Skip to content

Commit a3f4db1

Browse files
authored
[#376] JMX fix docs with "Allow insecure authentication" (#380)
1 parent a53f221 commit a3f4db1

1 file changed

Lines changed: 54 additions & 27 deletions

File tree

opendj-doc-generated-ref/src/main/docbkx/admin-guide/chap-monitoring.xml

Lines changed: 54 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
! CCPL HEADER END
2222
!
2323
! Copyright 2011-2013 ForgeRock AS
24+
! Portions Copyright 2024 3A Systems, LLC
2425
!
2526
-->
2627
<chapter xml:id='chap-monitoring'
@@ -192,6 +193,9 @@ SNMPv2-SMI::mib-2.66.1.1.2.1 = STRING: "/path/to/opendj"
192193
xlink:show="new" xlink:role="http://docbook.org/xlink/role/olink"
193194
>Evolving</link></para>
194195

196+
<para>Configure the server to activate JMX access.
197+
The following example uses the reserved port number, 1689:</para>
198+
195199
<screen>$ dsconfig
196200
set-connection-handler-prop
197201
--port 4444
@@ -203,33 +207,56 @@ SNMPv2-SMI::mib-2.66.1.1.2.1 = STRING: "/path/to/opendj"
203207
--trustAll
204208
--no-prompt</screen>
205209

206-
<para>By default, no users have privileges to access the JMX connection. The
207-
following command adds JMX privileges for Directory Manager.</para>
208-
209-
<screen>$ dsconfig
210-
set-root-dn-prop
211-
--port 4444
212-
--hostname opendj.example.com
213-
--bindDN "cn=Directory Manager"
214-
--bindPassword password
215-
--add default-root-privilege-name:jmx-notify
216-
--add default-root-privilege-name:jmx-read
217-
--add default-root-privilege-name:jmx-write
218-
--trustAll
219-
--no-prompt</screen>
220-
221-
<para>You must also configure security to login remotely. See the section on
222-
<citetitle>Using SSL</citetitle> in <link
223-
xlink:href="http://docs.oracle.com/javase/1.5.0/docs/guide/management/agent.html#SSL_enabled"
224-
xlink:show="new"><citetitle>Monitoring and Management Using
225-
JMX</citetitle></link> for hints.</para>
226-
227-
<para>Alternatively, you can connect to a local server process by using the
228-
server process identifier.</para>
229-
230-
<screen>$ cat ../logs/server.pid
231-
3363
232-
$ jvisualvm --openpid 3363 &amp;</screen>
210+
<para>Add appropriate privileges to access JMX monitoring information.
211+
By default, no users have privileges to access the JMX connection.
212+
213+
The following commands create a user with JMX privileges, who can authenticate over an insecure connection:</para>
214+
215+
<screen>$ bin/dsconfig
216+
create-password-policy
217+
--policy-name "Allow insecure authentication"
218+
--type password-policy
219+
--set default-password-storage-scheme:PBKDF2-HMAC-SHA256
220+
--set password-attribute:userPassword
221+
--trustAll --no-prompt
222+
--hostname opendj.example.com
223+
--port 4444
224+
--bindDN "cn=Directory Manager"
225+
--bindPassword password</screen>
226+
227+
<screen>$ bin/ldapmodify --port 1389 --bindDN "cn=Directory Manager" --bindPassword password
228+
dn: uid=JMX Monitor,dc=example,dc=com
229+
objectClass: top
230+
objectClass: person
231+
objectClass: organizationalPerson
232+
objectClass: inetOrgPerson
233+
cn: JMX Monitor
234+
sn: User
235+
uid: JMX Monitor
236+
userPassword: password
237+
ds-privilege-name: monitor-read
238+
ds-privilege-name: jmx-notify
239+
ds-privilege-name: jmx-read
240+
ds-privilege-name: jmx-write
241+
ds-pwp-password-policy-dn: cn=Allow insecure authentication,cn=Password Policies,cn=config
242+
243+
Processing ADD request for uid=JMX Monitor,dc=example,dc=com
244+
ADD operation successful for DN uid=JMX Monitor,dc=example,dc=com
245+
^C
246+
</screen>
247+
248+
<para>Connect remotely.</para>
249+
250+
<screen>$ jconsole &amp;</screen>
251+
252+
<para>
253+
<itemizedlist>
254+
<listitem>Remote process: <term><literal>service:jmx:rmi:///jndi/rmi://localhost:1689/org.opends.server.protocols.jmx.client-unknown</literal></term></listitem>
255+
<listitem>Username: <term><literal>uid=JMX Monitor,dc=example,dc=com</literal></term></listitem>
256+
<listitem>Password: <term><literal>password</literal></term></listitem>
257+
<listitem>Connect -> Insecure connection</listitem>
258+
</itemizedlist>
259+
</para>
233260
</section>
234261

235262
<section xml:id="monitoring-status-and-tasks">

0 commit comments

Comments
 (0)