rfc1567.txt

来自「中、英文RFC文档大全打包下载完全版 .」· 文本 代码 · 共 1,011 行 · 第 1/3 页

Network Working Group                                       G. Mansfield
Request for Comments: 1567                        AIC Systems Laboratory
Category: Standards Track                                       S. Kille
                                                        ISODE Consortium
                                                            January 1994


                     X.500 Directory Monitoring MIB

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   This document defines a portion of the Management Information Base
   (MIB).  It defines the MIB for monitoring Directory System Agents
   (DSA), a component of the OSI Directory. This MIB will be used in
   conjunction with the APPLICATION-MIB for monitoring DSAs.

Table of Contents

   1.  The SNMPv2 Network Management Framework ....................... 1
   2.  MIB Model for DSA  Management ................................. 2
   3.  The DSA functions and operations .............................. 2
   4.  MIB design .................................................... 3
   5.  The Directory Monitoring MIB .................................. 3
   6.  Acknowledgements ..............................................17
   7.  References ....................................................17
   Security Considerations ...........................................18
   Authors' Addresses ................................................18

1.  The SNMPv2 Network Management Framework

   The major components of the SNMPv2 Network Management framework  are
   described in the documents listed below.

      o RFC 1442 [1] defines the Structure of Management Information
        (SMI), the mechanisms used for describing and naming objects
        for the purpose of management.

      o STD 17, RFC 1213 [2] defines MIB-II, the core set of managed
        objects (MO) for the Internet suite of protocols.




Mansfield & Kille                                               [Page 1]

RFC 1567             X.500 Directory Monitoring MIB         January 1994


      o RFC 1445 [3] defines the administrative and other
        architectural aspects of the management framework.

      o RFC 1448 [4] defines the protocol used for network access to
        managed objects.

   The framework is adaptable/extensible by defining new MIBs to suit
   the requirements of specific applications/protocols/situations.

   Managed objects are accessed via a virtual information store, the
   MIB.  Objects in the MIB are defined using the subset of Abstract
   Syntax Notation One (ASN.1) defined in the SMI. In particular, each
   object type is named by an OBJECT IDENTIFIER, which is an
   administratively assigned name. The object type together with an
   object instance serves to uniquely identify a specific instantiation
   of the object. For human convenience, often a textual string, termed
   the descriptor, is used to refer to the object type.

2.  MIB Model for DSA Management

   A DSA-manager may wish to monitor several aspects of the operational
   DSA.  He/she may want to know the process related aspects-the
   resource utilization of the operational DSA; the network service
   related aspects e.g., inbound-associations, outbound-associations,
   operational status, and finally the information specific to the DSA
   application - its operations and performance.

   The MIB defined in this document covers the portion which is specific
   to the DSA-application. The network service related part of the MIB,
   and the host-resources related part of the MIB, as well other parts
   of interest to a Manager monitoring the DSA-application, are covered
   in separate documents [6] [7].

3.  The DSA functions and operations

   The Directory System Agent [DSA], a component of the OSI-Directory
   [5] [9], is an application process. It provides access to the
   Directory Information Base [DIB] to Directory User Agents [DUA]
   and/or other DSAs.  Functionally , a User [DUA] and the Directory are
   bound together for a period of time at an access point to the
   Directory [DSA].  A DSA may use information stored in its local
   database or interact with (chain the request to) other DSAs to
   service requirements.  Alternatively, a DSA may return a reference to
   another DSA.

   The local database of a DSA consists of the part of the DIT that is
   mastered by the DSA, the part of the DIT for which it keeps slave
   copies and cached information that is gathered during the operation



Mansfield & Kille                                               [Page 2]

RFC 1567             X.500 Directory Monitoring MIB         January 1994


   of the DSA.

   The specific operations carried out by the DSA are: Read, Compare,
   AddEntry, ModifyEntry, ModifyRDN, RemoveEntry, List, Search. There is
   also the special operation Abandon.  In response to requests results
   and/or errors are returned by the DSA.

4.  MIB design

   The basic principle has been to keep the MIB as simple as possible.
   The Managed objects included in the MIB are divided into three tables
   - dsaOpsTable, dsaEntryTable and dsaIntTable.

      - The dsaOpsTable provides summary statistics on the accesses,
        operations and errors.

      - The dsaEntriesTable provides summary statistics on the entries
        held by the DSA and on cache performance.

      - The dsaIntTable provides some useful information on the
        interaction of the monitored DSA with peer DSAs.

   There are references to the Directory itself for static information
   pertaining to the DSA. These references are in the form of "Directory
   Distinguished Name" [8] of the corresponding object.  It is intended
   that DSA management applications will use these references to obtain
   further related information on the objects of interest.

5.  The Directory Monitoring MIB

DSA-MIB DEFINITIONS ::= BEGIN

        IMPORTS
          MODULE-IDENTITY,  OBJECT-TYPE,
          NOTIFICATION-TYPE
                     FROM SNMPv2-SMI
          DisplayString,    TimeStamp,
          TEXTUAL-CONVENTION
                     FROM SNMPv2-TC
          mib-2
                     FROM RFC1213-MIB
          applIndex, DistinguishedName
                     FROM APPLICATION-MIB;

        dsaMIB MODULE-IDENTITY
           LAST-UPDATED "9311250000Z"
           ORGANIZATION "IETF Mail and Directory Management Working
                         Group"



Mansfield & Kille                                               [Page 3]

RFC 1567             X.500 Directory Monitoring MIB         January 1994


           CONTACT-INFO
             "        Glenn Mansfield

              Postal: AIC Systems Laboratory
                      6-6-3, Minami Yoshinari
                      Aoba-ku, Sendai, 989-32
                      JP

              Tel:    +81 22 279 3310
              Fax:    +81 22 279 3640
              E-Mail: glenn@aic.co.jp"
         DESCRIPTION
            " The MIB module for monitoring Directory System Agents."
         ::= { mib-2 29 }


        dsaOpsTable OBJECT-TYPE
            SYNTAX SEQUENCE OF DsaOpsEntry
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION
              " The table holding information related to the
                DSA operations."
            ::= {dsaMIB 1}

        dsaOpsEntry OBJECT-TYPE
            SYNTAX DsaOpsEntry
            MAX-ACCESS not-accessible
            STATUS current
            DESCRIPTION
              " Entry containing operations related statistics
                for a DSA."
            INDEX { applIndex }
            ::= {dsaOpsTable 1}

        DsaOpsEntry ::= SEQUENCE {

 -- Bindings
            dsaAnonymousBinds
                Counter32,
            dsaUnauthBinds
                Counter32,
            dsaSimpleAuthBinds
                Counter32,
            dsaStrongAuthBinds
                Counter32,
            dsaBindSecurityErrors
                Counter32,



Mansfield & Kille                                               [Page 4]

RFC 1567             X.500 Directory Monitoring MIB         January 1994


 -- In-coming operations

            dsaInOps
                Counter32,
            dsaReadOps
                Counter32,
            dsaCompareOps
                Counter32,
            dsaAddEntryOps
                Counter32,
            dsaRemoveEntryOps
                Counter32,
            dsaModifyEntryOps
                Counter32,
            dsaModifyRDNOps
                Counter32,
            dsaListOps
                Counter32,
            dsaSearchOps
                Counter32,
            dsaOneLevelSearchOps
                Counter32,
            dsaWholeTreeSearchOps
                Counter32,

 -- Out going operations

            dsaReferrals
                Counter32,
            dsaChainings
                Counter32,

 -- Errors

            dsaSecurityErrors
                Counter32,
            dsaErrors
                Counter32
        }

        dsaAnonymousBinds OBJECT-TYPE
            SYNTAX Counter32
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
              " Number of anonymous  binds to this DSA from DUAs
                since application start."
            ::= {dsaOpsEntry 1}



Mansfield & Kille                                               [Page 5]

RFC 1567             X.500 Directory Monitoring MIB         January 1994


        dsaUnauthBinds OBJECT-TYPE
            SYNTAX Counter32
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
              " Number of un-authenticated binds to this
                DSA since application start."
            ::= {dsaOpsEntry 2}

        dsaSimpleAuthBinds OBJECT-TYPE
            SYNTAX Counter32
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
              " Number of binds to this DSA that were authenticated
                using simple authentication procedures since
                application start."
            REFERENCE
              " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
                Section 8.1.2.1.1."
            ::= {dsaOpsEntry 3}


        dsaStrongAuthBinds OBJECT-TYPE
            SYNTAX Counter32
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
              " Number of binds to this DSA that were authenticated
                using the strong authentication procedures since
                application start. This includes the binds that were
                authenticated using external authentication procedures."
            REFERENCE
              " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
                Sections 8.1.2.1.2 &  8.1.2.1.3."
            ::= {dsaOpsEntry 4}

        dsaBindSecurityErrors OBJECT-TYPE
            SYNTAX Counter32
            MAX-ACCESS read-only
            STATUS current
            DESCRIPTION
              " Number of bind operations that have been rejected
                by this DSA due to inappropriateAuthentication or
                invalidCredentials."
            REFERENCE
              " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
                Section 12.7.2"