18.0 Monitoring Identity Manager

Identity Manager leverages eDirectory monitoring framework and provides an LDAP search method for monitoring the state of Identity Manager engine and the health of User Application in your environment. Identity Manager is registered as a data producer in the monitoring framework. Monitoring is supported with eDirectory 9.0.2 and later.

You can obtain the monitoring data by issuing a search request with a search base of cn=idm,cn=monitor on the Identity Vault. Using this method provides several advantages. The search is quick and can be embedded in a script for gathering monitoring data at regular intervals. Also, you can consolidate the monitoring data into one common place and format.

IMPORTANT:cn=idm,cn=monitor is a virtual object and standardized on the OpenLDAP implementation. This object does not actually reside in the Identity Vault. You use this method for monitoring Identity Manager through LDAP interfaces only.

A subset of the virtual cn=idm,cn=monitor objects is shown below.

You can use this hierarchy to construct a searchbase. For example, to monitor the statistics of a driver, start the search from the driver up to the root node. The searchbase will look like this: cn=<CN of the driver>,cn=drivers,cn=driverset_stats,cn=idm,cn=monitor

When a search is issued, the monitoring framework generates and returns dynamic objects in LDAP object format. The search response is structured to create a hierarchy of objects, where cn=idm,cn=monitor is the root object. For information about the Identity Manager components that can be monitored, see Viewing the Monitoring Statistics.

You can use LDAP clients to access information provided by the monitoring framework, subject to access and other controls, such as LDAP server specific information or connection-specific information. Identity Manager restricts this search only to users with write rights to the NDSRightsToMonitor attribute on the NCP server object in eDirectory. This attribute is not populated by default. Therefore, only an administrator or a supervisor of the NCP server can run the search. For information about changing the rights, see the eDirectory Administration Guide.