SNMP Connection Handler (DEPRECATED)
DEPRECATED for removal since 7.0.0: SNMP depends on the unmaintained opendmk library. Alternative: Prometheus in particular, or else see Monitoring (https://backstage.forgerock.com/docs/ds/7.2/monitoring-guide/preface.html). |
The SNMP Connection Handler can be used to process SNMP requests to retrieve monitoring information described by the MIB 2605. Supported protocol are SNMP V1, V2c and V3.
The SNMP connection handler will process SNMP requests sent by SNMP Managers to retrieve information described the MIB 2605. To enable the SNMP Connection Handler, the ds-cfg-opendmk-jarfile parameter has to be set to the OpenDMK jar files location.
Parent
The SNMP Connection Handler object inherits from Connection Handler.
SNMP Connection Handler properties
You can use configuration expressions to set property values at startup time. For details, see Property value substitution.
allowed-client
Synopsis |
A set of clients who will be allowed to establish connections to this Connection Handler. |
Description |
Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration. |
Default value |
All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. |
Allowed values |
An IP address mask. |
Multi-valued |
Yes |
Required |
No |
Admin action required |
None Changes to this property take effect immediately and do not interfere with established connections. |
Advanced |
No |
Read-only |
No |
allowed-manager
Synopsis |
Specifies the hosts of the managers to be granted the access rights. This property is required for SNMP v1 and v2 security configuration. An asterisk (*) opens access to all managers. |
Default value |
* |
Allowed values |
A string. |
Multi-valued |
Yes |
Required |
No |
Admin action required |
The object must be disabled and re-enabled for changes to take effect. |
Advanced |
No |
Read-only |
No |
allowed-user
Synopsis |
Specifies the users to be granted the access rights. This property is required for SNMP v3 security configuration. An asterisk (*) opens access to all users. |
Default value |
* |
Allowed values |
A string. |
Multi-valued |
Yes |
Required |
No |
Admin action required |
The object must be disabled and re-enabled for changes to take effect. |
Advanced |
No |
Read-only |
No |
community
Synopsis |
Specifies the v1,v2 community or the v3 context name allowed to access the MIB 2605 monitoring information or the USM MIB. The mapping between "community" and "context name" is set. |
Default value |
OpenDJ |
Allowed values |
A string. |
Multi-valued |
No |
Required |
No |
Admin action required |
The object must be disabled and re-enabled for changes to take effect. |
Advanced |
No |
Read-only |
No |
denied-client
Synopsis |
A set of clients who are not allowed to establish connections to this Connection Handler. |
Description |
Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Specifying a value for this property in a connection handler will override any value set in the global configuration. |
Default value |
If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. |
Allowed values |
An IP address mask. |
Multi-valued |
Yes |
Required |
No |
Admin action required |
None Changes to this property take effect immediately and do not interfere with established connections. |
Advanced |
No |
Read-only |
No |
enabled
Synopsis |
Indicates whether the Connection Handler is enabled. |
Default value |
None |
Allowed values |
true false |
Multi-valued |
No |
Required |
Yes |
Admin action required |
None |
Advanced |
No |
Read-only |
No |
listen-address
Synopsis |
Specifies the address or set of addresses on which this SNMP Connection Handler should listen for connections from SNMP clients. |
Description |
Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the SNMP Connection Handler listens on all interfaces. |
Default value |
0.0.0.0 |
Allowed values |
A hostname or an IP address. |
Multi-valued |
Yes |
Required |
No |
Admin action required |
Restart the server for changes to take effect. |
Advanced |
No |
Read-only |
Yes |
listen-port
Synopsis |
Specifies the port number on which the SNMP Connection Handler will listen for connections from clients. |
Description |
Only a single port number may be provided. |
Default value |
None |
Allowed values |
An integer. Lower limit: 1. Upper limit: 65535. |
Multi-valued |
No |
Required |
Yes |
Admin action required |
The object must be disabled and re-enabled for changes to take effect. |
Advanced |
No |
Read-only |
No |
registered-mbean
Synopsis |
Indicates whether the SNMP objects have to be registered in the directory server MBeanServer or not allowing to access SNMP Objects with RMI connector if enabled. |
Default value |
false |
Allowed values |
true false |
Multi-valued |
No |
Required |
No |
Admin action required |
The object must be disabled and re-enabled for changes to take effect. |
Advanced |
No |
Read-only |
No |
restricted-client
Synopsis |
A set of clients who will be limited to the maximum number of connections specified by the "restricted-client-connection-limit" property. |
Description |
Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration. |
Default value |
No restrictions are imposed on the number of connections a client can open. |
Allowed values |
An IP address mask. |
Multi-valued |
Yes |
Required |
No |
Admin action required |
None Changes to this property take effect immediately and do not interfere with established connections. |
Advanced |
No |
Read-only |
No |
restricted-client-connection-limit
Synopsis |
Specifies the maximum number of connections a restricted client can open at the same time to this Connection Handler. |
Description |
Once Directory Server accepts the specified number of connections from a client specified in restricted-client, any additional connection will be rejected. The number of connections is maintained by IP address. Specifying a value for this property in a connection handler will override any value set in the global configuration. |
Default value |
100 |
Allowed values |
An integer. Lower limit: 0. |
Multi-valued |
No |
Required |
No |
Admin action required |
None Changes to this property take effect immediately and do not interfere with established connections. |
Advanced |
No |
Read-only |
No |
security-agent-file
Synopsis |
Specifies the USM security configuration to receive authenticated only SNMP requests. |
Default value |
config/snmp/security/opendj-snmp.security |
Allowed values |
A string. |
Multi-valued |
No |
Required |
No |
Admin action required |
The object must be disabled and re-enabled for changes to take effect. |
Advanced |
No |
Read-only |
No |
security-level
Synopsis |
Specifies the type of security level : NoAuthNoPriv : No security mechanisms activated, AuthNoPriv : Authentication activated with no privacy, AuthPriv : Authentication with privacy activated. This property is required for SNMP V3 security configuration. |
Default value |
authnopriv |
Allowed values |
|
Multi-valued |
No |
Required |
No |
Admin action required |
The object must be disabled and re-enabled for changes to take effect. |
Advanced |
No |
Read-only |
No |
trap-port
Synopsis |
Specifies the port to use to send SNMP Traps. |
Default value |
None |
Allowed values |
An integer. Lower limit: 0. |
Multi-valued |
No |
Required |
Yes |
Admin action required |
The object must be disabled and re-enabled for changes to take effect. |
Advanced |
No |
Read-only |
No |
traps-community
Synopsis |
Specifies the community string that must be included in the traps sent to define managers (trap-destinations). This property is used in the context of SNMP v1, v2 and v3. |
Default value |
OpenDJ |
Allowed values |
A string. |
Multi-valued |
No |
Required |
No |
Admin action required |
The object must be disabled and re-enabled for changes to take effect. |
Advanced |
No |
Read-only |
No |
traps-destination
Synopsis |
Specifies the hosts to which V1 traps will be sent. V1 Traps are sent to every host listed. |
Description |
If this list is empty, V1 traps are sent to "localhost". Each host in the list must be identified by its name or complete IP Address. |
Default value |
If the list is empty, V1 traps are sent to "localhost". |
Allowed values |
A string. |
Multi-valued |
Yes |
Required |
No |
Admin action required |
The object must be disabled and re-enabled for changes to take effect. |
Advanced |
No |
Read-only |
No |
Advanced properties
Use the --advanced
option to access advanced properties.
java-class
Synopsis |
Specifies the fully-qualified name of the Java class that provides the SNMP Connection Handler implementation. |
Default value |
org.opends.server.snmp.SNMPConnectionHandler |
Allowed values |
A Java class that extends or implements:
|
Multi-valued |
No |
Required |
Yes |
Admin action required |
The object must be disabled and re-enabled for changes to take effect. |
Advanced |
Yes |
Read-only |
No |