MADMAN Working Group                   Glenn Mansfield [glenn@aic.co.jp]
INTERNET-DRAFT                                       Cyber Research Inc.
draft-ietf-madman-dsa-mib-1-03.txt         S.E.Kille [S.Kille@isode.com]
                                                        ISODE Consortium
                                                              March 1997


           LDAP/CLDAP/X.500 Directory Services Monitoring MIB


Status of this Memo

   This document is an Internet Draft. Internet Drafts are working
   documents of the Internet Engineering Task Force (IETF), its Areas,
   and its Working Groups. Note that other groups may also distribute
   working documents as Internet Drafts.

   Internet Drafts are draft documents valid for a maximum of six
   months. Internet Drafts may be updated, replaced, or obsoleted by
   other documents at any time.  It is not appropriate to use Internet
   Drafts as reference material or to cite them other than as a "working
   draft" or "work in progress."

   To learn the current status of any Internet-Draft, please check the
   1id-abstracts.txt listing contained in the Internet-Drafts Shadow
   Directories on ds.internic.net, nic.nordu.net, ftp.nisc.sri.com, or
   munnari.oz.au.


Abstract

   This document defines a portion of the Management Information Base
   (MIB). It defines the MIB for monitoring Directory Services. This MIB
   will be used in conjunction with the APPLICATION-MIB for monitoring
   Directory Servers (DS)s.

Table of Contents

   1.  The SNMPv2 Network Management Framework ....................... 2
   2.  The Directory Services Model .................................. 2
   3.  MIB Model for DS  Management .................................. 3
   4.  MIB design .................................................... 4
   5.  The Directory Server Monitoring MIB ........................... 5
   6.  Changes from RFC1567 ..........................................19
   7.  Acknowledgements ..............................................20
   8.  References ....................................................20
   Security Considerations ...........................................21
   Authors' Addresses ................................................21



Expires: September 7, 1997                                      [Page 1]


Internet Draft                                              March 7 1997


1.  The SNMPv2 Network Management Framework.

   The major components of the SNMPv2 Network Management framework  are
   described in the documents listed below.


         o RFC 1902 [1] defines the Structure of Management Information
           (SMI), the mechanisms used for describing and naming objects
           for the purpose of management.

         o STD 17, RFC 1213 [2] defines MIB-II, the core set of managed
           objects (MO) for the Internet suite of protocols.

         o RFC 1905 [3] defines the protocol used for network access to
           managed objects.

   Textual conventions are defined in RFC 1903 [4], and conformance
   statements are defined in RFC 1904 [5].

   The framework is adaptable/extensible by defining new MIBs to suit
   the requirements of specific applications/protocols/situations.

   1.1.  Object Definitions.


   Managed objects are accessed via a virtual information store, the
   MIB.  Objects in the MIB are defined using the subset of Abstract
   Syntax Notation One (ASN.1) defined in the SMI.  In particular, each
   object type is named by an OBJECT IDENTIFIER, which is an
   administratively assigned name.  The object type together with an
   object instance serves to uniquely identify a specific instantiation
   of the object.  For human convenience, often a textual string, termed
   the descriptor, is used to refer to the object type.

   2.  The Directory Services Model.


   In the following we adopt the X.500 model [6] which covers the X.500
   Directory System Agents (DSA) [6] which run over the OSI suite of
   protocols, (C)LDAP[7,8] frontends to DSAs and, the native LDAP
   Directory Servers which run directly over TCP or other protocols.

   The Directory contains information in the form of entries. An entry
   is a collection of attributes and is uniquely identified by a name,
   the Distinguished Name (DN). The entries are arranged in a
   hierarchical tree-like structure called the Directory Information
   Tree (DIT).




Expires: September 7, 1997                                      [Page 2]


Internet Draft                                              March 7 1997


   The Directory Server (DS) is an application process. Clients or User
   Agents (UA) are provided access to the Directory which maybe local or
   distributed, by the Directory Servers (DS).

   A client or User Agent requests a Directory Server to perform some
   operation on the Directory. The DS is responsible for performing the
   operation and after completing its effort to carry out the request,
   returns a response to the UA.

   A DS may use information stored in its local database or interact
   with (chain the request to) other DSs to service the UA request.
   Alternatively, a DS may return a reference to another DS.

   The local database of a DS consists of the part of the Directory that
   is mastered by the DS, the part of the Directory for which it keeps
   slave copies and cached information that is gathered during the
   operation of the DS.

   In the connection oriented mode a UA "binds" to a DS with a
   particular identification. The  DS may authenticate the identity of
   the UA. In the connectionless mode as is employed in CLDAP [CLDAP] no
   binding and/authentication is carried out between the UA and the DS.
   The following type of operations are carried out by the DS : Read,
   Compare, Addition of an Entry (AddEntry), Modification of an Entry
   (ModifyEntry), Modification of a DN (ModifyRDN), Deletion of an Entry
   (RemoveEntry), List, Search, Abandon. Some DSs do not support some
   type of operations. For example CLDAP does not support AddEntry,
   ModifyEntry, ModifyRDN, RemoveEntry etc.  In response to requests
   results and/or errors are returned by the DS.



   3.  MIB Model for  DS  Management.

   A DS-manager may wish to monitor  several  aspects of  the
   operational DS. He/she may want to know the process related aspects-
   the resource utilization of the operational DS;  the  network service
   related aspects e.g. inbound-associations, outbound-associations,
   operational status, and finally the information specific to the DS
   application- its operations and performance.

   The MIB defined in this document covers the  portion  which is
   specific to the DS-application. The network service related part of
   the MIB, and the host-resources related part  of the  MIB, as well
   other parts of interest to a Manager monitoring the DS-application,
   are covered in separate documents  [9][10].





Expires: September 7, 1997                                      [Page 3]


Internet Draft                                              March 7 1997


4.  MIB design.

   The basic principle has been to keep the MIB as simple as  possible.
   The Managed objects included in the MIB are divided into three
   tables- OpsTable, EntryTable and IntTable.

      - The OpsTable  provides  summary statistics on the accesses,
        operations and errors.

      - The EntriesTable  provides  summary statistics on the entries
        held by the DS and on cache performance.

      - The IntTable  provides some useful information on the
        interaction of the monitored DS with peer DSs.

   There   are  references   to   the   Directory  itself  for   static
   information  pertaining  to the DS. These references are in the form
   of "Directory Distinguished Name" [11] of the corresponding object.
   It is intended  that  DS management applications will use these
   references to obtain  further  related information on the objects of
   interest.






























Expires: September 7, 1997                                      [Page 4]


Internet Draft                                              March 7 1997


   5.  The Directory Monitoring MIB.


   DS-MIB DEFINITIONS ::= BEGIN

    IMPORTS
      MODULE-IDENTITY,  Counter32, Gauge32, OBJECT-TYPE,
                 FROM SNMPv2-SMI
      DisplayString,    TimeStamp,
                 FROM SNMPv2-TC
      MODULE-COMPLIANCE, OBJECT-GROUP
                 FROM SNMPv2-CONF
      applIndex, DistinguishedName, URLString,
                 FROM NETWORK-SERVICES-MIB

    dsMIB MODULE-IDENTITY
       LAST-UPDATED "9703050000Z"
       ORGANIZATION "IETF Mail and Directory Management Working
                     Group"
    CONTACT-INFO
              "        Glenn Mansfield
               Postal: Cyber Research Inc.
                       6-6-3, Minami Yoshinari
                       Aoba-ku, Sendai, Japan 989-32.

               Tel:    +81-22-303-4012
               Fax:    +81-22-298-9654
               E-mail: glenn@aic.co.jp"
            DESCRIPTION
               " The MIB module for monitoring Directory Services."
            ::= { experimental XXX}


    dsOpsTable OBJECT-TYPE
        SYNTAX SEQUENCE OF DsOpsEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
          " The table holding information related to the
                   DS operations."
        ::= {dsMIB 1}

    dsOpsEntry OBJECT-TYPE
        SYNTAX DsOpsEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
          " Entry containing operations related statistics



Expires: September 7, 1997                                      [Page 5]


Internet Draft                                              March 7 1997


            for a DS."
        INDEX { applIndex }
        ::= {dsOpsTable 1}

    DsOpsEntry ::= SEQUENCE {

    -- Bindings

        dsAnonymousBinds
            Counter32,
        dsUnauthBinds
            Counter32,
        dsSimpleAuthBinds
            Counter32,
        dsStrongAuthBinds
            Counter32,
        dsBindSecurityErrors
            Counter32,

    -- In-coming operations

        dsInOps
            Counter32,
        dsReadOps
            Counter32,
        dsCompareOps
            Counter32,
        dsAddEntryOps
            Counter32,
        dsRemoveEntryOps
            Counter32,
        dsModifyEntryOps
            Counter32,
        dsModifyRDNOps
            Counter32,
        dsListOps
            Counter32,
        dsSearchOps
            Counter32,
        dsOneLevelSearchOps
            Counter32,
        dsWholeSubtreeSearchOps
            Counter32,

    -- Out going operations

        dsReferrals
            Counter32,



Expires: September 7, 1997                                      [Page 6]


Internet Draft                                              March 7 1997


        dsChainings
            Counter32,

    -- Errors

        dsSecurityErrors
            Counter32,
        dsErrors
            Counter32
    }

    -- CLDAP does not use binds; for A CLDAP DS the bind
    -- related counters will be inaccessible.
    --
    -- CLDAP and LDAP implement "Read" and "List" operations
    -- indirectly via the "search" operation; the following
    -- counters will be inaccessible for CLDAP and LDAP DSs:
    -- dsReadOps, dsListOps
    --
    -- CLDAP does not implement "Compare", "Add", "Remove",
    -- "Modify", "ModifyRDN"; the following counters will be
    -- inaccessible for CLDAP DSs:
    -- dsCompareOps, dsAddEntryOps,  dsRemoveEntryOps,
    -- dsModifyEntryOps, dsModifyRDNOps.
    --
    -- CLDAP and LDAP DS's do not return Referrals
    -- the following fields will remain inaccessible for
    -- CLDAP and LDAP DSs: dsReferrals.

    dsAnonymousBinds OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of anonymous  binds to this DS from UAs
            since application start."
        ::= {dsOpsEntry 1}

    dsUnauthBinds OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of un-authenticated binds to this DS since
            application start."
        ::= {dsOpsEntry 2}

    dsSimpleAuthBinds OBJECT-TYPE



Expires: September 7, 1997                                      [Page 7]


Internet Draft                                              March 7 1997


        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of binds to this DS that were authenticated
            using simple authentication procedures since
            application start."
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Section 8.1.2.1.1. and, RFC1777 Section 4.1"
        ::= {dsOpsEntry 3}

    dsStrongAuthBinds OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of binds to this DS that were authenticated
            using the strong authentication procedures since
            application start. This includes the binds that were
            authenticated using external authentication procedures."
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Sections 8.1.2.1.2 &  8.1.2.1.3. and, RFC1777 Section 4.1."
        ::= {dsOpsEntry 4}

    dsBindSecurityErrors OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of bind operations that have been rejected
            by this DS due to inappropriateAuthentication or
            invalidCredentials."
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Section 12.7.2 and, RFC1777 Section 4."
        ::= {dsOpsEntry 5}

    dsInOps OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of operations forwarded to this DS
            from UAs or other DSs since application
            start up."
        ::= {dsOpsEntry 6}



Expires: September 7, 1997                                      [Page 8]


Internet Draft                                              March 7 1997


    dsReadOps OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of read operations serviced by
            this DS since application startup."
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Section 9.1."
        ::= {dsOpsEntry 7}

    dsCompareOps OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of compare operations serviced by
            this DS  since application startup."
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Section 9.2. and, RFC1777 section 4.8"
        ::= {dsOpsEntry 8}

    dsAddEntryOps OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of addEntry operations serviced by
            this DS since application startup."
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Section 11.1. and, RFC1777 Section 4.5."
        ::= {dsOpsEntry 9}

    dsRemoveEntryOps OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of removeEntry operations serviced by
            this DS since application startup."
         REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Section 11.2. and, RFC1777 Section 4.6."
        ::= {dsOpsEntry 10}




Expires: September 7, 1997                                      [Page 9]


Internet Draft                                              March 7 1997


    dsModifyEntryOps OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of modifyEntry operations serviced by
            this DS since application startup."
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Section 11.3. and, RFC1777 Section 4.4."
        ::= {dsOpsEntry 11}

    dsModifyRDNOps OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of modifyRDN operations serviced by
                   this DS since application startup."
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Section 11.4.and, RFC1777 Section 4.7"
        ::= {dsOpsEntry 12}

    dsListOps OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of list operations serviced by
            this DS since application startup."
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Section 10.1."
        ::= {dsOpsEntry 13}

    dsSearchOps OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of search operations- baseObject searches,
            oneLevel searches and  wholeSubtree searches,
            serviced by this DS  since application startup."
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Section 10.2. and, RFC1777 Section 4.3."
        ::= {dsOpsEntry 14}



Expires: September 7, 1997                                     [Page 10]


Internet Draft                                              March 7 1997


    dsOneLevelSearchOps OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of oneLevel search operations serviced
            by this DS since application startup."
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Section 10.2.2.2. and, RFC1777 Section 4.3."
        ::= {dsOpsEntry 15}

    dsWholeSubtreeSearchOps   OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of wholeSubtree search operations serviced
            by this DS since application startup."
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Section 10.2.2.2. and, RFC1777 Section 4.3."
        ::= {dsOpsEntry 16}

    dsReferrals OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of referrals returned by this DS in response
            to requests for operations since application startup."
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Section 12.6."
        ::= {dsOpsEntry 17}

    dsChainings OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of operations forwarded by this DS
            to other DSs since application startup."
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.518, 1988:
            Section 14."
        ::= {dsOpsEntry 18}




Expires: September 7, 1997                                     [Page 11]


Internet Draft                                              March 7 1997


    dsSecurityErrors OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of operations forwarded to this DS
            which did not meet the security requirements. "
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Section 12.7. and, RFC1777 Section 4."
        ::= {dsOpsEntry 19}

    dsErrors  OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of operations that could not be serviced
            due to errors other than security errors, and
            referrals.
            A partially serviced operation will not be counted
            as an error.
            The errors include NameErrors, UpdateErrors, Attribute
            errors and ServiceErrors."
        REFERENCE
          " CCITT Blue Book Fascicle VIII.8 - Rec. X.511, 1988:
            Sections 12.4, 12.5, 12.8 & 12.9. and, RFC1777 Section 4."
        ::= {dsOpsEntry 20}

    -- Entry statistics/Cache performance
    dsEntriesTable OBJECT-TYPE
        SYNTAX SEQUENCE OF DsEntriesEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
          " The table holding information related to the
            entry statistics and cache performance of the DSs."
        ::= {dsMIB 2}

    dsEntriesEntry OBJECT-TYPE
        SYNTAX DsEntriesEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
          " Entry containing statistics pertaining to entries
            held by a DS."
        INDEX { applIndex }
        ::= {dsEntriesTable 1}



Expires: September 7, 1997                                     [Page 12]


Internet Draft                                              March 7 1997


    DsEntriesEntry ::= SEQUENCE {
        dsMasterEntries
            Gauge32,
        dsCopyEntries
            Gauge32,
        dsCacheEntries
            Gauge32,
        dsCacheHits
            Counter32,
        dsSlaveHits
            Counter32
    }

   -- A (C)LDAP frontend to the X.500 Directory will not have
   -- MasterEntries, CopyEntries; the following counters will
   -- be inaccessible for LDAP/CLDAP frontends to the X.500
   -- directory: dsMasterEntries, dsCopyEntries, dsSlaveHits.

    dsMasterEntries OBJECT-TYPE
        SYNTAX Gauge32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of entries mastered in the DS."
        ::= {dsEntriesEntry 1}

    dsCopyEntries OBJECT-TYPE
        SYNTAX Gauge32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of entries for which systematic (slave)
            copies are maintained in the DS."
        ::= {dsEntriesEntry 2}

    dsCacheEntries OBJECT-TYPE
        SYNTAX Gauge32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of entries cached (non-systematic copies) in
            the DS. This will include the entries that are
            cached partially. The negative cache is not counted."
        ::= {dsEntriesEntry 3}







Expires: September 7, 1997                                     [Page 13]


Internet Draft                                              March 7 1997


    dsCacheHits OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of operations that were serviced from
            the locally held cache since application
            startup."
        ::= {dsEntriesEntry 4}

    dsSlaveHits  OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Number of operations that were serviced from
            the locally held object replications ( shadow
            entries) since application startup."
        ::= {dsEntriesEntry 5}


    -- The dsIntTable contains statistical data on the peer DSs
    -- with which the monitored DSs (attempt to) interact.  This
    -- table  will provide a useful insight into  the   effect of
    -- neighbours on the DS performance.
    -- The table keeps track of the last "N" DSs with which  the
    -- monitored  DSs  has  interacted  (attempted to interact),
    -- where "N" is a locally-defined constant.

    dsIntTable OBJECT-TYPE
        SYNTAX  SEQUENCE OF DsIntEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
          " Each row of this table contains some details
            related to the history of the interaction
            of the monitored DSs with their respective
            peer DSs."
        ::= { dsMIB 3 }












Expires: September 7, 1997                                     [Page 14]


Internet Draft                                              March 7 1997


    dsIntEntry OBJECT-TYPE
        SYNTAX  DsIntEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
          " Entry containing interaction details of a DS
            with a peer DS."
        INDEX { applIndex,dsIntIndex }
        ::= { dsIntTable 1 }

    DsIntEntry ::= SEQUENCE {
       dsIntIndex
                 INTEGER,
       dsName
                 DistinguishedName,
       dsTimeOfCreation
                 TimeStamp,
       dsTimeOfLastAttempt
                 TimeStamp,
       dsTimeOfLastSuccess
                 TimeStamp,
       dsFailuresSinceLastSuccess
                 Counter32,
       dsFailures
                 Counter32,
       dsSuccesses
                 Counter32,
       dsURL
                 URLString
    }

    dsIntIndex  OBJECT-TYPE
        SYNTAX INTEGER (1..2147483647)
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
          " Together with applIndex it forms the unique key to
            identify the conceptual row which contains useful info
            on the (attempted) interaction between the DS (referred
            to by applIndex) and a peer DS."
        ::= {dsIntEntry 1}

    dsName  OBJECT-TYPE
        SYNTAX DistinguishedName
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Distinguished Name of the peer DS to which this



Expires: September 7, 1997                                     [Page 15]


Internet Draft                                              March 7 1997


            entry pertains."
        ::= {dsIntEntry 2}

    dsTimeOfCreation  OBJECT-TYPE
        SYNTAX TimeStamp
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " The value of sysUpTime when this row was created.
            If the entry was created before the network management
            subsystem was initialized, this object will contain
            a value of zero."
        ::= {dsIntEntry 3}

    dsTimeOfLastAttempt  OBJECT-TYPE
        SYNTAX TimeStamp
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " The value of sysUpTime when the last attempt was made
            to contact this DS. If the last attempt was made before
            the network management subsystem was initialized, this
            object will contain a value of zero."
        ::= {dsIntEntry 4}

    dsTimeOfLastSuccess  OBJECT-TYPE
        SYNTAX TimeStamp
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " The value of sysUpTime when the last attempt made to
            contact this DS was successful. If there have
            been no successful attempts this entry will have a value
            of zero. If the last successful attempt was made before
            the network management subsystem was initialized, this
            object will contain a value of zero."
        ::= {dsIntEntry 5}














Expires: September 7, 1997                                     [Page 16]


Internet Draft                                              March 7 1997


    dsFailuresSinceLastSuccess  OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " The number of failures since the last time an
            attempt to contact this DS was successful. If
            there has been no successful attempts, this counter
            will contain the number of failures since this entry
            was created."
        ::= {dsIntEntry 6}

    dsFailures  OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Cumulative failures since the creation of
            this entry."
        ::= {dsIntEntry 7}

    dsSuccesses  OBJECT-TYPE
        SYNTAX Counter32
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " Cumulative successes since the creation of
            this entry."
        ::= {dsIntEntry 8}

    dsURL  OBJECT-TYPE
        SYNTAX URLString
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
          " URL of the DS application."
        ::= {dsIntEntry 9}














Expires: September 7, 1997                                     [Page 17]


Internet Draft                                              March 7 1997


    -- Conformance information

    dsConformance OBJECT IDENTIFIER ::= { dsMIB 4 }

    dsGroups      OBJECT IDENTIFIER ::= { dsConformance 1 }
    dsCompliances OBJECT IDENTIFIER ::= { dsConformance 2 }

    -- Compliance statements

    dsOpsCompliance MODULE-COMPLIANCE
        STATUS  current
        DESCRIPTION
                "The compliance statement for SNMPv2 entities
                which implement the DS-MIB for monitoring
                DS operations."

        MODULE  -- this module
            MANDATORY-GROUPS { dsOpsGroup }

        ::= { dsCompliances 1 }

    dsEntryCompliance MODULE-COMPLIANCE
        STATUS  current
        DESCRIPTION
                "The compliance statement for SNMPv2 entities
                which implement the DS-MIB for monitoring
                DS operations,  entry statistics and cache
                performance."

        MODULE  -- this module
            MANDATORY-GROUPS { dsOpsGroup,dsEntryGroup }

        ::= { dsCompliances 2 }

    dsIntCompliance MODULE-COMPLIANCE
        STATUS  current
        DESCRIPTION
                " The compliance statement  for SNMPv2  entities
                  which implement the DS-MIB for monitoring DS
                  operations and the interaction of the DS with
                  peer DSs."

        MODULE  -- this module
        MANDATORY-GROUPS { dsOpsGroup, dsIntGroup }

        ::= { dsCompliances 3 }





Expires: September 7, 1997                                     [Page 18]


Internet Draft                                              March 7 1997


    -- Units of conformance

    dsOpsGroup    OBJECT-GROUP
        OBJECTS {
          dsAnonymousBinds,  dsUnauthBinds,       dsSimpleAuthBinds,
          dsStrongAuthBinds, dsBindSecurityErrors,dsInOps,
          dsReadOps,         dsCompareOps,        dsAddEntryOps,
          dsRemoveEntryOps,  dsModifyEntryOps,    dsModifyRDNOps,
          dsListOps,         dsSearchOps,         dsOneLevelSearchOps,
          dsWholeSubtreeSearchOps,dsReferrals,    dsChainings,
          dsSecurityErrors,  dsErrors}
        STATUS  current
        DESCRIPTION
                " A collection of objects for monitoring the DS
                  operations."
        ::= { dsGroups 1 }

    dsEntryGroup    OBJECT-GROUP
        OBJECTS {dsMasterEntries,   dsCopyEntries,       dsCacheEntries,
                 dsCacheHits,       dsSlaveHits}
        STATUS  current
        DESCRIPTION
                " A collection of objects for monitoring the DS
                  entry statistics and cache performance."
        ::= { dsGroups 2 }

    dsIntGroup    OBJECT-GROUP
        OBJECTS {
          dsName,     dsTimeOfCreation, dsTimeOfLastAttempt,
          dsTimeOfLastSuccess, dsFailuresSinceLastSuccess,dsFailures,
          dsSuccesses,         dsURL}
        STATUS  current
        DESCRIPTION
                " A collection of objects for monitoring the DS's
                  interaction with peer DSs."
        ::= { dsGroups 3 }


   END

6.  Changes from RFC1567.

     - dsURL MO has been added
     - The MO  called dsWholeTreeSearchOps has been renamed to
       dsWholeSubtreeSearchOps
     - Some cosmetic changes in the DESCRIPTION clauses
     - The MIB has been been generalised to  cover (C)LDAP frontends
       to the X.500 directory, and native LDAP based Directory servers



Expires: September 7, 1997                                     [Page 19]


Internet Draft                                              March 7 1997


       o the directory operations have been abstracted
       o the MO definitions are generalised.

7.  Acknowledgements

This draft is the product of discussions and deliberations carried out
in the Mail and Directory Management Working Group (ietf-madman-wg).

8.  References

   [1] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Structure
       of Management Information for version 2 of the Simple Network
       Management Protocol (SNMPv2)", RFC 1902, SNMP Research,Inc.,
       Hughes LAN Systems, Dover Beach Consulting, Inc., Carnegie Mellon
       University, January 1996.

   [2] McCloghrie, K., and M. Rose, Editors, "Management Information
       Base for Network Management of TCP/IP-based internets: MIB-II",
       STD 17, RFC 1213, Hughes LAN Systems, Performance Systems
       International, March 1991.

   [3] Case, J., McCloghrie, K., Rose, M., and S, Waldbusser, "Protocol
       Operations for version 2 of the Simple Network Management
       Protocol (SNMPv2)", RFC 1905, SNMP Research,Inc., Hughes LAN
       Systems, Dover Beach Consulting, Inc., Carnegie Mellon
       University, January 1996.

   [4] Case, J., McCloghrie, K., Rose, M., Waldbusser, S., "Textual
       Conventions for Version 2 of the Simple Network Management Protocol
       (SNMPv2)", RFC 1903, January 1996.

   [5] Case, J., McCloghrie, K., Rose, M., Waldbusser, S., "Conformance
       Statements for Version 2 of the Simple Network Management Protocol
       (SNMPv2)", RFC 1904, January 1996.


   [6] CCITT Blue Book, "Data Communication Networks: Directory",
       Recommendations X.500-X.521, December 1988.

   [7] Yeong, W., Howes, T., and Kille, S., "Lightweight Directory
       Access Protocol", RFC 1777,  Performance Systems International,
       University of Michigan, ISODE Consortium, March 1995.

   [8] Young, A., "Connection-less Lightweight X.500 Directory
       Access Protocol", RFC 1798, ISODE Consortium, June 1995.

   [9] Kille, S., WG Chair, and N. Freed, Editor, "The Network Services
       Monitoring MIB", RFC 1565, ISODE Consortium, Innosoft, January



Expires: September 7, 1997                                     [Page 20]


Internet Draft                                              March 7 1997


       1994.

   [10]Grillo, P., and S. Waldbusser, "Host Resources MIB", RFC 1514,
       Network Innovations, Intel Corporation, Carnegie Mellon
       University, September 1993.

   [11]Kille, S., "A String Representation of Distinguished Names (OSI-
       DS 23 (v5))", RFC 1485, ISODE Consortium, July 1993.

   [12]Kille, S., Huizer, E., Cerf, V., Hobby, R., and S. Kent, "A
       Strategic Plan for Deploying an Internet X.500 Directory
       Service", RFC 1430, ISODE Consortium, SURFnet bv, Corporation for
       National Research Initiatives, University of California, Davis,
       Bolt, Beranek and Newman, February 1993.

Security Considerations

   Security issues are not discussed in this memo.

Authors' Addresses

   Glenn Mansfield
   Cyber Research Inc.
   6-6-3 Minami Yoshinari
   Aoba-ku, Sendai 989-32
   Japan

   Phone: +81-22-303-4012
   EMail: glenn@aic.co.jp


   Steve E. Kille
   ISODE Consortium
   The Dome, The Square
   Richmond TW9 1DT
   UK

   Phone: +44-181-332-9091
   EMail: S.Kille@isode.com












Expires: September 7, 1997                                     [Page 21]