TIMETRA-LDAP-MIB DEFINITIONS ::= BEGIN IMPORTS InetAddress, InetAddressType FROM INET-ADDRESS-MIB MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP FROM SNMPv2-CONF MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE, Unsigned32 FROM SNMPv2-SMI DisplayString, RowStatus, TimeStamp, TruthValue FROM SNMPv2-TC timetraSRMIBModules, tmnxSRConfs, tmnxSRNotifyPrefix, tmnxSRObjs FROM TIMETRA-GLOBAL-MIB TNamedItemOrEmpty, TTcpUdpPort, TmnxAdminState, TmnxLongDisplayString, TmnxOperState FROM TIMETRA-TC-MIB ; timetraLdapMIBModule MODULE-IDENTITY LAST-UPDATED "201602010000Z" ORGANIZATION "Nokia" CONTACT-INFO "Nokia SROS Support Web: http://www.nokia.com" DESCRIPTION "This document is the SNMP MIB module for the Nokia SROS implementation of LDAP. Copyright 2003-2018 Nokia. All rights reserved. Reproduction of this document is authorized on the condition that the foregoing copyright notice is included. This SNMP MIB module (Specification) embodies Nokia's proprietary intellectual property. Nokia retains all title and ownership in the Specification, including any revisions. Nokia grants all interested parties a non-exclusive license to use and distribute an unmodified copy of this Specification in connection with management of Nokia products, and without fee, provided this copyright notice and license appear on all copies. This Specification is supplied `as is', and Nokia makes no warranty, either express or implied, as to the use, operation, condition, or performance of the Specification." REVISION "201602010000Z" DESCRIPTION "Rev 14.0 1 Feb 2016 00:00 Initial version of the TIMETRA-LDAP-MIB." ::= { timetraSRMIBModules 106 } tmnxLdapObjs OBJECT IDENTIFIER ::= { tmnxSRObjs 106 } tmnxLdapScalarObjs OBJECT IDENTIFIER ::= { tmnxLdapObjs 1 } tmnxLdapScalarStatsObjs OBJECT IDENTIFIER ::= { tmnxLdapScalarObjs 1 } tmnxLdapServerTableLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxLdapServerTableLastChanged indicates the timestamp of the last change to the tmnxLdapServerTable. A value of 0 indicates that no changes were made to this table since the system was last initialized." ::= { tmnxLdapScalarStatsObjs 1 } tmnxLdapScalarConfigObjs OBJECT IDENTIFIER ::= { tmnxLdapScalarObjs 2 } tmnxLdapAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the object tmnxLdapAdminState specifies the desired administrative state of the LDAP protocol operation. The value 'noop' is never allowed." DEFVAL { inService } ::= { tmnxLdapScalarConfigObjs 1 } tmnxLdapOperState OBJECT-TYPE SYNTAX TmnxOperState MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxLdapOperState indicates the operational state of the LDAP protocol. If the value is 'outOfService' then the LDAP protocol is not available for use. If the value is 'inService' then the LDAP protocol is available for use. The value will be 'inService' if the value of the object tmnxLdapServerOperState of at least one LDAP server is in 'inService' state. If the value of this object changes from 'outOfService' to 'inService' or from 'inService' to 'outOfService' then tmnxLdapOperStateChange notification will be sent." ::= { tmnxLdapScalarConfigObjs 2 } tmnxLdapRetryAttempts OBJECT-TYPE SYNTAX Unsigned32 (1..10) MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the object tmnxLdapRetryAttempts specifies the number of times an attempt to connect to an LDAP server should be retried." DEFVAL { 3 } ::= { tmnxLdapScalarConfigObjs 3 } tmnxLdapTimeout OBJECT-TYPE SYNTAX Unsigned32 (1..90) UNITS "Seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the object tmnxLdapTimeout specifies the number of seconds to wait before timing out an LDAP server connection attempt." DEFVAL { 3 } ::= { tmnxLdapScalarConfigObjs 4 } tmnxLdapUseTemplate OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the object tmnxLdapUseTemplate specifies whether the LDAP user template is actively applied to the LDAP user, if no user profile data are returned from the LDAP server." DEFVAL { true } ::= { tmnxLdapScalarConfigObjs 5 } tmnxLdapPublicKeyAuthentication OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "The value of the object tmnxLdapPublicKeyAuthentication specifies whether to use SSH public key ('true') or LDAP ('false') for authentication." DEFVAL { false } ::= { tmnxLdapScalarConfigObjs 6 } tmnxLdapConfigObjs OBJECT IDENTIFIER ::= { tmnxLdapObjs 2 } tmnxLdapServerTable OBJECT-TYPE SYNTAX SEQUENCE OF TmnxLdapServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The tmnxLdapServerEntry has an entry for each LDAP server connection. The table can have up to a maximum of 5 entries." ::= { tmnxLdapConfigObjs 1 } tmnxLdapServerEntry OBJECT-TYPE SYNTAX TmnxLdapServerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "tmnxLdapServerEntry is an entry (conceptual row) in the tmnxLdapServerTable. Each entry represents the configuration for an LDAP server connection. Entries in this table can be created and deleted via SNMP SET operations to tmnxLdapServerRowStatus." INDEX { tmnxLdapServerIndex } ::= { tmnxLdapServerTable 1 } TmnxLdapServerEntry ::= SEQUENCE { tmnxLdapServerIndex Unsigned32, tmnxLdapServerLastChanged TimeStamp, tmnxLdapServerRowStatus RowStatus, tmnxLdapServerAdminState TmnxAdminState, tmnxLdapServerOperState TmnxOperState, tmnxLdapServerInetAddressType InetAddressType, tmnxLdapServerInetAddress InetAddress, tmnxLdapServerPort TTcpUdpPort, tmnxLdapServerBindAuthRootDn TmnxLongDisplayString, tmnxLdapServerBindAuthPassword DisplayString, tmnxLdapServerName TNamedItemOrEmpty, tmnxLdapServerSearch TmnxLongDisplayString, tmnxLdapServerTlsProfile TNamedItemOrEmpty } tmnxLdapServerIndex OBJECT-TYPE SYNTAX Unsigned32 (1..5) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The value of the object tmnxLdapServerIndex specifies a unique LDAP server connection." ::= { tmnxLdapServerEntry 1 } tmnxLdapServerLastChanged OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxLdapServerLastChanged indicates the timestamp of the last change to this row in tmnxLdapServerTable." ::= { tmnxLdapServerEntry 2 } tmnxLdapServerRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxLdapServerRowStatus specifies the status of the conceptual row in tmnxLdapServerTable. Rows are created and destroyed by SNMP SET operations on this object. Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are supported." ::= { tmnxLdapServerEntry 3 } tmnxLdapServerAdminState OBJECT-TYPE SYNTAX TmnxAdminState MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxLdapServerAdminState specifies the desired administrative state of the LDAP server connection. The value 'noop' is never allowed." DEFVAL { outOfService } ::= { tmnxLdapServerEntry 4 } tmnxLdapServerOperState OBJECT-TYPE SYNTAX TmnxOperState MAX-ACCESS read-only STATUS current DESCRIPTION "The value of the object tmnxLdapServerOperState indicates the operational state of this LDAP server connection. The value of this object is updated periodically if the health check functionality is enabled, otherwise its value is updated when connection to the LDAP server is attempted. If the value is 'outOfService' then this LDAP server connection is not available for use. If the value is 'inService' then this LDAP server connection is available for use. If the value of this object changes from 'outOfService' to 'inService' or from 'inService' to 'outOfService' then tmnxLdapServerOperStateChange notification will be sent." ::= { tmnxLdapServerEntry 5 } tmnxLdapServerInetAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxLdapServerInetAddressType specifies the address type of tmnxLdapServerInetAddress address. The value of tmnxLdapServerInetAddressType can be either of InetAddressType - 'unknown' or InetAddressType - 'ipv4' or InetAddressType - 'ipv6'." DEFVAL { unknown } ::= { tmnxLdapServerEntry 6 } tmnxLdapServerInetAddress OBJECT-TYPE SYNTAX InetAddress (SIZE (0|4|16)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxLdapServerInetAddress specifies the IP address of the LDAP server." DEFVAL { ''H } ::= { tmnxLdapServerEntry 7 } tmnxLdapServerPort OBJECT-TYPE SYNTAX TTcpUdpPort (1..65535) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxLdapServerPort specifies the number of IP port on which to contact the LDAP server." DEFVAL { 389 } ::= { tmnxLdapServerEntry 8 } tmnxLdapServerBindAuthRootDn OBJECT-TYPE SYNTAX TmnxLongDisplayString (SIZE (0..512)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxLdapServerBindAuthRootDn specifies the distinguished name used to authenticate with the LDAP server." DEFVAL { ''H } ::= { tmnxLdapServerEntry 9 } tmnxLdapServerBindAuthPassword OBJECT-TYPE SYNTAX DisplayString (SIZE (0..128)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxLdapServerBindAuthPassword specifies the password used to authenticate with the LDAP server." DEFVAL { ''H } ::= { tmnxLdapServerEntry 10 } tmnxLdapServerName OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxLdapServerName specifies the name assigned to this LDAP server by a user." DEFVAL { ''H } ::= { tmnxLdapServerEntry 11 } tmnxLdapServerSearch OBJECT-TYPE SYNTAX TmnxLongDisplayString (SIZE (0..512)) MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxLdapServerSearch specifies the base distinguished name for a search of user credentials." DEFVAL { ''H } ::= { tmnxLdapServerEntry 12 } tmnxLdapServerTlsProfile OBJECT-TYPE SYNTAX TNamedItemOrEmpty MAX-ACCESS read-create STATUS current DESCRIPTION "The value of the object tmnxLdapServerTlsProfile specifies a TLS certificate profile name used by this LDAP server connection." DEFVAL { ''H } ::= { tmnxLdapServerEntry 13 } tmnxLdapStatsObjs OBJECT IDENTIFIER ::= { tmnxLdapObjs 3 } tmnxLdapNotificationObjs OBJECT IDENTIFIER ::= { tmnxLdapObjs 10 } tmnxLdapConformance OBJECT IDENTIFIER ::= { tmnxSRConfs 106 } tmnxLdapCompliances OBJECT IDENTIFIER ::= { tmnxLdapConformance 1 } tmnxLdapCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the management of the LDAP feature on Nokia SROS series systems." MODULE MANDATORY-GROUPS { tmnxLdapInitialGroup, tmnxLdapNotifyGroup } ::= { tmnxLdapCompliances 1 } tmnxLdapGroups OBJECT IDENTIFIER ::= { tmnxLdapConformance 2 } tmnxLdapInitialGroups OBJECT IDENTIFIER ::= { tmnxLdapGroups 1 } tmnxLdapInitialGroup OBJECT-GROUP OBJECTS { tmnxLdapAdminState, tmnxLdapOperState, tmnxLdapRetryAttempts, tmnxLdapTimeout, tmnxLdapUseTemplate, tmnxLdapPublicKeyAuthentication, tmnxLdapServerTableLastChanged, tmnxLdapServerLastChanged, tmnxLdapServerRowStatus, tmnxLdapServerAdminState, tmnxLdapServerOperState, tmnxLdapServerInetAddressType, tmnxLdapServerInetAddress, tmnxLdapServerPort, tmnxLdapServerBindAuthRootDn, tmnxLdapServerBindAuthPassword, tmnxLdapServerName, tmnxLdapServerSearch, tmnxLdapServerTlsProfile } STATUS current DESCRIPTION "The group of objects supporting management of LDAP capabilities on Nokia SROS series systems." ::= { tmnxLdapInitialGroups 1 } tmnxLdapNotifyGroup NOTIFICATION-GROUP NOTIFICATIONS { tmnxLdapOperStateChange, tmnxLdapServerOperStateChange } STATUS current DESCRIPTION "The group of notifications supporting LDAP feature on Nokia SROS systems." ::= { tmnxLdapInitialGroups 2 } tmnxLdapNotifyPrefix OBJECT IDENTIFIER ::= { tmnxSRNotifyPrefix 106 } tmnxLdapNotifications OBJECT IDENTIFIER ::= { tmnxLdapNotifyPrefix 0 } tmnxLdapOperStateChange NOTIFICATION-TYPE OBJECTS { tmnxLdapOperState } STATUS current DESCRIPTION "[CAUSE]The tmnxLdapOperStateChange notification is generated when the tmnxLdapOperState has transitioned either from 'outOfService' to 'inService' or from 'inService' to 'outOfService' state. [EFFECT]If tmnxLdapOperState has transitioned to 'outOfService' state then the LDAP protocol is not available for use. If tmnxLdapOperState has transitioned to 'inService' state then the LDAP protocol is available for use. [RECOVERY]If the new state corresponds to the value of tmnxLdapAdminState, then this is desirable behavior and no recovery is needed. If the new state of the tmnxLdapOperState object is 'outOfService' while the value of the object tmnxLdapAdminState is 'inService', make sure that the value of tmnxLdapServerOperState of at least one LDAP server connection is 'inService'." ::= { tmnxLdapNotifications 1 } tmnxLdapServerOperStateChange NOTIFICATION-TYPE OBJECTS { tmnxLdapServerName, tmnxLdapServerOperState, tmnxLdapServerInetAddressType, tmnxLdapServerInetAddress, tmnxLdapServerPort } STATUS current DESCRIPTION "[CAUSE]The tmnxLdapServerOperStateChange notification is generated when the tmnxLdapServerOperState has transitioned either from 'outOfService' to 'inService' or from 'inService' to 'outOfService' state. [EFFECT]If tmnxLdapServerOperState has transitioned to 'outOfService' state then the particular LDAP server connection is not available for use. If tmnxLdapServerOperState has transitioned to 'inService' state then the particular LDAP server connection is available for use. [RECOVERY]If the new state corresponds to the tmnxLdapServerAdminState, then this is the desirable behavior and no recovery is needed. If the new state of the tmnxLdapServerOperState object is 'outOfService' while the value of the object tmnxLdapServerAdminState is 'inService', make sure that the LDAP server connection parameters are properly configured and the LDAP server is reachable." ::= { tmnxLdapNotifications 2 } END