiple traps:

ndssnmpcfg "FAILURE 10,11,100"

To set failure for all traps except the traps mentioned:

ndssnmpcfg "FAILURE ID != 24,30"

To set failure for all traps:

ndssnmpcfg "FAILURE ALL"

Linux

The utility to configure traps on Linux is ndssnmpconfig. This utility is present in the /etc/ndssnmp/ directory. Use this utility to enable and disable traps, set a time interval for individual traps, set a default time interval, enable traps for failure operations, and list all traps.

Usage:

ndssnmpconfig -h [hostname[:port]] -p password -a userFDN -c command

Parameter

Description

-h

DNS host name or IP address

-p

userFDN password for authentication

-a

Fully distinguished name of a user having administrative rights

-c

Trap commands (See Linux Trap Commands.)

Linux Trap Commands

Trap Commands

Description

Usage

DISABLE

Disabling a trap refers to the NMS not receiving traps though they are being generated.

To disable specific traps (for example, traps 10, 11 and 100):

ndssnmpconfig "DISABLE 10, 11, 100"

To disable all traps except 10, 11, and 100:

ndssnmpconfig "DISABLE ID != 10, 11, 100"

To disable all traps in the range 20 to 30:

ndssnmpconfig "DISABLE 20-29"

To disable all traps:

ndssnmpconfig "DISABLE ALL"

ENABLE

Enabling a trap refers to the NMS receiving traps when they are generated.

ndssnmpconfig "ENABLE trapSpec"

trapSpec can be any one of the following:

To enable specific traps (for example, traps 10, 11, and 100):

ndssnmpconfig "ENABLE 10, 11, 100"

To enable all traps except 10, 11, and 100:

ndssnmpconfig "ENABLE ID != 10, 11, 100"

To enable all traps in the range 20 to 30:

ndssnmpconfig "ENABLE 20-29"

To enable all traps:

ndssnmpconfig "ENABLE ALL"

INTERVAL

This utility is used to set and view the time interval.

The time interval determines how many seconds to delay before sending duplicate traps.

The time interval should be between 0 and 2592000 seconds.

If the time interval is out of range, then the default time interval is considered.

If the time interval is set to zero, all the traps are sent.

To view the time interval:

ndssnmpconfig "213,240,79 INTERVAL"

To set the time interval between multiple traps (for example, to set the time interval between traps 12, 17, and 101 to 5):

ndssnmpconfig "12 17 101 INTERVAL 5"

To view the default time interval:

ndssnmpconfig "DEFAULT INTERVAL"

To set the default time interval:

ndssnmpconfig "DEFAULT INTERVAL=10"

LIST

Use this utility to view lists of trap numbers that meet specified criteria.

ndssnmpconfig LIST <trapSpec>

trapSpec is used to specify groups of trap numbers and can be any of the following keywords:

ALL, ENABLED, DISABLED, FAILED, or a logical expression

Examples:

To list all enabled traps along with trap names:

ndssnmpconfig LIST ENABLED

To list all disabled traps along with trap names:

ndssnmpconfig LIST DISABLED

To list all traps (117) along with trap names:

ndssnmpconfig LIST ALL

To list specific traps like 12, 224, and 300 along with trap names:

ndssnmpconfig LIST ID = 12,224,300

To list all traps except selected traps like 12, 224, and 300 along with trap names:

ndssnmpconfig LIST ID != 12,224,300

To list all traps that have been enabled for failure with trap names:

ndssnmpconfig LIST FAILED

READ_CFG

Use this command to reconfigure the directory configuration from the configuration file ndstrap.cfg.

Any changes specified in the configuration file will then take effect. This utility is primarily used to put various commands together in the ndstrap.cfg file and perform the operation in one instance.

The ndstrap.cfg file is located in /etc/ndssnmp/.

The ndstrap.cfg file specifies operational parameters to be used for trap configuration and provides a way to configure the operation of SNMP traps. This file is read whenever the trap configuration utility ndssnmpcfg is executed with the READ_CFG command.

ndssnmpconfig "READ_CFG"

FAILURE

This command is used to list all traps enabled for failure.

Whenever an event fails, a failure trap is generated.

NOTE:If the trap is enabled for failure and then disabled and again enabled using the enable trapid command, the trap is enabled for success and not for failure.

ndssnmpconfig "FAILURE trapSpec"

trapSpec consists of one or more trap numbers separated by commas or spaces, the keyword ALL, or a logical expression.

Examples:

To set failure for multiple traps:

ndssnmpconfig "FAILURE 10,11,100"

To set failure for all traps except the traps mentioned:

ndssnmpconfig "FAILURE ID != 24,30"

To set failure for all traps:

ndssnmpconfig "FAILURE ALL"

18.5.3 Statistics

ndsDbCache

Managed Objects in Directory

Description

ndsDbSrvApplIndex

An index to uniquely identify the eDirectory Server Application.

ndsDbDibSize

Current size of the eDirectory Database in KB.

ndsDbBlockSize

Block size of the eDirectory Database in KB.

ndsDbEntryCacheMaxSize

Information on max size of the entry cache in KB.

ndsDbBlockCacheMaxSize

Information on max size of the block cache in KB.

ndsDbEntryCacheCurrentSize

Information on the current entry cache size.

ndsDbBlockCacheCurrentSize

Information on the current block cache size.

ndsDbEntryCacheCount

Information on the number of entries in the cache.

ndsDbBlockCacheCount

Information on the number of blocks in the cache.

ndsDbEntryCacheOldVerCount

Information on prior version entries in the cache.

ndsDbBlockCacheOldVerCount

Information on prior version blocks in the cache.

ndsDbEntryCacheOldVerSize

Information on prior version entry cache size.

ndsDbBlockCacheOldVerSize

Information on prior version block cache size.

ndsDbEntryCacheHits

Information on the number of entry hits.

ndsDbBlockCacheHits

Information on the number of block hits.

ndsDbEntryCacheHitLooks

Information on the number of entries examined to find hits.

ndsDbBlockCacheHitLooks

Information on the number of blocks examined to find hits.

ndsDbEntryCacheFaults

Information on the number of entry faults.

ndsDbBlockCacheFaults

Information on the number of block faults.

ndsDbEntryCacheFaultLooks

Information on the number of entries examined to determine misses.

ndsDbBlockCacheFaultLooks

Information on the number of blocks examined to determine misses.

ndsDbConfig

Managed Objects in Directory

Description

ndsDbCfgSrvApplIndex

An index to uniquely identify the eDirectory Server Application.

ndsDbCfgDynamicCacheAdjust

Information on whether Dynamic Cache Adjust is on or off. 0 = off 1 = on

ndsDbCfgDynamicCacheAdjustPercent

Information on the Dynamic Cache Adjust percentage parameter of available memory.

ndsDbCfgDynamicCacheAdjustMin

Information on the Dynamic Cache Adjust Minimum value parameter. This is cache size constraint values in KB.

ndsDbCfgDynamicCacheAdjustMinToLeave

Information on the Dynamic Cache Adjust Minimum value parameter in KB that is to be subtracted from the total available memory in KB.

ndsDbCfgHardLimitCacheAdjust

Information on whether Hard Limit Cache Adjust is on or off. 0 = off 1 = on

ndsDbCfgHardLimitCacheAdjustMax

Information on the cache maximum size in KB. This is a hard limit parameter.

ndsDbCfgBlockCachePercent

Information on the block cache percentage.

ndsDbCfgCacheAdjustInterval

Information on the cache adjust interval in seconds.

ndsDbCfgCacheCleanupInterval

Information on the cache cleanup interval in seconds.

ndsDbCfgPermanentSettings

Information on whether Permanent Settings is on or off. 0 = off 1 = on

ndsProtoIfOps

Managed Objects in Directory

Description

ndsProtoIfSrvApplIndex

An index to uniquely identify the eDirectory Server Application.

ndsProtoIfIndex

An index to uniquely identify an entry corresponding to an eDirectory Server protocol interface.

ndsProtoIfDescription

Information on the port being used by the DS protocol interface.

ndsProtoIfUnauthBinds

Number of unauthenticated/anonymous bind requests received.

ndsProtoIfSimpleAuthBinds

Number of bind requests that were authenticated using simple authentication procedures where the password is sent over the wire in encrypted or clear text format.

ndsProtoIfStrongAuthBinds

Number of bind requests that were authenticated using SASL and X.500 strong authentication procedures. This includes the binds that were authenticated using external authentication procedures.

ndsProtoIfBindSecurityErrors

Number of bind requests that have been rejected due to inappropriate authentication or invalid credentials.

ndsProtoIfInOps

Number of requests received from DUAs or other eDirectory servers.

ndsProtoIfReadOps

Number of read requests received.

ndsProtoIfCompareOps

Number of compare requests received.

ndsProtoIfAddEntryOps

Number of addEntry requests received.

ndsProtoIfRemoveEntryOps

Number of removeEntry requests received.

ndsProtoIfModifyEntryOps

Number of modifyEntry requests received.

ndsProtoIfModifyRDNOps

Number of modifyRDN requests received.

ndsProtoIfListOps

Number of list requests received.

ndsProtoIfSearchOps

Number of search requests (baseObject searches, oneLevel searches, and whole subtree searches) received.

ndsProtoIfOneLevelSearchOps

Number of oneLevel search requests received.

ndsProtoIfWholeSubtreeSearchOps

Number of whole subtree search requests received.

ndsProtoIfExtendedOps

Number of extended operations.

ndsProtoIfReferrals

Number of referrals returned in response to requests for operations.

ndsProtoIfChainings

Number of operations forwarded by this eDirectory server to other eDirectory servers.

ndsProtoIfSecurityErrors

Number of requests received that did not meet the security requirements.

ndsProtoIfErrors

Number of requests that could not be serviced because of errors other than security errors and referrals. A partially serviced operation is not counted as an error. The errors include naming-related, update-related, attribute-related, and service-related errors.

ndsProtoIfReplicationUpdatesIn

Number of replication updates fetched or received from eDirectory servers.

ndsProtoIfReplicationUpdatesOut

Number of replication updates sent to or taken by eDirectory servers.

ndsProtoIfInBytes

Incoming traffic, in bytes, on the interface. This includes requests from DUAs as well as responses from other eDirectory servers.

ndsProtoIfOutBytes

Outgoing traffic, in bytes, on the interface. This includes responses to DUAs and eDirectory servers as well as requests to other eDirectory servers.

ndsServerInt

Managed Objects in Directory

Description

ndsSrvIntSrvApplIndex

An index to uniquely identify an eDirectory server application.

ndsSrvIntProtoIfIndex

An index to uniquely identify an entry corresponding to an eDirectory server protocol interface.

ndsSrvIntIndex

Together with ndsSrvIntSrvApplIndex and ndsSrvIntProtoIfIndex, this object forms the unique key to identify the conceptual row that contains useful information on the (attempted) interaction between the eDirectory server (referred to by applIndex) and a peer eDirectory server using a particular protocol.

ndsSrvIntURL

URL of the peer eDirectory server.

ndsSrvIntTimeOfCreation

The total number of seconds since midnight (12 a.m.) of 1 January 1970 GMT (UT) when this row was created.

ndsSrvIntTimeOfLastAttempt

The total number of seconds since midnight (12 a.m.) of 1 January 1970 GMT (UT) when the last attempt was made to contact the peer eDirectory server.

ndsSrvIntTimeOfLastSuccess

The total number of seconds since midnight (12 a.m.) of 1 January 1970 GMT (UT) when the last attempt made to contact the peer eDirectory server was successful.

ndsSrvIntFailuresSinceLastSuccess

The number of failures since the last time an attempt to contact the peer eDirectory server was successful. If there have been no successful attempts, this counter will contain the number of failures since this entry was created.

ndsSrvIntFailures

Cumulative failures in contacting the peer eDirectory server since the creation of this entry.

ndsSrvIntSuccesses

Cumulative successes in contacting the peer eDirectory server since the creation of this entry.