Directory Services 7.4.3

SNMP Connection Handler (DEPRECATED)

DEPRECATED for removal since 7.0.0: SNMP depends on the unmaintained opendmk library. Alternative: Prometheus in particular, or else see Monitoring (https://backstage.forgerock.com/docs/ds/7.2/monitoring-guide/preface.html).

The SNMP Connection Handler can be used to process SNMP requests to retrieve monitoring information described by the MIB 2605. Supported protocol are SNMP V1, V2c and V3.

The SNMP connection handler will process SNMP requests sent by SNMP Managers to retrieve information described the MIB 2605. To enable the SNMP Connection Handler, the ds-cfg-opendmk-jarfile parameter has to be set to the OpenDMK jar files location.

Parent

The SNMP Connection Handler object inherits from Connection Handler.

SNMP Connection Handler properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

allowed-client
allowed-manager
allowed-user
community
denied-client
enabled
listen-address
listen-port
registered-mbean
restricted-client
restricted-client-connection-limit
security-agent-file
security-level
trap-port
traps-community
traps-destination

java-class

Basic properties

Use the --advanced option to access advanced properties.

allowed-client

Synopsis

A set of clients who will be allowed to establish connections to this Connection Handler.

Description

Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration.

Default value

All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed.

Allowed values

An IP address mask.

Multi-valued

Yes

Required

No

Admin action required

None

Changes to this property take effect immediately and do not interfere with established connections.

Advanced

No

Read-only

No

allowed-manager

Synopsis

Specifies the hosts of the managers to be granted the access rights. This property is required for SNMP v1 and v2 security configuration. An asterisk (*) opens access to all managers.

Default value

*

Allowed values

A string.

Multi-valued

Yes

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

allowed-user

Synopsis

Specifies the users to be granted the access rights. This property is required for SNMP v3 security configuration. An asterisk (*) opens access to all users.

Default value

*

Allowed values

A string.

Multi-valued

Yes

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

community

Synopsis

Specifies the v1,v2 community or the v3 context name allowed to access the MIB 2605 monitoring information or the USM MIB. The mapping between "community" and "context name" is set.

Default value

OpenDJ

Allowed values

A string.

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

denied-client

Synopsis

A set of clients who are not allowed to establish connections to this Connection Handler.

Description

Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Specifying a value for this property in a connection handler will override any value set in the global configuration.

Default value

If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed.

Allowed values

An IP address mask.

Multi-valued

Yes

Required

No

Admin action required

None

Changes to this property take effect immediately and do not interfere with established connections.

Advanced

No

Read-only

No

enabled

Synopsis

Indicates whether the Connection Handler is enabled.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

listen-address

Synopsis

Specifies the address or set of addresses on which this SNMP Connection Handler should listen for connections from SNMP clients.

Description

Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the SNMP Connection Handler listens on all interfaces.

Default value

0.0.0.0

Allowed values

A hostname or an IP address.

Multi-valued

Yes

Required

No

Admin action required

Restart the server for changes to take effect.

Advanced

No

Read-only

Yes

listen-port

Synopsis

Specifies the port number on which the SNMP Connection Handler will listen for connections from clients.

Description

Only a single port number may be provided.

Default value

None

Allowed values

An integer.

Lower limit: 1.

Upper limit: 65535.

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

registered-mbean

Synopsis

Indicates whether the SNMP objects have to be registered in the directory server MBeanServer or not allowing to access SNMP Objects with RMI connector if enabled.

Default value

false

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

restricted-client

Synopsis

A set of clients who will be limited to the maximum number of connections specified by the "restricted-client-connection-limit" property.

Description

Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration.

Default value

No restrictions are imposed on the number of connections a client can open.

Allowed values

An IP address mask.

Multi-valued

Yes

Required

No

Admin action required

None

Changes to this property take effect immediately and do not interfere with established connections.

Advanced

No

Read-only

No

restricted-client-connection-limit

Synopsis

Specifies the maximum number of connections a restricted client can open at the same time to this Connection Handler.

Description

Once Directory Server accepts the specified number of connections from a client specified in restricted-client, any additional connection will be rejected. The number of connections is maintained by IP address. Specifying a value for this property in a connection handler will override any value set in the global configuration.

Default value

100

Allowed values

An integer.

Lower limit: 0.

Multi-valued

No

Required

No

Admin action required

None

Changes to this property take effect immediately and do not interfere with established connections.

Advanced

No

Read-only

No

security-agent-file

Synopsis

Specifies the USM security configuration to receive authenticated only SNMP requests.

Default value

config/snmp/security/opendj-snmp.security

Allowed values

A string.

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

security-level

Synopsis

Specifies the type of security level : NoAuthNoPriv : No security mechanisms activated, AuthNoPriv : Authentication activated with no privacy, AuthPriv : Authentication with privacy activated. This property is required for SNMP V3 security configuration.

Default value

authnopriv

Allowed values

  • authnopriv: Authentication activated with no privacy.

  • authpriv: Authentication with privacy activated.

  • noauthnopriv: No security mechanisms activated.

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

trap-port

Synopsis

Specifies the port to use to send SNMP Traps.

Default value

None

Allowed values

An integer.

Lower limit: 0.

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

traps-community

Synopsis

Specifies the community string that must be included in the traps sent to define managers (trap-destinations). This property is used in the context of SNMP v1, v2 and v3.

Default value

OpenDJ

Allowed values

A string.

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

traps-destination

Synopsis

Specifies the hosts to which V1 traps will be sent. V1 Traps are sent to every host listed.

Description

If this list is empty, V1 traps are sent to "localhost". Each host in the list must be identified by its name or complete IP Address.

Default value

If the list is empty, V1 traps are sent to "localhost".

Allowed values

A string.

Multi-valued

Yes

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the SNMP Connection Handler implementation.

Default value

org.opends.server.snmp.SNMPConnectionHandler

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.ConnectionHandler

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

Copyright © 2010-2024 ForgeRock, all rights reserved.