From a3f4db1fa7343377e898130363c58f399e039f6b Mon Sep 17 00:00:00 2001 From: Valery Kharseko <vharseko@3a-systems.ru> Date: Wed, 28 Aug 2024 07:25:39 +0000 Subject: [PATCH] [#376] JMX fix docs with "Allow insecure authentication" (#380) --- opendj-doc-generated-ref/src/main/docbkx/admin-guide/chap-monitoring.xml | 75 +++++++++++++++++++++++++------------ 1 files changed, 51 insertions(+), 24 deletions(-) diff --git a/opendj-doc-generated-ref/src/main/docbkx/admin-guide/chap-monitoring.xml b/opendj-doc-generated-ref/src/main/docbkx/admin-guide/chap-monitoring.xml index 6032203..29a6758 100644 --- a/opendj-doc-generated-ref/src/main/docbkx/admin-guide/chap-monitoring.xml +++ b/opendj-doc-generated-ref/src/main/docbkx/admin-guide/chap-monitoring.xml @@ -21,6 +21,7 @@ ! CCPL HEADER END ! ! Copyright 2011-2013 ForgeRock AS + ! Portions Copyright 2024 3A Systems, LLC ! --> <chapter xml:id='chap-monitoring' @@ -192,6 +193,9 @@ xlink:show="new" xlink:role="http://docbook.org/xlink/role/olink" >Evolving</link></para> + <para>Configure the server to activate JMX access. + The following example uses the reserved port number, 1689:</para> + <screen>$ dsconfig set-connection-handler-prop --port 4444 @@ -203,33 +207,56 @@ --trustAll --no-prompt</screen> - <para>By default, no users have privileges to access the JMX connection. The - following command adds JMX privileges for Directory Manager.</para> + <para>Add appropriate privileges to access JMX monitoring information. + By default, no users have privileges to access the JMX connection. - <screen>$ dsconfig - set-root-dn-prop - --port 4444 - --hostname opendj.example.com - --bindDN "cn=Directory Manager" - --bindPassword password - --add default-root-privilege-name:jmx-notify - --add default-root-privilege-name:jmx-read - --add default-root-privilege-name:jmx-write - --trustAll - --no-prompt</screen> + The following commands create a user with JMX privileges, who can authenticate over an insecure connection:</para> - <para>You must also configure security to login remotely. See the section on - <citetitle>Using SSL</citetitle> in <link - xlink:href="http://docs.oracle.com/javase/1.5.0/docs/guide/management/agent.html#SSL_enabled" - xlink:show="new"><citetitle>Monitoring and Management Using - JMX</citetitle></link> for hints.</para> - - <para>Alternatively, you can connect to a local server process by using the - server process identifier.</para> + <screen>$ bin/dsconfig + create-password-policy + --policy-name "Allow insecure authentication" + --type password-policy + --set default-password-storage-scheme:PBKDF2-HMAC-SHA256 + --set password-attribute:userPassword + --trustAll --no-prompt + --hostname opendj.example.com + --port 4444 + --bindDN "cn=Directory Manager" + --bindPassword password</screen> - <screen>$ cat ../logs/server.pid -3363 -$ jvisualvm --openpid 3363 &</screen> + <screen>$ bin/ldapmodify --port 1389 --bindDN "cn=Directory Manager" --bindPassword password + dn: uid=JMX Monitor,dc=example,dc=com + objectClass: top + objectClass: person + objectClass: organizationalPerson + objectClass: inetOrgPerson + cn: JMX Monitor + sn: User + uid: JMX Monitor + userPassword: password + ds-privilege-name: monitor-read + ds-privilege-name: jmx-notify + ds-privilege-name: jmx-read + ds-privilege-name: jmx-write + ds-pwp-password-policy-dn: cn=Allow insecure authentication,cn=Password Policies,cn=config + + Processing ADD request for uid=JMX Monitor,dc=example,dc=com + ADD operation successful for DN uid=JMX Monitor,dc=example,dc=com + ^C + </screen> + + <para>Connect remotely.</para> + + <screen>$ jconsole &</screen> + + <para> + <itemizedlist> + <listitem>Remote process: <term><literal>service:jmx:rmi:///jndi/rmi://localhost:1689/org.opends.server.protocols.jmx.client-unknown</literal></term></listitem> + <listitem>Username: <term><literal>uid=JMX Monitor,dc=example,dc=com</literal></term></listitem> + <listitem>Password: <term><literal>password</literal></term></listitem> + <listitem>Connect -> Insecure connection</listitem> + </itemizedlist> + </para> </section> <section xml:id="monitoring-status-and-tasks"> -- Gitblit v1.10.0