external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: fd9ed161 | patch | commit | show whitespace

fguigues

30.04.2008 c41b122d3771d11cb253eaae10d06afb6a3b6f05


Fixes for :

3214: SNMP: MIB 2605 is not accessible in "OpenDS" context
3215: SNMPV3 get request using defaultUser should be rejected
3216: SNMP: SNMP Connection Handler appears as disabled in status command when the server is stopped
3217: SNMP: modification made using dsconfig are not taken into account after disable/enable of the connection handler
3219: SNMP: wrong default value for "allowed-user" property

12 files modified

	opends/src/admin/defn/org/opends/server/admin/std/SNMPConnectionHandlerConfiguration.xml	18 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/guitools/org/opends/guitools/statuspanel/ConfigFromFile.java	2 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/snmp/resource/mib/mib_core.txt	10 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/snmp/resource/mib/rfc1213.txt	439 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/snmp/resource/mib/rfc2605.txt	patch \| view \| raw \| blame \| history
	opends/src/snmp/resource/mib/rfc2788.txt	patch \| view \| raw \| blame \| history
	opends/src/snmp/resource/security/opends-snmp.security	29 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/snmp/src/org/opends/server/snmp/SNMPClassLoaderProvider.java	12 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/snmp/src/org/opends/server/snmp/SNMPInetAddressAcl.java	6 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/snmp/src/org/opends/server/snmp/SNMPUserAcl.java	21 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/unit-tests-testng/src/server/org/opends/server/snmp/SNMPSyncManagerV2AccessTest.java	4 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/unit-tests-testng/src/server/org/opends/server/snmp/SNMPTrapManagerTest.java	10 ●●●●● patch \| view \| raw \| blame \| history

 opends/src/admin/defn/org/opends/server/admin/std/SNMPConnectionHandlerConfiguration.xml

@@ -103,13 +103,12 @@
        <adm:synopsis>
            Specifies the hosts of the managers to be granted the access rights. 
            This property is required for SNMP v1 and v2 security configuration.
            An asterik (*) opens access to all managers. 
        </adm:synopsis>
        <adm:default-behavior>
            <adm:alias>
                <adm:synopsis>
                    An empty list opens access to all managers.
                </adm:synopsis>
            </adm:alias>
            <adm:defined>
                <adm:value>*</adm:value>
            </adm:defined>
        </adm:default-behavior>
        <adm:syntax>
            <adm:string />
@@ -125,13 +124,12 @@
        <adm:synopsis>
            Specifies the users to be granted the access rights. This property
            is required for SNMP v3 security configuration.
        </adm:synopsis>
        <adm:default-behavior>
            <adm:alias>
                <adm:synopsis>
                    An asterik (*) opens access to all users.  
                </adm:synopsis>
            </adm:alias>
        <adm:default-behavior>
            <adm:defined>
                <adm:value>*</adm:value>
            </adm:defined>
        </adm:default-behavior>
        <adm:syntax>
            <adm:string />

 opends/src/guitools/org/opends/guitools/statuspanel/ConfigFromFile.java

@@ -588,7 +588,7 @@
      protocol = ListenerDescriptor.Protocol.SNMP;
      protocolDescription = INFO_SNMP_PROTOCOL_LABEL.get();
      boolean enabled = "true".equalsIgnoreCase(
          getFirstValue(entry, "ds-cfg-connection-handler-enabled"));
          getFirstValue(entry, "ds-cfg-enabled"));
      if (enabled)
      {
        state = ListenerDescriptor.State.ENABLED;

 opends/src/snmp/resource/mib/mib_core.txt

@@ -1,13 +1,3 @@
--
-- @(#)file      mib_core.txt
-- @(#)author    Sun Microsystems, Inc.
-- @(#)version   1.4
-- @(#)date      03/05/30
--
-- The file contains all the definitions scattered around many different
-- RFCs. 
--

          CORE-MIB DEFINITIONS ::= BEGIN



 opends/src/snmp/resource/mib/rfc1213.txt

@@ -24,12 +24,6 @@
          -- with this syntax are declared as having



SNMP Working Group                                             [Page 12]

RFC 1213                         MIB-II                       March 1991


          --
          --      SIZE (0..255)

@@ -80,12 +74,6 @@
              STATUS  mandatory



SNMP Working Group                                             [Page 13]

RFC 1213                         MIB-II                       March 1991


              DESCRIPTION
                      "A textual description of the entity.  This value
                      should include the full name and version
@@ -134,14 +122,6 @@

          sysName OBJECT-TYPE
              SYNTAX  DisplayString (SIZE (0..255))



SNMP Working Group                                             [Page 14]

RFC 1213                         MIB-II                       March 1991


              ACCESS  read-write
              STATUS  mandatory
              DESCRIPTION
@@ -190,14 +170,6 @@
                      6 may also be counted."
              ::= { system 7 }




SNMP Working Group                                             [Page 15]

RFC 1213                         MIB-II                       March 1991


          -- the Interfaces group

          -- Implementation of the Interfaces group is mandatory for
@@ -246,14 +218,6 @@
              SEQUENCE {
                  ifIndex
                      INTEGER,



SNMP Working Group                                             [Page 16]

RFC 1213                         MIB-II                       March 1991


                  ifDescr
                      DisplayString,
                  ifType
@@ -302,14 +266,6 @@
              SYNTAX  INTEGER
              ACCESS  read-only
              STATUS  mandatory



SNMP Working Group                                             [Page 17]

RFC 1213                         MIB-II                       March 1991


              DESCRIPTION
                      "A unique value for each interface.  Its value
                      ranges between 1 and the value of ifNumber.  The
@@ -358,14 +314,6 @@
                          softwareLoopback(24),
                          eon(25),            -- CLNP over IP [11]
                          ethernet-3Mbit(26),



SNMP Working Group                                             [Page 18]

RFC 1213                         MIB-II                       March 1991


                          nsip(27),           -- XNS over IP
                          slip(28),           -- generic SLIP
                          ultra(29),          -- ULTRA technologies
@@ -414,14 +362,6 @@
                      "The interface's address at the protocol layer
                      immediately `below' the network layer in the
                      protocol stack.  For interfaces which do not have



SNMP Working Group                                             [Page 19]

RFC 1213                         MIB-II                       March 1991


                      such an address (e.g., a serial line), this object
                      should contain an octet string of zero length."
              ::= { ifEntry 6 }
@@ -470,14 +410,6 @@
          ifInOctets OBJECT-TYPE
              SYNTAX  Counter
              ACCESS  read-only



SNMP Working Group                                             [Page 20]

RFC 1213                         MIB-II                       March 1991


              STATUS  mandatory
              DESCRIPTION
                      "The total number of octets received on the
@@ -525,15 +457,6 @@
                      errors preventing them from being deliverable to a
                      higher-layer protocol."
              ::= { ifEntry 14 }




SNMP Working Group                                             [Page 21]

RFC 1213                         MIB-II                       March 1991


          ifInUnknownProtos OBJECT-TYPE
              SYNTAX  Counter
              ACCESS  read-only
@@ -582,14 +505,6 @@
              STATUS  mandatory
              DESCRIPTION
                      "The number of outbound packets which were chosen



SNMP Working Group                                             [Page 22]

RFC 1213                         MIB-II                       March 1991


                      to be discarded even though no errors had been
                      detected to prevent their being transmitted.  One
                      possible reason for discarding such a packet could
@@ -638,14 +553,6 @@
          -- Implementation of the Address Translation group is
          -- mandatory for all systems.  Note however that this group
          -- is deprecated by MIB-II. That is, it is being included



SNMP Working Group                                             [Page 23]

RFC 1213                         MIB-II                       March 1991


          -- solely for compatibility with MIB-I nodes, and will most
          -- likely be excluded from MIB-III nodes.  From MIB-II and
          -- onwards, each network protocol group contains its own
@@ -694,14 +601,6 @@
              SEQUENCE {
                  atIfIndex
                      INTEGER,



SNMP Working Group                                             [Page 24]

RFC 1213                         MIB-II                       March 1991


                  atPhysAddress
                      PhysAddress,
                  atNetAddress
@@ -750,14 +649,6 @@
                      "The NetworkAddress (e.g., the IP address)
                      corresponding to the media-dependent `physical'
                      address."



SNMP Working Group                                             [Page 25]

RFC 1213                         MIB-II                       March 1991


              ::= { atEntry 3 }


@@ -806,14 +697,6 @@
              DESCRIPTION
                      "The total number of input datagrams received from
                      interfaces, including those received in error."



SNMP Working Group                                             [Page 26]

RFC 1213                         MIB-II                       March 1991


              ::= { ip 3 }

          ipInHdrErrors OBJECT-TYPE
@@ -862,14 +745,6 @@

          ipInUnknownProtos OBJECT-TYPE
              SYNTAX  Counter



SNMP Working Group                                             [Page 27]

RFC 1213                         MIB-II                       March 1991


              ACCESS  read-only
              STATUS  mandatory
              DESCRIPTION
@@ -918,14 +793,6 @@
              STATUS  mandatory
              DESCRIPTION
                      "The number of output IP datagrams for which no



SNMP Working Group                                             [Page 28]

RFC 1213                         MIB-II                       March 1991


                      problem was encountered to prevent their
                      transmission to their destination, but which were
                      discarded (e.g., for lack of buffer space).  Note
@@ -974,14 +841,6 @@
              DESCRIPTION
                      "The number of IP datagrams successfully re-
                      assembled."



SNMP Working Group                                             [Page 29]

RFC 1213                         MIB-II                       March 1991


              ::= { ip 15 }

          ipReasmFails OBJECT-TYPE
@@ -1028,16 +887,6 @@
                      this entity."
              ::= { ip 19 }






SNMP Working Group                                             [Page 30]

RFC 1213                         MIB-II                       March 1991


          -- the IP address table

          -- The IP address table contains this entity's IP addressing
@@ -1085,15 +934,6 @@
                      information pertains."
              ::= { ipAddrEntry 1 }





SNMP Working Group                                             [Page 31]

RFC 1213                         MIB-II                       March 1991


          ipAdEntIfIndex OBJECT-TYPE
              SYNTAX  INTEGER
              ACCESS  read-only
@@ -1142,14 +982,6 @@
                      datagrams received on this interface."
              ::= { ipAddrEntry 5 }




SNMP Working Group                                             [Page 32]

RFC 1213                         MIB-II                       March 1991


          -- the IP routing table

          -- The IP routing table contains an entry for each route
@@ -1199,17 +1031,6 @@
                  ipRouteMetric5
                      INTEGER,



SNMP Working Group                                             [Page 33]

RFC 1213                         MIB-II                       March 1991


                  ipRouteInfo
                      OBJECT IDENTIFIER
              }

          ipRouteDest OBJECT-TYPE
              SYNTAX  IpAddress
              ACCESS  read-write
@@ -1254,14 +1075,6 @@
              ACCESS  read-write
              STATUS  mandatory
              DESCRIPTION



SNMP Working Group                                             [Page 34]

RFC 1213                         MIB-II                       March 1991


                      "An alternate routing metric for this route.  The
                      semantics of this metric are determined by the
                      routing-protocol specified in the route's
@@ -1311,13 +1124,6 @@

                          invalid(2),      -- an invalidated route



SNMP Working Group                                             [Page 35]

RFC 1213                         MIB-II                       March 1991


                                           -- route to directly
                          direct(3),       -- connected (sub-)network

@@ -1366,14 +1172,6 @@
                                          -- protocols
                          egp(5),
                          ggp(6),



SNMP Working Group                                             [Page 36]

RFC 1213                         MIB-II                       March 1991


                          hello(7),
                          rip(8),
                          is-is(9),
@@ -1423,13 +1221,6 @@
                           255.255.0.0    class-B
                           255.255.255.0  class-C



SNMP Working Group                                             [Page 37]

RFC 1213                         MIB-II                       March 1991


                      If the value of the ipRouteDest is 0.0.0.0 (a
                      default route), then the mask value is also
                      0.0.0.0.  It should be noted that all IP routing
@@ -1478,14 +1269,6 @@
              SYNTAX  SEQUENCE OF IpNetToMediaEntry
              ACCESS  not-accessible
              STATUS  mandatory



SNMP Working Group                                             [Page 38]

RFC 1213                         MIB-II                       March 1991


              DESCRIPTION
                      "The IP Address Translation table used for mapping
                      from IP addresses to physical addresses."
@@ -1534,14 +1317,6 @@
                      "The media-dependent `physical' address."
              ::= { ipNetToMediaEntry 2 }




SNMP Working Group                                             [Page 39]

RFC 1213                         MIB-II                       March 1991


          ipNetToMediaNetAddress OBJECT-TYPE
              SYNTAX  IpAddress
              ACCESS  read-write
@@ -1590,14 +1365,6 @@
                      to be discarded even though they are valid.  One
                      possible reason for discarding such an entry could
                      be to free-up buffer space for other routing



SNMP Working Group                                             [Page 40]

RFC 1213                         MIB-II                       March 1991


                      entries."
              ::= { ip 23 }

@@ -1645,15 +1412,6 @@
                      received."
              ::= { icmp 4 }





SNMP Working Group                                             [Page 41]

RFC 1213                         MIB-II                       March 1991


          icmpInParmProbs OBJECT-TYPE
              SYNTAX  Counter
              ACCESS  read-only
@@ -1702,14 +1460,6 @@
              ACCESS  read-only
              STATUS  mandatory
              DESCRIPTION



SNMP Working Group                                             [Page 42]

RFC 1213                         MIB-II                       March 1991


                      "The number of ICMP Timestamp (request) messages
                      received."
              ::= { icmp 10 }
@@ -1758,14 +1508,6 @@
              DESCRIPTION
                      "The number of ICMP messages which this entity did
                      not send due to problems discovered within ICMP



SNMP Working Group                                             [Page 43]

RFC 1213                         MIB-II                       March 1991


                      such as a lack of buffers.  This value should not
                      include errors discovered outside the ICMP layer
                      such as the inability of IP to route the resultant
@@ -1814,14 +1556,6 @@
              STATUS  mandatory
              DESCRIPTION
                      "The number of ICMP Redirect messages sent.  For a



SNMP Working Group                                             [Page 44]

RFC 1213                         MIB-II                       March 1991


                      host, this object will always be zero, since hosts
                      do not send redirects."
              ::= { icmp 20 }
@@ -1869,15 +1603,6 @@
                      sent."
              ::= { icmp 25 }





SNMP Working Group                                             [Page 45]

RFC 1213                         MIB-II                       March 1991


          icmpOutAddrMaskReps OBJECT-TYPE
              SYNTAX  Counter
              ACCESS  read-only
@@ -1926,14 +1651,6 @@
                      particular, when the timeout algorithm is rsre(3),
                      an object of this type has the semantics of the
                      LBOUND quantity described in RFC 793."



SNMP Working Group                                             [Page 46]

RFC 1213                         MIB-II                       March 1991


              ::= { tcp 2 }


@@ -1983,13 +1700,6 @@
                      LISTEN state."
              ::= { tcp 6 }



SNMP Working Group                                             [Page 47]

RFC 1213                         MIB-II                       March 1991


          tcpAttemptFails OBJECT-TYPE
              SYNTAX  Counter
              ACCESS  read-only
@@ -2038,14 +1748,6 @@
              SYNTAX  Counter
              ACCESS  read-only
              STATUS  mandatory



SNMP Working Group                                             [Page 48]

RFC 1213                         MIB-II                       March 1991


              DESCRIPTION
                      "The total number of segments sent, including
                      those on current connections but excluding those
@@ -2094,14 +1796,6 @@
                        tcpConnRemPort }
              ::= { tcpConnTable 1 }




SNMP Working Group                                             [Page 49]

RFC 1213                         MIB-II                       March 1991


          TcpConnEntry ::=
              SEQUENCE {
                  tcpConnState
@@ -2150,14 +1844,6 @@
                      connection.

                      As an implementation-specific option, a RST



SNMP Working Group                                             [Page 50]

RFC 1213                         MIB-II                       March 1991


                      segment may be sent from the managed node to the
                      other TCP endpoint (note however that RST segments
                      are not sent reliably)."
@@ -2206,14 +1892,6 @@
              SYNTAX  Counter
              ACCESS  read-only
              STATUS  mandatory



SNMP Working Group                                             [Page 51]

RFC 1213                         MIB-II                       March 1991


              DESCRIPTION
                      "The total number of segments received in error
                      (e.g., bad TCP checksums)."
@@ -2263,13 +1941,6 @@
                      of an application at the destination port."
              ::= { udp 3 }



SNMP Working Group                                             [Page 52]

RFC 1213                         MIB-II                       March 1991


          udpOutDatagrams OBJECT-TYPE
              SYNTAX  Counter
              ACCESS  read-only
@@ -2318,14 +1989,6 @@
              STATUS  mandatory
              DESCRIPTION
                      "The local IP address for this UDP listener.  In



SNMP Working Group                                             [Page 53]

RFC 1213                         MIB-II                       March 1991


                      the case of a UDP listener which is willing to
                      accept datagrams for any IP interface associated
                      with the node, the value 0.0.0.0 is used."
@@ -2374,14 +2037,6 @@

          egpOutErrors OBJECT-TYPE
              SYNTAX  Counter



SNMP Working Group                                             [Page 54]

RFC 1213                         MIB-II                       March 1991


              ACCESS  read-only
              STATUS  mandatory
              DESCRIPTION
@@ -2430,14 +2085,6 @@
                      Counter,
                  egpNeighOutErrs
                      Counter,



SNMP Working Group                                             [Page 55]

RFC 1213                         MIB-II                       March 1991


                  egpNeighInErrMsgs
                      Counter,
                  egpNeighOutErrMsgs
@@ -2486,14 +2133,6 @@
              SYNTAX  INTEGER
              ACCESS  read-only
              STATUS  mandatory



SNMP Working Group                                             [Page 56]

RFC 1213                         MIB-II                       March 1991


              DESCRIPTION
                      "The autonomous system of this EGP peer.  Zero
                      should be specified if the autonomous system
@@ -2542,14 +2181,6 @@
              SYNTAX  Counter
              ACCESS  read-only
              STATUS  mandatory



SNMP Working Group                                             [Page 57]

RFC 1213                         MIB-II                       March 1991


              DESCRIPTION
                      "The number of EGP-defined error messages received
                      from this EGP peer."
@@ -2598,14 +2229,6 @@
              STATUS  mandatory
              DESCRIPTION
                      "The interval between EGP poll command



SNMP Working Group                                             [Page 58]

RFC 1213                         MIB-II                       March 1991


                      retransmissions (in hundredths of a second).  This
                      represents the t3 timer as defined in RFC 904."
              ::= { egpNeighEntry 13 }
@@ -2654,14 +2277,6 @@
                      "The autonomous system number of this EGP entity."
              ::= { egp 6 }




SNMP Working Group                                             [Page 59]

RFC 1213                         MIB-II                       March 1991


          -- the Transmission group

          -- Based on the transmission media underlying each interface
@@ -2710,14 +2325,6 @@

          snmpOutPkts OBJECT-TYPE
              SYNTAX  Counter



SNMP Working Group                                             [Page 60]

RFC 1213                         MIB-II                       March 1991


              ACCESS  read-only
              STATUS  mandatory
              DESCRIPTION
@@ -2767,13 +2374,6 @@
                      decoding received SNMP Messages."
              ::= { snmp 6 }



SNMP Working Group                                             [Page 61]

RFC 1213                         MIB-II                       March 1991


          -- { snmp 7 } is not used

          snmpInTooBigs OBJECT-TYPE
@@ -2822,14 +2422,6 @@
                      contains the value `readOnly' in the error-status
                      field, as such this object is provided as a means
                      of detecting incorrect implementations of the



SNMP Working Group                                             [Page 62]

RFC 1213                         MIB-II                       March 1991


                      SNMP."
              ::= { snmp 11 }

@@ -2878,14 +2470,6 @@

          snmpInGetNexts OBJECT-TYPE
              SYNTAX  Counter



SNMP Working Group                                             [Page 63]

RFC 1213                         MIB-II                       March 1991


              ACCESS  read-only
              STATUS  mandatory
              DESCRIPTION
@@ -2935,13 +2519,6 @@
                      `tooBig.'"
              ::= { snmp 20 }



SNMP Working Group                                             [Page 64]

RFC 1213                         MIB-II                       March 1991


          snmpOutNoSuchNames OBJECT-TYPE
              SYNTAX  Counter
              ACCESS  read-only
@@ -2990,14 +2567,6 @@
              SYNTAX  Counter
              ACCESS  read-only
              STATUS  mandatory



SNMP Working Group                                             [Page 65]

RFC 1213                         MIB-II                       March 1991


              DESCRIPTION
                      "The total number of SNMP Get-Next PDUs which have
                      been generated by the SNMP protocol entity."
@@ -3046,14 +2615,6 @@
                      object be stored in non-volatile memory so that it
                      remains constant between re-initializations of the
                      network management system."



SNMP Working Group                                             [Page 66]

RFC 1213                         MIB-II                       March 1991


              ::= { snmp 30 }

          END

 opends/src/snmp/resource/mib/rfc2605.txt


 opends/src/snmp/resource/mib/rfc2788.txt


 opends/src/snmp/resource/security/opends-snmp.security

@@ -1,6 +1,35 @@
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE
# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#      Copyright 2008 Sun Microsystems, Inc.
#
#
localEngineID=0x8000002a017f000001000000a1
localEngineBoots=0

# Admin User to use to add access controls for users
userEntry=localEngineID,snmpAdmin,null,usmHMACMD5AuthProtocol,passadmin

# User to clone no read or write acess
userEntry=localEngineID,defaultUser,,usmHMACMD5AuthProtocol,password,,,3,true



 opends/src/snmp/src/org/opends/server/snmp/SNMPClassLoaderProvider.java

@@ -116,6 +116,8 @@

    private SnmpV3AdaptorServer snmpAdaptor;

    private String contextName;

    /**
     * Default constructor.
     */
@@ -222,6 +224,7 @@
        this.snmpPort = this.currentConfig.getListenPort();
        this.snmpTrapPort = this.currentConfig.getTrapPort();
        this.registeredSNMPMBeans = this.currentConfig.isRegisteredMbean();
        this.contextName = this.currentConfig.getCommunity();

        // Creates all the required objects for SNMP MIB 2605 Support
        try {
@@ -262,7 +265,9 @@
            this.dsMib = new DIRECTORY_SERVER_MIBImpl(
                    this.registeredSNMPMBeans, this.mibObjName);
            this.dsMib.preRegister(this.server, this.mibObjName);
            this.dsMib.setSnmpAdaptor(snmpAdaptor);

            // Register the DS MIB into the defined context
            this.dsMib.setSnmpAdaptor(snmpAdaptor, this.contextName);

            this.server.registerMBean(this.snmpAdaptor, snmpObjName);

@@ -290,7 +295,12 @@
            this.snmpAdaptor.stop();

            this.server.unregisterMBean(this.snmpObjName);

            if (this.server.isRegistered(this.mibObjName)) {
            this.server.unregisterMBean(this.mibObjName );
            }


            this.server.unregisterMBean(new ObjectName(
                        SNMPConnectionHandlerDefinitions.SNMP_DOMAIN +
                        "type=group,name=DsMib"));

 opends/src/snmp/src/org/opends/server/snmp/SNMPInetAddressAcl.java

@@ -52,6 +52,10 @@
     * Current Security Configuration for the SNMP Connection Handler.
     */
    private SNMPConnectionHandlerCfg currentConfig;
    /**
     * If * then all the users are allowed to access in read.
     */
    private static final String ALL_MANAGERS_ALLOWED = "*";

    private TreeSet<InetAddress> hostsList;
    private boolean allManagers = false;
@@ -73,7 +77,7 @@

        // hostsList
        SortedSet tmp = this.currentConfig.getAllowedManager();
        if (tmp.isEmpty()) {
        if (tmp.contains(ALL_MANAGERS_ALLOWED)) {
            this.allManagers=true;
        }
        this.hostsList = new TreeSet<InetAddress>();

 opends/src/snmp/src/org/opends/server/snmp/SNMPUserAcl.java

@@ -52,6 +52,11 @@
     */
    private static final String DEFAULT_USER = "defaultUser";
    /**
     * Admin User for cloning mechanism.
     */
    private static final String ADMIN_USER = "snmpAdmin";

    /**
     * Current Security Configuration for the SNMP Connection Handler.
     */
    private SNMPConnectionHandlerCfg currentConfig;
@@ -101,6 +106,17 @@
     * {@inheritDoc}
     */
    public boolean checkReadPermission(String user) {

        // Test if clone user
        if (user.equals(DEFAULT_USER)) {
            return false;
        }

        // Test if clone user
        if (user.equals(ADMIN_USER)) {
            return false;
        }

        if ((this.usersList.contains(ALL_USERS_ALLOWED)) ||
                (this.usersList.contains(user))) {
            return true;
@@ -115,7 +131,7 @@
            int securityLevel) {

        // Special check for the defaultUser
        if ((user.equals(DEFAULT_USER))
        if ((user.equals(ADMIN_USER))
            && (contextName.equals("null"))
            && ((this.securityLevel.ordinal() + 1) >= securityLevel)) {
            return true;
@@ -123,6 +139,7 @@

        // Else
        if ((checkReadPermission(user))  &&
                ((checkContextName(contextName))) &&
                ((this.securityLevel.ordinal() + 1) >= securityLevel)) {
            return true;
        }
@@ -140,7 +157,7 @@
     * {@inheritDoc}
     */
    public boolean checkWritePermission(String user) {
        if (user.equals(DEFAULT_USER)) {
        if (user.equals(ADMIN_USER)) {
            return true;
        }
        return false;

 opends/tests/unit-tests-testng/src/server/org/opends/server/snmp/SNMPSyncManagerV2AccessTest.java

@@ -101,7 +101,7 @@
                new SnmpParameters();

        // Set to the allowed the community string
        params.setRdCommunity("OpenDS");
        params.setRdCommunity("OpenDS@OpenDS");

        // The newly created parameter must be associated to the agent.
        //
@@ -188,7 +188,7 @@
        return new Object[][]{
            {"public", false},
            {"private", false},
            {"OpenDS", true},
            {"OpenDS@OpenDS", true},
            {"dummy", false},
            {"", false}};
    }

 opends/tests/unit-tests-testng/src/server/org/opends/server/snmp/SNMPTrapManagerTest.java

@@ -32,14 +32,6 @@
import com.sun.management.snmp.SnmpScopedPduRequest;
import com.sun.management.snmp.SnmpEventReportDispatcher;
import com.sun.management.snmp.manager.SnmpTrapListener;
import java.net.InetAddress;
import java.util.ArrayList;
import org.opends.server.core.ModifyOperationBasis;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.types.Control;
import org.opends.server.types.DN;
import org.opends.server.types.Modification;
import org.opends.server.types.ModificationType;
import org.testng.annotations.BeforeClass;
import static org.testng.Assert.*;
import org.testng.annotations.Test;
@@ -97,8 +89,6 @@
            // Should received 1 traps
            assertEquals(trapNumbers, 1);
            
            // Nicely stop the SnmpEventReportDispatcher.
            //
            trapAgent.close();
            taskServer.terminate();

			@@ -103,13 +103,12 @@
			<adm:synopsis>
			Specifies the hosts of the managers to be granted the access rights.
			This property is required for SNMP v1 and v2 security configuration.
			An asterik (*) opens access to all managers.
			</adm:synopsis>
			<adm:default-behavior>
			<adm:alias>
			<adm:synopsis>
			An empty list opens access to all managers.
			</adm:synopsis>
			</adm:alias>
			<adm:defined>
			<adm:value>*</adm:value>
			</adm:defined>
			</adm:default-behavior>
			<adm:syntax>
			<adm:string />
			@@ -125,13 +124,12 @@
			<adm:synopsis>
			Specifies the users to be granted the access rights. This property
			is required for SNMP v3 security configuration.
			</adm:synopsis>
			<adm:default-behavior>
			<adm:alias>
			<adm:synopsis>
			An asterik (*) opens access to all users.
			</adm:synopsis>
			</adm:alias>
			<adm:default-behavior>
			<adm:defined>
			<adm:value>*</adm:value>
			</adm:defined>
			</adm:default-behavior>
			<adm:syntax>
			<adm:string />

			@@ -588,7 +588,7 @@
			protocol = ListenerDescriptor.Protocol.SNMP;
			protocolDescription = INFO_SNMP_PROTOCOL_LABEL.get();
			boolean enabled = "true".equalsIgnoreCase(
			getFirstValue(entry, "ds-cfg-connection-handler-enabled"));
			getFirstValue(entry, "ds-cfg-enabled"));
			if (enabled)
			{
			state = ListenerDescriptor.State.ENABLED;

			@@ -1,13 +1,3 @@
			--
			-- @(#)file mib_core.txt
			-- @(#)author Sun Microsystems, Inc.
			-- @(#)version 1.4
			-- @(#)date 03/05/30
			--
			-- The file contains all the definitions scattered around many different
			-- RFCs.
			--

			CORE-MIB DEFINITIONS ::= BEGIN

			@@ -24,12 +24,6 @@
			-- with this syntax are declared as having



			SNMP Working Group [Page 12]

			RFC 1213 MIB-II March 1991


			--
			-- SIZE (0..255)

			@@ -80,12 +74,6 @@
			STATUS mandatory



			SNMP Working Group [Page 13]

			RFC 1213 MIB-II March 1991


			DESCRIPTION
			"A textual description of the entity. This value
			should include the full name and version
			@@ -134,14 +122,6 @@

			sysName OBJECT-TYPE
			SYNTAX DisplayString (SIZE (0..255))



			SNMP Working Group [Page 14]

			RFC 1213 MIB-II March 1991


			ACCESS read-write
			STATUS mandatory
			DESCRIPTION
			@@ -190,14 +170,6 @@
			6 may also be counted."
			::= { system 7 }




			SNMP Working Group [Page 15]

			RFC 1213 MIB-II March 1991


			-- the Interfaces group

			-- Implementation of the Interfaces group is mandatory for
			@@ -246,14 +218,6 @@
			SEQUENCE {
			ifIndex
			INTEGER,



			SNMP Working Group [Page 16]

			RFC 1213 MIB-II March 1991


			ifDescr
			DisplayString,
			ifType
			@@ -302,14 +266,6 @@
			SYNTAX INTEGER
			ACCESS read-only
			STATUS mandatory



			SNMP Working Group [Page 17]

			RFC 1213 MIB-II March 1991


			DESCRIPTION
			"A unique value for each interface. Its value
			ranges between 1 and the value of ifNumber. The
			@@ -358,14 +314,6 @@
			softwareLoopback(24),
			eon(25), -- CLNP over IP [11]
			ethernet-3Mbit(26),



			SNMP Working Group [Page 18]

			RFC 1213 MIB-II March 1991


			nsip(27), -- XNS over IP
			slip(28), -- generic SLIP
			ultra(29), -- ULTRA technologies
			@@ -414,14 +362,6 @@
			"The interface's address at the protocol layer
			immediately `below' the network layer in the
			protocol stack. For interfaces which do not have



			SNMP Working Group [Page 19]

			RFC 1213 MIB-II March 1991


			such an address (e.g., a serial line), this object
			should contain an octet string of zero length."
			::= { ifEntry 6 }
			@@ -470,14 +410,6 @@
			ifInOctets OBJECT-TYPE
			SYNTAX Counter
			ACCESS read-only



			SNMP Working Group [Page 20]

			RFC 1213 MIB-II March 1991


			STATUS mandatory
			DESCRIPTION
			"The total number of octets received on the
			@@ -525,15 +457,6 @@
			errors preventing them from being deliverable to a
			higher-layer protocol."
			::= { ifEntry 14 }




			SNMP Working Group [Page 21]

			RFC 1213 MIB-II March 1991


			ifInUnknownProtos OBJECT-TYPE
			SYNTAX Counter
			ACCESS read-only
			@@ -582,14 +505,6 @@
			STATUS mandatory
			DESCRIPTION
			"The number of outbound packets which were chosen



			SNMP Working Group [Page 22]

			RFC 1213 MIB-II March 1991


			to be discarded even though no errors had been
			detected to prevent their being transmitted. One
			possible reason for discarding such a packet could
			@@ -638,14 +553,6 @@
			-- Implementation of the Address Translation group is
			-- mandatory for all systems. Note however that this group
			-- is deprecated by MIB-II. That is, it is being included



			SNMP Working Group [Page 23]

			RFC 1213 MIB-II March 1991


			-- solely for compatibility with MIB-I nodes, and will most
			-- likely be excluded from MIB-III nodes. From MIB-II and
			-- onwards, each network protocol group contains its own
			@@ -694,14 +601,6 @@
			SEQUENCE {
			atIfIndex
			INTEGER,



			SNMP Working Group [Page 24]

			RFC 1213 MIB-II March 1991


			atPhysAddress
			PhysAddress,
			atNetAddress
			@@ -750,14 +649,6 @@
			"The NetworkAddress (e.g., the IP address)
			corresponding to the media-dependent `physical'
			address."



			SNMP Working Group [Page 25]

			RFC 1213 MIB-II March 1991


			::= { atEntry 3 }


			@@ -806,14 +697,6 @@
			DESCRIPTION
			"The total number of input datagrams received from
			interfaces, including those received in error."



			SNMP Working Group [Page 26]

			RFC 1213 MIB-II March 1991


			::= { ip 3 }

			ipInHdrErrors OBJECT-TYPE
			@@ -862,14 +745,6 @@

			ipInUnknownProtos OBJECT-TYPE
			SYNTAX Counter



			SNMP Working Group [Page 27]

			RFC 1213 MIB-II March 1991


			ACCESS read-only
			STATUS mandatory
			DESCRIPTION
			@@ -918,14 +793,6 @@
			STATUS mandatory
			DESCRIPTION
			"The number of output IP datagrams for which no



			SNMP Working Group [Page 28]

			RFC 1213 MIB-II March 1991


			problem was encountered to prevent their
			transmission to their destination, but which were
			discarded (e.g., for lack of buffer space). Note
			@@ -974,14 +841,6 @@
			DESCRIPTION
			"The number of IP datagrams successfully re-
			assembled."



			SNMP Working Group [Page 29]

			RFC 1213 MIB-II March 1991


			::= { ip 15 }

			ipReasmFails OBJECT-TYPE
			@@ -1028,16 +887,6 @@
			this entity."
			::= { ip 19 }






			SNMP Working Group [Page 30]

			RFC 1213 MIB-II March 1991


			-- the IP address table

			-- The IP address table contains this entity's IP addressing
			@@ -1085,15 +934,6 @@
			information pertains."
			::= { ipAddrEntry 1 }





			SNMP Working Group [Page 31]

			RFC 1213 MIB-II March 1991


			ipAdEntIfIndex OBJECT-TYPE
			SYNTAX INTEGER
			ACCESS read-only
			@@ -1142,14 +982,6 @@
			datagrams received on this interface."
			::= { ipAddrEntry 5 }




			SNMP Working Group [Page 32]

			RFC 1213 MIB-II March 1991


			-- the IP routing table

			-- The IP routing table contains an entry for each route
			@@ -1199,17 +1031,6 @@
			ipRouteMetric5
			INTEGER,



			SNMP Working Group [Page 33]

			RFC 1213 MIB-II March 1991


			ipRouteInfo
			OBJECT IDENTIFIER
			}

			ipRouteDest OBJECT-TYPE
			SYNTAX IpAddress
			ACCESS read-write
			@@ -1254,14 +1075,6 @@
			ACCESS read-write
			STATUS mandatory
			DESCRIPTION



			SNMP Working Group [Page 34]

			RFC 1213 MIB-II March 1991


			"An alternate routing metric for this route. The
			semantics of this metric are determined by the
			routing-protocol specified in the route's
			@@ -1311,13 +1124,6 @@

			invalid(2), -- an invalidated route



			SNMP Working Group [Page 35]

			RFC 1213 MIB-II March 1991


			-- route to directly
			direct(3), -- connected (sub-)network

			@@ -1366,14 +1172,6 @@
			-- protocols
			egp(5),
			ggp(6),



			SNMP Working Group [Page 36]

			RFC 1213 MIB-II March 1991


			hello(7),
			rip(8),
			is-is(9),
			@@ -1423,13 +1221,6 @@
			255.255.0.0 class-B
			255.255.255.0 class-C



			SNMP Working Group [Page 37]

			RFC 1213 MIB-II March 1991


			If the value of the ipRouteDest is 0.0.0.0 (a
			default route), then the mask value is also
			0.0.0.0. It should be noted that all IP routing
			@@ -1478,14 +1269,6 @@
			SYNTAX SEQUENCE OF IpNetToMediaEntry
			ACCESS not-accessible
			STATUS mandatory



			SNMP Working Group [Page 38]

			RFC 1213 MIB-II March 1991


			DESCRIPTION
			"The IP Address Translation table used for mapping
			from IP addresses to physical addresses."
			@@ -1534,14 +1317,6 @@
			"The media-dependent `physical' address."
			::= { ipNetToMediaEntry 2 }




			SNMP Working Group [Page 39]

			RFC 1213 MIB-II March 1991


			ipNetToMediaNetAddress OBJECT-TYPE
			SYNTAX IpAddress
			ACCESS read-write
			@@ -1590,14 +1365,6 @@
			to be discarded even though they are valid. One
			possible reason for discarding such an entry could
			be to free-up buffer space for other routing



			SNMP Working Group [Page 40]

			RFC 1213 MIB-II March 1991


			entries."
			::= { ip 23 }

			@@ -1645,15 +1412,6 @@
			received."
			::= { icmp 4 }





			SNMP Working Group [Page 41]

			RFC 1213 MIB-II March 1991


			icmpInParmProbs OBJECT-TYPE
			SYNTAX Counter
			ACCESS read-only
			@@ -1702,14 +1460,6 @@
			ACCESS read-only
			STATUS mandatory
			DESCRIPTION



			SNMP Working Group [Page 42]

			RFC 1213 MIB-II March 1991


			"The number of ICMP Timestamp (request) messages
			received."
			::= { icmp 10 }
			@@ -1758,14 +1508,6 @@
			DESCRIPTION
			"The number of ICMP messages which this entity did
			not send due to problems discovered within ICMP



			SNMP Working Group [Page 43]

			RFC 1213 MIB-II March 1991


			such as a lack of buffers. This value should not
			include errors discovered outside the ICMP layer
			such as the inability of IP to route the resultant
			@@ -1814,14 +1556,6 @@
			STATUS mandatory
			DESCRIPTION
			"The number of ICMP Redirect messages sent. For a



			SNMP Working Group [Page 44]

			RFC 1213 MIB-II March 1991


			host, this object will always be zero, since hosts
			do not send redirects."
			::= { icmp 20 }
			@@ -1869,15 +1603,6 @@
			sent."
			::= { icmp 25 }





			SNMP Working Group [Page 45]

			RFC 1213 MIB-II March 1991


			icmpOutAddrMaskReps OBJECT-TYPE
			SYNTAX Counter
			ACCESS read-only
			@@ -1926,14 +1651,6 @@
			particular, when the timeout algorithm is rsre(3),
			an object of this type has the semantics of the
			LBOUND quantity described in RFC 793."



			SNMP Working Group [Page 46]

			RFC 1213 MIB-II March 1991


			::= { tcp 2 }


			@@ -1983,13 +1700,6 @@
			LISTEN state."
			::= { tcp 6 }



			SNMP Working Group [Page 47]

			RFC 1213 MIB-II March 1991


			tcpAttemptFails OBJECT-TYPE
			SYNTAX Counter
			ACCESS read-only
			@@ -2038,14 +1748,6 @@
			SYNTAX Counter
			ACCESS read-only
			STATUS mandatory



			SNMP Working Group [Page 48]

			RFC 1213 MIB-II March 1991


			DESCRIPTION
			"The total number of segments sent, including
			those on current connections but excluding those
			@@ -2094,14 +1796,6 @@
			tcpConnRemPort }
			::= { tcpConnTable 1 }




			SNMP Working Group [Page 49]

			RFC 1213 MIB-II March 1991


			TcpConnEntry ::=
			SEQUENCE {
			tcpConnState
			@@ -2150,14 +1844,6 @@
			connection.

			As an implementation-specific option, a RST



			SNMP Working Group [Page 50]

			RFC 1213 MIB-II March 1991


			segment may be sent from the managed node to the
			other TCP endpoint (note however that RST segments
			are not sent reliably)."
			@@ -2206,14 +1892,6 @@
			SYNTAX Counter
			ACCESS read-only
			STATUS mandatory



			SNMP Working Group [Page 51]

			RFC 1213 MIB-II March 1991


			DESCRIPTION
			"The total number of segments received in error
			(e.g., bad TCP checksums)."
			@@ -2263,13 +1941,6 @@
			of an application at the destination port."
			::= { udp 3 }



			SNMP Working Group [Page 52]

			RFC 1213 MIB-II March 1991


			udpOutDatagrams OBJECT-TYPE
			SYNTAX Counter
			ACCESS read-only
			@@ -2318,14 +1989,6 @@
			STATUS mandatory
			DESCRIPTION
			"The local IP address for this UDP listener. In



			SNMP Working Group [Page 53]

			RFC 1213 MIB-II March 1991


			the case of a UDP listener which is willing to
			accept datagrams for any IP interface associated
			with the node, the value 0.0.0.0 is used."
			@@ -2374,14 +2037,6 @@

			egpOutErrors OBJECT-TYPE
			SYNTAX Counter



			SNMP Working Group [Page 54]

			RFC 1213 MIB-II March 1991


			ACCESS read-only
			STATUS mandatory
			DESCRIPTION
			@@ -2430,14 +2085,6 @@
			Counter,
			egpNeighOutErrs
			Counter,



			SNMP Working Group [Page 55]

			RFC 1213 MIB-II March 1991


			egpNeighInErrMsgs
			Counter,
			egpNeighOutErrMsgs
			@@ -2486,14 +2133,6 @@
			SYNTAX INTEGER
			ACCESS read-only
			STATUS mandatory



			SNMP Working Group [Page 56]

			RFC 1213 MIB-II March 1991


			DESCRIPTION
			"The autonomous system of this EGP peer. Zero
			should be specified if the autonomous system
			@@ -2542,14 +2181,6 @@
			SYNTAX Counter
			ACCESS read-only
			STATUS mandatory



			SNMP Working Group [Page 57]

			RFC 1213 MIB-II March 1991


			DESCRIPTION
			"The number of EGP-defined error messages received
			from this EGP peer."
			@@ -2598,14 +2229,6 @@
			STATUS mandatory
			DESCRIPTION
			"The interval between EGP poll command



			SNMP Working Group [Page 58]

			RFC 1213 MIB-II March 1991


			retransmissions (in hundredths of a second). This
			represents the t3 timer as defined in RFC 904."
			::= { egpNeighEntry 13 }
			@@ -2654,14 +2277,6 @@
			"The autonomous system number of this EGP entity."
			::= { egp 6 }




			SNMP Working Group [Page 59]

			RFC 1213 MIB-II March 1991


			-- the Transmission group

			-- Based on the transmission media underlying each interface
			@@ -2710,14 +2325,6 @@

			snmpOutPkts OBJECT-TYPE
			SYNTAX Counter



			SNMP Working Group [Page 60]

			RFC 1213 MIB-II March 1991


			ACCESS read-only
			STATUS mandatory
			DESCRIPTION
			@@ -2767,13 +2374,6 @@
			decoding received SNMP Messages."
			::= { snmp 6 }



			SNMP Working Group [Page 61]

			RFC 1213 MIB-II March 1991


			-- { snmp 7 } is not used

			snmpInTooBigs OBJECT-TYPE
			@@ -2822,14 +2422,6 @@
			contains the value `readOnly' in the error-status
			field, as such this object is provided as a means
			of detecting incorrect implementations of the



			SNMP Working Group [Page 62]

			RFC 1213 MIB-II March 1991


			SNMP."
			::= { snmp 11 }

			@@ -2878,14 +2470,6 @@

			snmpInGetNexts OBJECT-TYPE
			SYNTAX Counter



			SNMP Working Group [Page 63]

			RFC 1213 MIB-II March 1991


			ACCESS read-only
			STATUS mandatory
			DESCRIPTION
			@@ -2935,13 +2519,6 @@
			`tooBig.'"
			::= { snmp 20 }



			SNMP Working Group [Page 64]

			RFC 1213 MIB-II March 1991


			snmpOutNoSuchNames OBJECT-TYPE
			SYNTAX Counter
			ACCESS read-only
			@@ -2990,14 +2567,6 @@
			SYNTAX Counter
			ACCESS read-only
			STATUS mandatory



			SNMP Working Group [Page 65]

			RFC 1213 MIB-II March 1991


			DESCRIPTION
			"The total number of SNMP Get-Next PDUs which have
			been generated by the SNMP protocol entity."
			@@ -3046,14 +2615,6 @@
			object be stored in non-volatile memory so that it
			remains constant between re-initializations of the
			network management system."



			SNMP Working Group [Page 66]

			RFC 1213 MIB-II March 1991


			::= { snmp 30 }

			END

			@@ -1,6 +1,35 @@
			# CDDL HEADER START
			#
			# The contents of this file are subject to the terms of the
			# Common Development and Distribution License, Version 1.0 only
			# (the "License"). You may not use this file except in compliance
			# with the License.
			#
			# You can obtain a copy of the license at
			# trunk/opends/resource/legal-notices/OpenDS.LICENSE
			# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
			# See the License for the specific language governing permissions
			# and limitations under the License.
			#
			# When distributing Covered Code, include this CDDL HEADER in each
			# file and include the License file at
			# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
			# add the following below this CDDL HEADER, with the fields enclosed
			# by brackets "[]" replaced with your own identifying information:
			# Portions Copyright [yyyy] [name of copyright owner]
			#
			# CDDL HEADER END
			#
			# Copyright 2008 Sun Microsystems, Inc.
			#
			#
			localEngineID=0x8000002a017f000001000000a1
			localEngineBoots=0

			# Admin User to use to add access controls for users
			userEntry=localEngineID,snmpAdmin,null,usmHMACMD5AuthProtocol,passadmin

			# User to clone no read or write acess
			userEntry=localEngineID,defaultUser,,usmHMACMD5AuthProtocol,password,,,3,true

			@@ -116,6 +116,8 @@

			private SnmpV3AdaptorServer snmpAdaptor;

			private String contextName;

			/**
			* Default constructor.
			*/
			@@ -222,6 +224,7 @@
			this.snmpPort = this.currentConfig.getListenPort();
			this.snmpTrapPort = this.currentConfig.getTrapPort();
			this.registeredSNMPMBeans = this.currentConfig.isRegisteredMbean();
			this.contextName = this.currentConfig.getCommunity();

			// Creates all the required objects for SNMP MIB 2605 Support
			try {
			@@ -262,7 +265,9 @@
			this.dsMib = new DIRECTORY_SERVER_MIBImpl(
			this.registeredSNMPMBeans, this.mibObjName);
			this.dsMib.preRegister(this.server, this.mibObjName);
			this.dsMib.setSnmpAdaptor(snmpAdaptor);

			// Register the DS MIB into the defined context
			this.dsMib.setSnmpAdaptor(snmpAdaptor, this.contextName);

			this.server.registerMBean(this.snmpAdaptor, snmpObjName);

			@@ -290,7 +295,12 @@
			this.snmpAdaptor.stop();

			this.server.unregisterMBean(this.snmpObjName);

			if (this.server.isRegistered(this.mibObjName)) {
			this.server.unregisterMBean(this.mibObjName );
			}


			this.server.unregisterMBean(new ObjectName(
			SNMPConnectionHandlerDefinitions.SNMP_DOMAIN +
			"type=group,name=DsMib"));

			@@ -52,6 +52,10 @@
			* Current Security Configuration for the SNMP Connection Handler.
			*/
			private SNMPConnectionHandlerCfg currentConfig;
			/**
			* If * then all the users are allowed to access in read.
			*/
			private static final String ALL_MANAGERS_ALLOWED = "*";

			private TreeSet<InetAddress> hostsList;
			private boolean allManagers = false;
			@@ -73,7 +77,7 @@

			// hostsList
			SortedSet tmp = this.currentConfig.getAllowedManager();
			if (tmp.isEmpty()) {
			if (tmp.contains(ALL_MANAGERS_ALLOWED)) {
			this.allManagers=true;
			}
			this.hostsList = new TreeSet<InetAddress>();

			@@ -52,6 +52,11 @@
			*/
			private static final String DEFAULT_USER = "defaultUser";
			/**
			* Admin User for cloning mechanism.
			*/
			private static final String ADMIN_USER = "snmpAdmin";

			/**
			* Current Security Configuration for the SNMP Connection Handler.
			*/
			private SNMPConnectionHandlerCfg currentConfig;
			@@ -101,6 +106,17 @@
			* {@inheritDoc}
			*/
			public boolean checkReadPermission(String user) {

			// Test if clone user
			if (user.equals(DEFAULT_USER)) {
			return false;
			}

			// Test if clone user
			if (user.equals(ADMIN_USER)) {
			return false;
			}

			if ((this.usersList.contains(ALL_USERS_ALLOWED)) \|\|
			(this.usersList.contains(user))) {
			return true;
			@@ -115,7 +131,7 @@
			int securityLevel) {

			// Special check for the defaultUser
			if ((user.equals(DEFAULT_USER))
			if ((user.equals(ADMIN_USER))
			&& (contextName.equals("null"))
			&& ((this.securityLevel.ordinal() + 1) >= securityLevel)) {
			return true;
			@@ -123,6 +139,7 @@

			// Else
			if ((checkReadPermission(user)) &&
			((checkContextName(contextName))) &&
			((this.securityLevel.ordinal() + 1) >= securityLevel)) {
			return true;
			}
			@@ -140,7 +157,7 @@
			* {@inheritDoc}
			*/
			public boolean checkWritePermission(String user) {
			if (user.equals(DEFAULT_USER)) {
			if (user.equals(ADMIN_USER)) {
			return true;
			}
			return false;

			@@ -101,7 +101,7 @@
			new SnmpParameters();

			// Set to the allowed the community string
			params.setRdCommunity("OpenDS");
			params.setRdCommunity("OpenDS@OpenDS");

			// The newly created parameter must be associated to the agent.
			//
			@@ -188,7 +188,7 @@
			return new Object[][]{
			{"public", false},
			{"private", false},
			{"OpenDS", true},
			{"OpenDS@OpenDS", true},
			{"dummy", false},
			{"", false}};
			}

			@@ -32,14 +32,6 @@
			import com.sun.management.snmp.SnmpScopedPduRequest;
			import com.sun.management.snmp.SnmpEventReportDispatcher;
			import com.sun.management.snmp.manager.SnmpTrapListener;
			import java.net.InetAddress;
			import java.util.ArrayList;
			import org.opends.server.core.ModifyOperationBasis;
			import org.opends.server.protocols.internal.InternalClientConnection;
			import org.opends.server.types.Control;
			import org.opends.server.types.DN;
			import org.opends.server.types.Modification;
			import org.opends.server.types.ModificationType;
			import org.testng.annotations.BeforeClass;
			import static org.testng.Assert.*;
			import org.testng.annotations.Test;
			@@ -97,8 +89,6 @@
			// Should received 1 traps
			assertEquals(trapNumbers, 1);

			// Nicely stop the SnmpEventReportDispatcher.
			//
			trapAgent.close();
			taskServer.terminate();