2121 ! CCPL HEADER END
2222 !
2323 ! Copyright 2011-2013 ForgeRock AS
24+ ! Portions Copyright 2024 3A Systems, LLC
2425 !
2526-->
2627<chapter xml : id =' chap-monitoring'
@@ -192,6 +193,9 @@ SNMPv2-SMI::mib-2.66.1.1.2.1 = STRING: "/path/to/opendj"
192193 xlink : show =" new" xlink : role =" http://docbook.org/xlink/role/olink"
193194 >Evolving</link ></para >
194195
196+ <para >Configure the server to activate JMX access.
197+ The following example uses the reserved port number, 1689:</para >
198+
195199 <screen >$ dsconfig
196200 set-connection-handler-prop
197201 --port 4444
@@ -203,33 +207,56 @@ SNMPv2-SMI::mib-2.66.1.1.2.1 = STRING: "/path/to/opendj"
203207 --trustAll
204208 --no-prompt</screen >
205209
206- <para >By default, no users have privileges to access the JMX connection. The
207- following command adds JMX privileges for Directory Manager.</para >
208-
209- <screen >$ dsconfig
210- set-root-dn-prop
211- --port 4444
212- --hostname opendj.example.com
213- --bindDN "cn=Directory Manager"
214- --bindPassword password
215- --add default-root-privilege-name:jmx-notify
216- --add default-root-privilege-name:jmx-read
217- --add default-root-privilege-name:jmx-write
218- --trustAll
219- --no-prompt</screen >
220-
221- <para >You must also configure security to login remotely. See the section on
222- <citetitle >Using SSL</citetitle > in <link
223- xlink : href =" http://docs.oracle.com/javase/1.5.0/docs/guide/management/agent.html#SSL_enabled"
224- xlink : show =" new" ><citetitle >Monitoring and Management Using
225- JMX</citetitle ></link > for hints.</para >
226-
227- <para >Alternatively, you can connect to a local server process by using the
228- server process identifier.</para >
229-
230- <screen >$ cat ../logs/server.pid
231- 3363
232- $ jvisualvm --openpid 3363 & </screen >
210+ <para >Add appropriate privileges to access JMX monitoring information.
211+ By default, no users have privileges to access the JMX connection.
212+
213+ The following commands create a user with JMX privileges, who can authenticate over an insecure connection:</para >
214+
215+ <screen >$ bin/dsconfig
216+ create-password-policy
217+ --policy-name "Allow insecure authentication"
218+ --type password-policy
219+ --set default-password-storage-scheme:PBKDF2-HMAC-SHA256
220+ --set password-attribute:userPassword
221+ --trustAll --no-prompt
222+ --hostname opendj.example.com
223+ --port 4444
224+ --bindDN "cn=Directory Manager"
225+ --bindPassword password</screen >
226+
227+ <screen >$ bin/ldapmodify --port 1389 --bindDN "cn=Directory Manager" --bindPassword password
228+ dn: uid=JMX Monitor,dc=example,dc=com
229+ objectClass: top
230+ objectClass: person
231+ objectClass: organizationalPerson
232+ objectClass: inetOrgPerson
233+ cn: JMX Monitor
234+ sn: User
235+ uid: JMX Monitor
236+ userPassword: password
237+ ds-privilege-name: monitor-read
238+ ds-privilege-name: jmx-notify
239+ ds-privilege-name: jmx-read
240+ ds-privilege-name: jmx-write
241+ ds-pwp-password-policy-dn: cn=Allow insecure authentication,cn=Password Policies,cn=config
242+
243+ Processing ADD request for uid=JMX Monitor,dc=example,dc=com
244+ ADD operation successful for DN uid=JMX Monitor,dc=example,dc=com
245+ ^C
246+ </screen >
247+
248+ <para >Connect remotely.</para >
249+
250+ <screen >$ jconsole & </screen >
251+
252+ <para >
253+ <itemizedlist >
254+ <listitem >Remote process: <term ><literal >service:jmx:rmi:///jndi/rmi://localhost:1689/org.opends.server.protocols.jmx.client-unknown</literal ></term ></listitem >
255+ <listitem >Username: <term ><literal >uid=JMX Monitor,dc=example,dc=com</literal ></term ></listitem >
256+ <listitem >Password: <term ><literal >password</literal ></term ></listitem >
257+ <listitem >Connect -> Insecure connection</listitem >
258+ </itemizedlist >
259+ </para >
233260 </section >
234261
235262 <section xml : id =" monitoring-status-and-tasks" >
0 commit comments