idnits 2.17.1 draft-ietf-madman-dsa-mib-1-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? == Mismatching filename: the document gives the document name as 'draft-ietf-madman-ds-mib-1-10', but the file name used is 'draft-ietf-madman-dsa-mib-1-10' == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 30 longer pages, the longest (page 2) being 60 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 8 instances of too long lines in the document, the longest one being 4 characters in excess of 72. ** The abstract seems to contain references ([19]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. -- The abstract seems to indicate that this document obsoletes RFC1567, but the header doesn't have an 'Obsoletes:' line to match this. Miscellaneous warnings: ---------------------------------------------------------------------------- == Line 187 has weird spacing: '...monitor sever...' == Line 190 has weird spacing: '... the networ...' == Line 195 has weird spacing: '...ers the porti...' == Line 197 has weird spacing: '...ed part of th...' == Line 209 has weird spacing: '...mple as possi...' == (16 more instances...) == Couldn't figure out when the document was first submitted -- there may comments or warnings related to the use of a disclaimer for pre-RFC5378 work that could not be issued because of this. Please check the Legal Provisions document at https://trustee.ietf.org/license-info to determine if you need the pre-RFC5378 disclaimer. -- The document date (February 1999) is 9201 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? '19' on line 1131 looks like a reference -- Missing reference section? '1' on line 1049 looks like a reference -- Missing reference section? '2' on line 1054 looks like a reference -- Missing reference section? '3' on line 1058 looks like a reference -- Missing reference section? '4' on line 1061 looks like a reference -- Missing reference section? '5' on line 1064 looks like a reference -- Missing reference section? '6' on line 1070 looks like a reference -- Missing reference section? '7' on line 1076 looks like a reference -- Missing reference section? '8' on line 1082 looks like a reference -- Missing reference section? '9' on line 1087 looks like a reference -- Missing reference section? '10' on line 1092 looks like a reference -- Missing reference section? '11' on line 1098 looks like a reference -- Missing reference section? '12' on line 1169 looks like a reference -- Missing reference section? '13' on line 1107 looks like a reference -- Missing reference section? '14' on line 1113 looks like a reference -- Missing reference section? '15' on line 1170 looks like a reference -- Missing reference section? '16' on line 1122 looks like a reference -- Missing reference section? '17' on line 1124 looks like a reference -- Missing reference section? '18' on line 1128 looks like a reference -- Missing reference section? '20' on line 1134 looks like a reference -- Missing reference section? '21' on line 1138 looks like a reference -- Missing reference section? '22' on line 1143 looks like a reference Summary: 8 errors (**), 0 flaws (~~), 10 warnings (==), 24 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MADMAN Working Group Glenn Mansfield [glenn@cysols.com] 3 INTERNET-DRAFT Cyber Solutions Inc. 4 draft-ietf-madman-ds-mib-1-10.txt S.E.Kille [S.Kille@isode.com] 5 Isode Ltd. 6 February 1999 8 Directory Server Monitoring MIB 10 Status of this Memo 12 This document is an Internet-Draft and is in full conformance with 13 all provisions of Section 10 of RFC2026. Internet Drafts are working 14 documents of the Internet Engineering Task Force (IETF), its Areas, 15 and its working groups. Note that other groups may also distribute 16 working documents as Internet-Drafts. 18 Internet-Drafts are draft documents valid for a maximum of six months 19 and may be updated, replaced, or obsoleted by other documents 20 at any time. It is inappropriate to use Internet- Drafts as 21 reference material or to cite them other than as "work in progress." 23 The list of current Internet-Drafts can be accessed at 24 http://www.ietf.org/ietf/1id-abstracts.txt 26 The list of Internet-Draft Shadow Directories can be accessed at 27 http://www.ietf.org/shadow.html. 29 Abstract 31 This memo defines a portion of the Management Information Base (MIB) 32 for use with network management protocols in the Internet community. 33 This memo obsoletes RFC 1567 "X.500 Directory Monitoring MIB". This 34 memo extends that specification to a more generic MIB for monitoring 35 one or more directory servers each of which may support multiple 36 access protocols. The MIB defined in this memo will be used in 37 conjunction with the NETWORK-SERVICES-MIB [19] for monitoring 38 Directory Servers. 40 Table of Contents 42 1. The SNMP Network Management Framework ......................... 3 43 2. The Directory Services Model .................................. 4 44 3. MIB Model for Directory Management ............................ 5 45 4. MIB design .................................................... 6 46 5. The Directory Server Monitoring MIB ........................... 7 47 6. Intellectual Property .........................................25 48 7. Changes from RFC1567 ..........................................25 49 8. Acknowledgements ..............................................25 50 9. References ....................................................26 51 Security Considerations ...........................................28 52 Authors' Addresses ................................................29 53 Full Copyright Statement ..........................................30 55 1. The SNMP Network Management Framework 57 The SNMP Network Management Framework presently consists of five 58 major components: 60 o An overall architecture, described in RFC 2271 [1]. 62 o Mechanisms for describing and naming objects and events for the 63 purpose of management. The first version of this Structure of 64 Management Information (SMI) is called SMIv1 and described in 65 RFC 1155 [2], RFC 1212 [3] and RFC 1215 [4]. The second version, 66 called SMIv2, is described in RFC 1902 [5], RFC 1903 [6] and RFC 67 1904 [7]. 69 o Message protocols for transferring management information. The 70 first version of the SNMP message protocol is called SNMPv1 and 71 described in RFC 1157 [8]. A second version of the SNMP message 72 protocol, which is not an Internet standards track protocol, is 73 called SNMPv2c and described in RFC 1901 [9] and RFC 1906 [10]. 74 The third version of the message protocol is called SNMPv3 and 75 described in RFC 1906 [10], RFC 2272 [11] and RFC 2274 [12]. 77 o Protocol operations for accessing management information. The 78 first set of protocol operations and associated PDU formats is 79 described in RFC 1157 [8]. A second set of protocol operations 80 and associated PDU formats is described in RFC 1905 [13]. 82 o A set of fundamental applications described in RFC 2273 [14] and 83 the view-based access control mechanism described in RFC 2275 84 [15]. 86 Managed objects are accessed via a virtual information store, termed 87 the Management Information Base or MIB. Objects in the MIB are 88 defined using the mechanisms defined in the SMI. 90 This memo specifies a MIB module that is compliant to the SMIv2. A 91 MIB conforming to the SMIv1 can be produced through the appropriate 92 translations. The resulting translated MIB must be semantically 93 equivalent, except where objects or events are omitted because no 94 translation is possible (use of Counter64). Some machine readable 95 information in SMIv2 will be converted into textual descriptions in 96 SMIv1 during the translation process. However, this loss of machine 97 readable information is not considered to change the semantics of the 98 MIB. 100 2. The Directory Services Model. 102 The Directory comprises of a set of servers (Directory Servers). 103 Clients or Directory User Agents (DUA) are provided access to the 104 Directory which maybe local or distributed, by the Directory Servers. 105 The server maybe a X.500 Directory System Agent (DSA) [16] running 106 over the OSI suite of protocols or, a (C)LDAP[17,18] frontend to the 107 X.500 Directory System Agent or, a native LDAP Directory Server 108 running directly over TCP or other protocols, or a database acting as 109 a backend to another server, or any other application protocol, or 110 any combination of the above. A Directory Server has one or more 111 application protocol interfaces. Through these interfaces the 112 Directory Server interacts with the DUA and with the peer Directory 113 Servers. 115 Fig. 1 shows the case of a Directory Server that receives requests 116 and sends back responses in some protocol. Fig. 2 shows one possible 117 scenario where the Directory Server speaks multiple protocols. 119 +----------------+ 120 | | 121 | Directory | Directory Protocol 122 | Server X--------> 123 | | 124 | | 125 +----------------+ 127 FIG. 1. 129 +----------------+ 130 | | 131 DSP <----------X X--------> DAP 132 | Directory | 133 Other | Server | 134 Protocol <----------X X--------> LDAP 135 | | 136 +----------------+ 138 FIG. 2. 140 The Directory contains information in the form of entries. An entry 141 is a collection of attributes and is uniquely identified by a name, 142 the Distinguished Name (DN). The entries are arranged in a 143 hierarchical tree-like structure called the Directory Information 144 Tree (DIT). 146 A DUA requests a Directory Server to perform some operation on the 147 Directory. The Directory Server is responsible for performing the 148 operation and after completing its effort to carry out the request, 149 returns a response to the DUA. 151 A Directory Server may use information stored in its local database 152 or interact with (chain the request to) other Directory Servers to 153 service the DUA request. Alternatively, a Directory Server may return 154 a reference to another Directory Server (referral). 156 The local database of a Directory Server consists of the part of the 157 Directory that is mastered by the Directory Server, the part of the 158 Directory for which it keeps slave copies and cached information that 159 is gathered during the operation of the Directory Server. 161 In the connection oriented mode a DUA "binds" to a Directory Server 162 with a particular identification. The Directory Server may 163 authenticate the identity of the DUA. In the connectionless mode as 164 is employed in CLDAP no binding and/authentication is carried out 165 between the DUA and the Directory Server. The following type of 166 operations are carried out by the Directory Server : Read, Compare, 167 Addition of an Entry (AddEntry), Modification of an Entry 168 (ModifyEntry), Modification of a DN (ModifyRDN), Deletion of an Entry 169 (RemoveEntry), List, Search, Abandon. Some Directory Servers do not 170 support some type of operations. For example CLDAP does not support 171 AddEntry, ModifyEntry, ModifyRDN, RemoveEntry etc. In response to 172 requests results and/or errors are returned by the Directory Server. 174 In the distributed Directory data is often replicated to enhance 175 performance and for other advantages. The data to be replicated is 176 transferred from the "Supplier" Directory Server to the "Consumer" 177 Directory Server according to the replication agreement between the 178 supplier and the receiver. 180 3. MIB Model for Directory Management. 182 A Directory manager should be able to monitor all the Directory 183 Servers in his/her domain of management. The Directory Servers may be 184 running on one or more hosts and, multiple Directory Servers may be 185 running on the same host. 187 The manager may wish to monitor several aspects of the operational 188 Directory Servers. He/she may want to know the process related 189 aspects- the resource utilization of an operational Directory Server; 190 the network service related aspects e.g. inbound-associations, 191 outbound-associations, operational status, and finally the 192 information specific to the Directory Server application- its 193 operations and performance. 195 The MIB defined in this document covers the portion which is 196 specific to Directory services. The network service related part of 197 the MIB, and the host-resources related part of the MIB, as well as 198 other parts of interest to a Manager monitoring the Directory 199 services, are covered in separate documents [19][20]. 201 The MIB will cover a group of Directory Servers. The grouping will be 202 done on some logical basis by the administrator/manager. In all 203 cases, the grouping will be reflected in the pertinent NETWORK- 204 SERVICES-MIB which will have an entry corresponding to each Directory 205 Server in the group. 207 4. MIB design. 209 The basic principle has been to keep the MIB as simple as possible. 210 The Managed objects included in the MIB are divided into three 211 tables- dsTable, dsApplIfOpsTable, and dsIntTable. 213 - The dsTable contains a list of Directory Servers. The list 214 contains a description of the Directory Servers as well as summary 215 statistics on the entries held by and the cache performance of 216 each Directory Server. The group of servers on this list is likely 217 to contain a part of, if not all, the Directory Servers in the 218 management domain. 220 - The dsApplIfOpsTable provides summary statistics on the 221 accesses, operations and errors for each application protocol 222 interface of a Directory Server. 224 - The dsIntTable provides some useful information on the 225 interaction of the monitored Directory Servers with peer Directory 226 Servers. 228 There are references to the Directory itself for static 229 information pertaining to the Directory Server. These references 230 are in the form of "Directory Distinguished Name" [21] of the 231 corresponding object. It is intended that Directory management 232 applications will use these references to obtain further 233 information on the objects of interest. 235 5. The Directory Server Monitoring MIB. 237 DIRECTORY-SERVER-MIB DEFINITIONS ::= BEGIN 239 IMPORTS 240 MODULE-IDENTITY, Counter32, Gauge32, OBJECT-TYPE 241 FROM SNMPv2-SMI 242 mib-2 FROM RFC1213-MIB 243 DisplayString, TimeStamp 244 FROM SNMPv2-TC 245 MODULE-COMPLIANCE, OBJECT-GROUP 246 FROM SNMPv2-CONF 247 ZeroBasedCounter32 248 FROM RMON2-MIB 249 applIndex, DistinguishedName, URLString 251 FROM NETWORK-SERVICES-MIB; 253 dsMIB MODULE-IDENTITY 254 LAST-UPDATED "9811070000Z" -- 7th November 1998 255 ORGANIZATION "IETF Mail and Directory Management Working 256 Group" 257 CONTACT-INFO 258 " Glenn Mansfield 259 Postal: Cyber Solutions Inc. 260 6-6-3, Minami Yoshinari 261 Aoba-ku, Sendai, Japan 989-3204. 263 Tel: +81-22-303-4012 264 Fax: +81-22-303-4015 265 E-mail: glenn@cysols.com 266 Working Group E-mail: ietf-madman@innosoft.com 267 To subscribe: ietf-madman-request@innosoft.com" 269 DESCRIPTION 270 " The MIB module for monitoring Directory Services." 272 -- revision information 274 REVISION "9811070000Z" -- 7th November 1998 275 DESCRIPTION 276 "This revision obsoletes RFC 1567. It is incompatible with 277 the original MIB and so it has been renamed from dsaMIB 278 to dsMIB." 280 REVISION "9311250000Z" -- 25th November 1993 281 DESCRIPTION 282 "The original version of this MIB was published in RFC 1567." 284 ::= { mib-2 NN } -- to be assigned by IANA 286 dsTable OBJECT-TYPE 287 SYNTAX SEQUENCE OF DsTableEntry 288 MAX-ACCESS not-accessible 289 STATUS current 290 DESCRIPTION 291 " The table holding information related to the Directory 292 Servers." 293 ::= {dsMIB 1} 295 dsTableEntry OBJECT-TYPE 296 SYNTAX DsTableEntry 297 MAX-ACCESS not-accessible 298 STATUS current 299 DESCRIPTION 300 " Entry containing summary description for a Directory 301 Server." 302 INDEX { applIndex } 303 ::= {dsTable 1} 305 -- General description of the Directory Server application will be 306 -- available in the applTable of the NETWORK-SERVICES-MIB indexed by 307 -- applIndex. 309 DsTableEntry ::= SEQUENCE { 310 dsServerType 311 BITS, 312 dsServerDescription 313 DisplayString, 315 -- Entry statistics/Cache performance 316 dsMasterEntries 317 Gauge32, 318 dsCopyEntries 319 Gauge32, 320 dsCacheEntries 321 Gauge32, 322 dsCacheHits 323 Counter32, 324 dsSlaveHits 325 Counter32 326 } 328 dsServerType OBJECT-TYPE 329 SYNTAX BITS { 330 frontEndDirectoryServer(0), 331 backEndDirectoryServer(1) 332 } 333 MAX-ACCESS read-only 334 STATUS current 335 DESCRIPTION 336 "This object indicates whether the server is 337 a frontend or, a backend or, both. If the server 338 is a frontend, then the frontEndDirectoryServer 339 bit will be set. Similarly for the backend." 340 ::= {dsTableEntry 1} 342 dsServerDescription OBJECT-TYPE 343 SYNTAX DisplayString 344 MAX-ACCESS read-only 345 STATUS current 346 DESCRIPTION 347 "A text description of the application. This information 348 is intended to identify and briefly describe the 349 application in a status display." 350 ::= {dsTableEntry 2} 352 -- A (C)LDAP frontend to the X.500 Directory will not have 353 -- MasterEntries, CopyEntries; the following counters will 354 -- be inaccessible for LDAP/CLDAP frontends to the X.500 355 -- directory: dsMasterEntries, dsCopyEntries, dsSlaveHits. 357 dsMasterEntries OBJECT-TYPE 358 SYNTAX Gauge32 359 MAX-ACCESS read-only 360 STATUS current 361 DESCRIPTION 362 " Number of entries mastered in the Directory Server." 363 ::= {dsTableEntry 3} 365 dsCopyEntries OBJECT-TYPE 366 SYNTAX Gauge32 367 MAX-ACCESS read-only 368 STATUS current 369 DESCRIPTION 370 " Number of entries for which systematic (slave) 371 copies are maintained in the Directory Server." 372 ::= {dsTableEntry 4} 374 dsCacheEntries OBJECT-TYPE 375 SYNTAX Gauge32 376 MAX-ACCESS read-only 377 STATUS current 378 DESCRIPTION 379 " Number of entries cached (non-systematic copies) in 380 the Directory Server. This will include the entries that 381 are cached partially. The negative cache is not counted." 382 ::= {dsTableEntry 5} 384 dsCacheHits OBJECT-TYPE 385 SYNTAX Counter32 386 MAX-ACCESS read-only 387 STATUS current 388 DESCRIPTION 389 " Number of operations that were serviced from 390 the locally held cache." 391 ::= {dsTableEntry 6} 393 dsSlaveHits OBJECT-TYPE 394 SYNTAX Counter32 395 MAX-ACCESS read-only 396 STATUS current 397 DESCRIPTION 398 " Number of operations that were serviced from 399 the locally held object replications ( copy- 400 entries)." 401 ::= {dsTableEntry 7} 403 dsApplIfOpsTable OBJECT-TYPE 404 SYNTAX SEQUENCE OF DsApplIfOpsEntry 405 MAX-ACCESS not-accessible 406 STATUS current 407 DESCRIPTION 408 " The table holding information related to the 409 Directory Server operations." 410 ::= {dsMIB 2} 412 dsApplIfOpsEntry OBJECT-TYPE 413 SYNTAX DsApplIfOpsEntry 414 MAX-ACCESS not-accessible 415 STATUS current 416 DESCRIPTION 417 " Entry containing operations related statistics 418 for a Directory Server." 419 INDEX { applIndex, dsApplIfProtocolIndex } 420 ::= {dsApplIfOpsTable 1} 422 DsApplIfOpsEntry ::= SEQUENCE { 424 dsApplIfProtocolIndex 425 INTEGER, 426 dsApplIfProtocol 427 OBJECT IDENTIFIER, 429 -- Bindings 431 dsApplIfUnauthBinds 432 Counter32, 433 dsApplIfSimpleAuthBinds 434 Counter32, 435 dsApplIfStrongAuthBinds 436 Counter32, 437 dsApplIfBindSecurityErrors 438 Counter32, 440 -- In-coming operations 442 dsApplIfInOps 443 Counter32, 444 dsApplIfReadOps 445 Counter32, 446 dsApplIfCompareOps 447 Counter32, 448 dsApplIfAddEntryOps 449 Counter32, 450 dsApplIfRemoveEntryOps 451 Counter32, 452 dsApplIfModifyEntryOps 453 Counter32, 454 dsApplIfModifyRDNOps 455 Counter32, 456 dsApplIfListOps 457 Counter32, 458 dsApplIfSearchOps 459 Counter32, 460 dsApplIfOneLevelSearchOps 461 Counter32, 462 dsApplIfWholeSubtreeSearchOps 463 Counter32, 465 -- Out going operations 467 dsApplIfReferrals 468 Counter32, 469 dsApplIfChainings 470 Counter32, 472 -- Errors 474 dsApplIfSecurityErrors 475 Counter32, 476 dsApplIfErrors 477 Counter32, 479 -- replications 481 dsApplIfReplicationUpdatesIn 482 Counter32, 483 dsApplIfReplicationUpdatesOut 484 Counter32, 486 -- Traffic Volume 488 dsApplIfInBytes 489 Counter32, 490 dsApplIfOutBytes 491 Counter32 492 } 494 -- CLDAP does not use binds; for the CLDAP interface of a Directory 495 -- Server the bind related counters will be inaccessible. 496 -- 497 -- CLDAP and LDAP implement "Read" and "List" operations 498 -- indirectly via the "search" operation; the following 499 -- counters will be inaccessible for the CLDAP and LDAP interfaces of 500 -- Directory Servers: dsApplIfReadOps, dsApplIfListOps 501 -- 502 -- CLDAP does not implement "Compare", "Add", "Remove", 503 -- "Modify", "ModifyRDN"; the following counters will be 504 -- inaccessible for the CLDAP interfaces of Directory Servers: 505 -- dsApplIfCompareOps, dsApplIfAddEntryOps, dsApplIfRemoveEntryOps, 506 -- dsApplIfModifyEntryOps, dsApplIfModifyRDNOps. 507 -- 508 -- CLDAP Directory Servers do not return Referrals 509 -- the following fields will remain inaccessible for 510 -- CLDAP interfaces of Directory Servers: dsApplIfReferrals. 512 dsApplIfProtocolIndex OBJECT-TYPE 513 SYNTAX INTEGER (1..2147483647) 514 MAX-ACCESS read-only 515 STATUS current 516 DESCRIPTION 517 "An index to uniquely identify an entry corresponding to a 518 application-layer protocol interface. This index is used 519 for lexicographic ordering of the table." 520 ::= {dsApplIfOpsEntry 1} 522 dsApplIfProtocol OBJECT-TYPE 523 SYNTAX OBJECT IDENTIFIER 524 MAX-ACCESS read-only 525 STATUS current 526 DESCRIPTION 527 "An identification of the protocol being used by the application 528 on this interface. For an OSI Application, this will be the 529 Application Context. For Internet applications, the IANA 530 maintains a registry[22] of the OIDs which correspond to 531 well-known applications. If the application protocol is 532 not listed in the registry, an OID value of the form 533 {applTCPProtoID port} or {applUDProtoID port} are used for 534 TCP-based and UDP-based protocols, respectively. In either 535 case 'port' corresponds to the primary port number being 536 used by the protocol. The OIDs applTCPProtoID and 537 applUDPProtoID are defined in NETWORK-SERVICES-MIB" 538 ::= {dsApplIfOpsEntry 2} 540 dsApplIfUnauthBinds OBJECT-TYPE 541 SYNTAX Counter32 542 MAX-ACCESS read-only 543 STATUS current 544 DESCRIPTION 545 " Number of unauthenticated/anonymous bind requests 546 received." 547 ::= {dsApplIfOpsEntry 3} 549 dsApplIfSimpleAuthBinds OBJECT-TYPE 550 SYNTAX Counter32 551 MAX-ACCESS read-only 552 STATUS current 553 DESCRIPTION 554 " Number of bind requests that were authenticated 555 using simple authentication procedures like password 556 checks. This includes the 557 password authentication using SASL mechanisms like 558 CRAM-MD5." 559 ::= {dsApplIfOpsEntry 4} 561 dsApplIfStrongAuthBinds OBJECT-TYPE 562 SYNTAX Counter32 563 MAX-ACCESS read-only 564 STATUS current 565 DESCRIPTION 566 " Number of bind requests that were authenticated 567 using TLS and X.500 strong authentication procedures. 568 This includes the binds that were 569 authenticated using external authentication procedures." 570 ::= {dsApplIfOpsEntry 5} 572 dsApplIfBindSecurityErrors OBJECT-TYPE 573 SYNTAX Counter32 574 MAX-ACCESS read-only 575 STATUS current 576 DESCRIPTION 577 " Number of bind requests that have been rejected 578 due to inappropriate authentication or 579 invalid credentials." 580 ::= {dsApplIfOpsEntry 6} 582 dsApplIfInOps OBJECT-TYPE 583 SYNTAX Counter32 584 MAX-ACCESS read-only 585 STATUS current 586 DESCRIPTION 587 " Number of requests received from DUAs or other 588 Directory Servers." 589 ::= {dsApplIfOpsEntry 7} 591 dsApplIfReadOps OBJECT-TYPE 592 SYNTAX Counter32 593 MAX-ACCESS read-only 594 STATUS current 595 DESCRIPTION 596 " Number of read requests received." 597 ::= {dsApplIfOpsEntry 8} 599 dsApplIfCompareOps OBJECT-TYPE 600 SYNTAX Counter32 601 MAX-ACCESS read-only 602 STATUS current 603 DESCRIPTION 604 " Number of compare requests received." 605 ::= {dsApplIfOpsEntry 9} 607 dsApplIfAddEntryOps OBJECT-TYPE 608 SYNTAX Counter32 609 MAX-ACCESS read-only 610 STATUS current 611 DESCRIPTION 612 " Number of addEntry requests received." 613 ::= {dsApplIfOpsEntry 10} 615 dsApplIfRemoveEntryOps OBJECT-TYPE 616 SYNTAX Counter32 617 MAX-ACCESS read-only 618 STATUS current 619 DESCRIPTION 620 " Number of removeEntry requests received." 621 ::= {dsApplIfOpsEntry 11} 623 dsApplIfModifyEntryOps OBJECT-TYPE 624 SYNTAX Counter32 625 MAX-ACCESS read-only 626 STATUS current 627 DESCRIPTION 628 " Number of modifyEntry requests received." 629 ::= {dsApplIfOpsEntry 12} 631 dsApplIfModifyRDNOps OBJECT-TYPE 632 SYNTAX Counter32 633 MAX-ACCESS read-only 634 STATUS current 635 DESCRIPTION 636 " Number of modifyRDN requests received." 637 ::= {dsApplIfOpsEntry 13} 639 dsApplIfListOps OBJECT-TYPE 640 SYNTAX Counter32 641 MAX-ACCESS read-only 642 STATUS current 643 DESCRIPTION 644 " Number of list requests received." 645 ::= {dsApplIfOpsEntry 14} 647 dsApplIfSearchOps OBJECT-TYPE 648 SYNTAX Counter32 649 MAX-ACCESS read-only 650 STATUS current 651 DESCRIPTION 652 " Number of search requests- baseObject searches, 653 oneLevel searches and whole subtree searches, 654 received." 655 ::= {dsApplIfOpsEntry 15} 657 dsApplIfOneLevelSearchOps OBJECT-TYPE 658 SYNTAX Counter32 659 MAX-ACCESS read-only 660 STATUS current 661 DESCRIPTION 662 " Number of oneLevel search requests received." 663 ::= {dsApplIfOpsEntry 16} 665 dsApplIfWholeSubtreeSearchOps OBJECT-TYPE 666 SYNTAX Counter32 667 MAX-ACCESS read-only 668 STATUS current 669 DESCRIPTION 670 " Number of whole subtree search requests received." 671 ::= {dsApplIfOpsEntry 17} 673 dsApplIfReferrals OBJECT-TYPE 674 SYNTAX Counter32 675 MAX-ACCESS read-only 676 STATUS current 677 DESCRIPTION 678 " Number of referrals returned in response 679 to requests for operations." 680 ::= {dsApplIfOpsEntry 18} 682 dsApplIfChainings OBJECT-TYPE 683 SYNTAX Counter32 684 MAX-ACCESS read-only 685 STATUS current 686 DESCRIPTION 687 " Number of operations forwarded by this Directory Server 688 to other Directory Servers." 689 ::= {dsApplIfOpsEntry 19} 691 dsApplIfSecurityErrors OBJECT-TYPE 692 SYNTAX Counter32 693 MAX-ACCESS read-only 694 STATUS current 695 DESCRIPTION 696 " Number of requests received 697 which did not meet the security requirements. " 698 ::= {dsApplIfOpsEntry 20} 700 dsApplIfErrors OBJECT-TYPE 701 SYNTAX Counter32 702 MAX-ACCESS read-only 703 STATUS current 704 DESCRIPTION 705 " Number of requests that could not be serviced 706 due to errors other than security errors, and 707 referrals. 708 A partially serviced operation will not be counted 709 as an error. 710 The errors include naming-related, update-related, 711 attribute-related and service-related errors." 712 ::= {dsApplIfOpsEntry 21} 714 -- Replication operations 716 dsApplIfReplicationUpdatesIn OBJECT-TYPE 717 SYNTAX Counter32 718 MAX-ACCESS read-only 719 STATUS current 720 DESCRIPTION 721 " Number of replication updates fetched or received from 722 supplier Directory Servers." 723 ::= {dsApplIfOpsEntry 22} 725 dsApplIfReplicationUpdatesOut OBJECT-TYPE 726 SYNTAX Counter32 727 MAX-ACCESS read-only 728 STATUS current 729 DESCRIPTION 730 " Number of replication updates sent to or taken by 731 consumer Directory Servers." 732 ::= {dsApplIfOpsEntry 23} 734 dsApplIfInBytes OBJECT-TYPE 735 SYNTAX Counter32 736 MAX-ACCESS read-only 737 STATUS current 738 DESCRIPTION 739 " Incoming traffic, in bytes, on the interface. 740 This will include requests from DUAs as well 741 responses from other Directory Servers." 742 ::= {dsApplIfOpsEntry 24} 744 dsApplIfOutBytes OBJECT-TYPE 745 SYNTAX Counter32 746 MAX-ACCESS read-only 747 STATUS current 748 DESCRIPTION 749 " Outgoing traffic in bytes on the interface. 750 This will include responses to DUAs and Directory 751 Servers as well as requests to other Directory Servers." 752 ::= {dsApplIfOpsEntry 25} 754 -- The dsIntTable contains statistical data on the peer 755 -- Directory Servers with which the monitored Directory 756 -- Server interacts or, attempts to interact. This table is 757 -- expected to provide a useful insight into the effect of 758 -- neighbours on the Directory Server's performance. 759 -- The table keeps track of the last "N" Directory Servers 760 -- with which the monitored Directory has interacted 761 -- (attempted to interact), where "N" is a locally-defined 762 -- constant. 763 -- For a multiptotocol server, statistics for each protocol 764 -- are kept separetely. 766 dsIntTable OBJECT-TYPE 767 SYNTAX SEQUENCE OF DsIntEntry 768 MAX-ACCESS not-accessible 769 STATUS current 770 DESCRIPTION 771 " Each row of this table contains some details 772 related to the history of the interaction 773 of the monitored Directory Server with its 774 peer Directory Servers." 775 ::= { dsMIB 3 } 777 dsIntEntry OBJECT-TYPE 778 SYNTAX DsIntEntry 779 MAX-ACCESS not-accessible 780 STATUS current 781 DESCRIPTION 782 " Entry containing interaction details of a Directory 783 Server with a peer Directory Server." 784 INDEX { applIndex,dsIntEntIndex, dsApplIfProtocolIndex } 785 ::= { dsIntTable 1 } 787 DsIntEntry ::= SEQUENCE { 788 dsIntEntIndex 789 INTEGER, 790 dsIntEntDirectoryName 791 DistinguishedName, 792 dsIntEntTimeOfCreation 793 TimeStamp, 794 dsIntEntTimeOfLastAttempt 795 TimeStamp, 796 dsIntEntTimeOfLastSuccess 797 TimeStamp, 798 dsIntEntFailuresSinceLastSuccess 799 Gauge32, 800 dsIntEntFailures 801 ZeroBasedCounter32, 802 dsIntEntSuccesses 803 ZeroBasedCounter32, 804 dsIntEntURL 805 URLString 806 } 808 dsIntEntIndex OBJECT-TYPE 809 SYNTAX INTEGER (1..2147483647) 810 MAX-ACCESS not-accessible 811 STATUS current 812 DESCRIPTION 813 " Together with applIndex and dsApplIfProtocolIndex, this 814 object forms the unique key to 815 identify the conceptual row which contains useful info 816 on the (attempted) interaction between the Directory 817 Server (referred to by applIndex) and a peer Directory 818 Server using a particular protocol." 819 ::= {dsIntEntry 1} 821 dsIntEntDirectoryName OBJECT-TYPE 822 SYNTAX DistinguishedName 823 MAX-ACCESS read-only 824 STATUS current 825 DESCRIPTION 826 " Distinguished Name of the peer Directory Server to 827 which this entry pertains." 828 ::= {dsIntEntry 2} 830 dsIntEntTimeOfCreation OBJECT-TYPE 831 SYNTAX TimeStamp 832 MAX-ACCESS read-only 833 STATUS current 834 DESCRIPTION 835 " The value of sysUpTime when this row was created. 836 If the entry was created before the network management 837 subsystem was initialized, this object will contain 838 a value of zero." 839 ::= {dsIntEntry 3} 841 dsIntEntTimeOfLastAttempt OBJECT-TYPE 842 SYNTAX TimeStamp 843 MAX-ACCESS read-only 844 STATUS current 845 DESCRIPTION 846 " The value of sysUpTime when the last attempt was made 847 to contact the peer Directory Server. If the last attempt 848 was made before the network management subsystem was 849 initialized, this object will contain a value of zero." 850 ::= {dsIntEntry 4} 852 dsIntEntTimeOfLastSuccess OBJECT-TYPE 853 SYNTAX TimeStamp 854 MAX-ACCESS read-only 855 STATUS current 856 DESCRIPTION 857 " The value of sysUpTime when the last attempt made to 858 contact the peer Directory Server was successful. If there 859 have been no successful attempts this entry will have a value 860 of zero. If the last successful attempt was made before 861 the network management subsystem was initialized, this 862 object will contain a value of zero." 863 ::= {dsIntEntry 5} 865 dsIntEntFailuresSinceLastSuccess OBJECT-TYPE 866 SYNTAX Gauge32 867 MAX-ACCESS read-only 868 STATUS current 869 DESCRIPTION 870 " The number of failures since the last time an 871 attempt to contact the peer Directory Server was successful. 872 If there has been no successful attempts, this counter 873 will contain the number of failures since this entry 874 was created." 875 ::= {dsIntEntry 6} 877 -- note this gauge has a maximum value of 4294967295 and, 878 -- it does not wrap.[5] 880 dsIntEntFailures OBJECT-TYPE 881 SYNTAX ZeroBasedCounter32 882 MAX-ACCESS read-only 883 STATUS current 884 DESCRIPTION 885 " Cumulative failures in contacting the peer Directory Server 886 since the creation of this entry." 887 ::= {dsIntEntry 7} 889 dsIntEntSuccesses OBJECT-TYPE 890 SYNTAX ZeroBasedCounter32 891 MAX-ACCESS read-only 892 STATUS current 893 DESCRIPTION 894 " Cumulative successes in contacting the peer Directory Server 895 since the creation of this entry." 896 ::= {dsIntEntry 8} 898 dsIntEntURL OBJECT-TYPE 899 SYNTAX URLString 900 MAX-ACCESS read-only 901 STATUS current 902 DESCRIPTION 903 " URL of the peer Directory Server." 904 ::= {dsIntEntry 9} 906 -- Conformance information 908 dsConformance OBJECT IDENTIFIER ::= { dsMIB 4 } 910 dsGroups OBJECT IDENTIFIER ::= { dsConformance 1 } 911 dsCompliances OBJECT IDENTIFIER ::= { dsConformance 2 } 913 -- Compliance statements 915 dsEntryCompliance MODULE-COMPLIANCE 916 STATUS current 917 DESCRIPTION 918 "The compliance statement for SNMP entities 919 which implement the DIRECTORY-SERVER-MIB for 920 a summary overview of the Directory Servers ." 922 MODULE -- this module 923 MANDATORY-GROUPS { dsEntryGroup } 925 ::= { dsCompliances 1 } 927 dsOpsCompliance MODULE-COMPLIANCE 928 STATUS current 929 DESCRIPTION 930 "The compliance statement for SNMP entities 931 which implement the DIRECTORY-SERVER-MIB for monitoring 932 Directory Server operations, entry statistics and cache 933 performance." 935 MODULE -- this module 936 MANDATORY-GROUPS { dsEntryGroup, dsOpsGroup } 938 ::= { dsCompliances 2 } 940 dsIntCompliance MODULE-COMPLIANCE 941 STATUS current 942 DESCRIPTION 943 " The compliance statement for SNMP entities 944 which implement the DIRECTORY-SERVER-MIB for monitoring 945 Directory Server operations and the interaction of the 946 Directory Server with peer Directory Servers." 948 MODULE -- this module 949 MANDATORY-GROUPS { dsEntryGroup, dsIntGroup } 951 ::= { dsCompliances 3 } 953 dsOpsIntCompliance MODULE-COMPLIANCE 954 STATUS current 955 DESCRIPTION 956 " The compliance statement for SNMP entities 957 which implement the DIRECTORY-SERVER-MIB for monitoring 958 Directory Server operations and the interaction of the 959 Directory Server with peer Directory Servers." 961 MODULE -- this module 962 MANDATORY-GROUPS { dsEntryGroup, dsOpsGroup, dsIntGroup } 964 ::= { dsCompliances 4 } 966 -- Units of conformance 968 dsEntryGroup OBJECT-GROUP 969 OBJECTS {dsServerType, dsServerDescription, 970 dsMasterEntries, dsCopyEntries, 971 dsCacheEntries, dsCacheHits, 972 dsSlaveHits} 973 STATUS current 974 DESCRIPTION 975 " A collection of objects for a summary overview of the 976 Directory Servers." 977 ::= { dsGroups 1 } 979 dsOpsGroup OBJECT-GROUP 980 OBJECTS { 981 dsApplIfProtocolIndex, dsApplIfProtocol, 982 dsApplIfUnauthBinds, dsApplIfSimpleAuthBinds, 983 dsApplIfStrongAuthBinds, dsApplIfBindSecurityErrors, 984 dsApplIfInOps, dsApplIfReadOps, 985 dsApplIfCompareOps, dsApplIfAddEntryOps, 986 dsApplIfRemoveEntryOps, dsApplIfModifyEntryOps, 987 dsApplIfModifyRDNOps, dsApplIfListOps, 988 dsApplIfSearchOps, dsApplIfOneLevelSearchOps, 989 dsApplIfWholeSubtreeSearchOps, dsApplIfReferrals, 990 dsApplIfChainings, dsApplIfSecurityErrors, 991 dsApplIfErrors, dsApplIfReplicationUpdatesIn, 992 dsApplIfReplicationUpdatesOut, dsApplIfInBytes, 993 dsApplIfOutBytes } 994 STATUS current 995 DESCRIPTION 996 " A collection of objects for monitoring the Directory 997 Server operations." 998 ::= { dsGroups 2 } 1000 dsIntGroup OBJECT-GROUP 1001 OBJECTS { 1002 dsIntEntDirectoryName, dsIntEntTimeOfCreation, 1003 dsIntEntTimeOfLastAttempt, dsIntEntTimeOfLastSuccess, 1004 dsIntEntFailuresSinceLastSuccess, dsIntEntFailures, 1005 dsIntEntSuccesses, dsIntEntURL} 1006 STATUS current 1007 DESCRIPTION 1008 " A collection of objects for monitoring the Directory 1009 Server's interaction with peer Directory Servers." 1010 ::= { dsGroups 3 } 1012 END 1014 6. Intellectual Property 1016 The IETF takes no position regarding the validity or scope of any 1017 intellectual property or other rights that might be claimed to 1018 pertain to the implementation or use of the technology described in 1019 this document or the extent to which any license under such rights 1020 might or might not be available; neither does it represent that it 1021 has made any effort to identify any such rights. Information on the 1022 IETF's procedures with respect to rights in standards-track and 1023 standards-related documentation can be found in BCP-11. Copies of 1024 claims of rights made available for publication and any assurances of 1025 licenses to be made available, or the result of an attempt made to 1026 obtain a general license or permission for the use of such 1027 proprietary rights by implementors or users of this specification can 1028 be obtained from the IETF Secretariat. 1030 The IETF invites any interested party to bring to its attention any 1031 copyrights, patents or patent applications, or other proprietary 1032 rights which may cover technology that may be required to practice 1033 this standard. Please address the information to the IETF Executive 1034 Director. 1036 6. Changes from RFC1567. 1038 A more general Directory model in which, several Directory 1039 protocols coexist, has been adopted for the purpose of the MIB 1040 design. The result is a generic Directory Server Monitoring MIB. 1042 7. Acknowledgements 1044 This draft is the product of discussions and deliberations carried out 1045 in the Mail and Directory Management Working Group (ietf-madman-wg). 1047 References 1049 [1] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for 1050 Describing SNMP Management Frameworks", RFC 2271, Cabletron 1051 Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research, 1052 January 1998 1054 [2] Rose, M., and K. McCloghrie, "Structure and Identification of 1055 Management Information for TCP/IP-based Internets", RFC 1155, 1056 Performance Systems International, Hughes LAN Systems, May 1990 1058 [3] Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212, 1059 Performance Systems International, Hughes LAN Systems, March 1991 1061 [4] M. Rose, "A Convention for Defining Traps for use with the SNMP", 1062 RFC 1215, Performance Systems International, March 1991 1064 [5] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Structure 1065 of Management Information for Version 2 of the Simple Network 1066 Management Protocol (SNMPv2)", RFC 1902, SNMP Research,Inc., Cisco 1067 Systems, Inc., Dover Beach Consulting, Inc., International Network 1068 Services, January 1996. 1070 [6] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Textual 1071 Conventions for Version 2 of the Simple Network Management Protocol 1072 (SNMPv2)", RFC 1903, SNMP Research, Inc., Cisco Systems, Inc., 1073 Dover Beach Consulting, Inc., International Network Services, 1074 January 1996. 1076 [7] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Conformance 1077 Statements for Version 2 of the Simple Network Management Protocol 1078 (SNMPv2)", RFC 1904, SNMP Research, Inc., Cisco Systems, Inc., 1079 Dover Beach Consulting, Inc., International Network Services, 1080 January 1996. 1082 [8] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network 1083 Management Protocol", RFC 1157, SNMP Research, Performance Systems 1084 International, Performance Systems International, MIT Laboratory 1085 for Computer Science, May 1990. 1087 [9] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1088 "Introduction to Community-based SNMPv2", RFC 1901, SNMP Research, 1089 Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc., 1090 International Network Services, January 1996. 1092 [10] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport 1093 Mappings for Version 2 of the Simple Network Management Protocol 1094 (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Inc., 1095 Dover Beach Consulting, Inc., International Network Services, 1096 January 1996. 1098 [11] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message 1099 Processing and Dispatching for the Simple Network Management 1100 Protocol (SNMP)", RFC 2272, SNMP Research, Inc., Cabletron Systems, 1101 Inc., BMC Software, Inc., IBM T. J. Watson Research, January 1998. 1103 [12] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for 1104 version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 1105 2274, IBM T. J. Watson Research, January 1998. 1107 [13] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol 1108 Operations for Version 2 of the Simple Network Management Protocol 1109 (SNMPv2)", RFC 1905, SNMP Research, Inc., Cisco Systems, Inc., 1110 Dover Beach Consulting, Inc., International Network Services, 1111 January 1996. 1113 [14] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 2273, 1114 SNMP Research, Inc., Secure Computing Corporation, Cisco Systems, 1115 January 1998 1117 [15] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access 1118 Control Model (VACM) for the Simple Network Management Protocol 1119 (SNMP)", RFC 2275, IBM T. J. Watson Research, BMC Software, Inc., 1120 Cisco Systems, Inc., January 1998 1122 [16] ITU-T Rec. X.501, "The Directory: Models", 1993. 1124 [17] Wahl, M., Howes, T., and S. Kille, "Lightweight Directory Access 1125 Protocol (v3)", RFC 2251, Critical Angle Inc., Netscape 1126 Communications Corp., Isode Limited, December 1997. 1128 [18] Young, A., "Connection-less Lightweight X.500 Directory 1129 Access Protocol", RFC 1798, ISODE Consortium, June 1995. 1131 [19] Freed N. and Kille, S., "Network Services 1132 Monitoring MIB", RFC 2248, Innosoft, ISODE Consortium, January 1998. 1134 [20] Grillo, P., and S. Waldbusser, "Host Resources MIB", RFC 1514, 1135 Network Innovations, Intel Corporation, Carnegie Mellon 1136 University, September 1993. 1138 [21] Wahl, W., Kille, S., Howes, T., "Lightweight Directory 1139 Access Protocol (v3): UTF-8 String Representation of 1140 Distinguished Names" RFC 2253, Critical Angle Inc., Isode Ltd., 1141 Netscape Communications Corp. December 1997. 1143 [22] http://www.isi.edu/in-notes/iana/assignments/protocol-numbers 1144 Security Considerations 1146 There are no management objects defined in this MIB that have a MAX- 1147 ACCESS clause of read-write and/or read-create. So, if this MIB is 1148 implemented correctly, then there is no risk that an intruder can 1149 alter or create any management objects of this MIB via direct SNMP 1150 SET operations. 1152 However, the information itself may partly reveal the configuration 1153 of the directory system and passively increase its vulnerability. The 1154 information could also be used to analyze network usage and traffic 1155 patterns. 1157 Therefore, it may be important in some environments to control read 1158 access to these objects and possibly to even encrypt the values of 1159 these object when sending them over the network via SNMP. Not all 1160 versions of SNMP provide features for such a secure environment. 1162 SNMPv1 by itself is such an insecure environment. Even if the 1163 network itself is secure (for example by using IPSec), even then, 1164 there is no control as to who on the secure network is allowed to 1165 access and GET (read) the objects in this MIB. 1167 It is recommended that the implementors consider the security 1168 features as provided by the SNMPv3 framework. Specifically, the use 1169 of the User-based Security Model RFC 2274 [12] and the View-based 1170 Access Control Model RFC 2275 [15] is recommended. 1172 It is then a customer/user responsibility to ensure that the SNMP 1173 entity giving access to an instance of this MIB, is properly 1174 configured to give access to those objects only to those principals 1175 (users) that have legitimate rights to access them. 1177 Authors' Addresses 1179 Glenn Mansfield 1180 Cyber Solutions Inc. 1181 6-6-3 Minami Yoshinari 1182 Aoba-ku, Sendai 989-3204 1183 Japan 1185 Phone: +81-22-303-4012 1186 EMail: glenn@cysols.com 1188 Steve E. Kille 1189 Isode Ltd. 1190 The Dome, The Square 1191 Richmond TW9 1DT 1192 UK 1194 Phone: +44-181-332-9091 1195 EMail: S.Kille@isode.com 1197 Full Copyright statement 1199 "Copyright (C) The Internet Society (date). All Rights 1200 Reserved. 1202 This document and translations of it may be copied and 1203 furnished to others, and derivative works that comment on or 1204 otherwise explain it or assist in its implmentation may be 1205 prepared, copied, published and distributed, in whole or in 1206 part, without restriction of any kind, provided that the above 1207 copyright notice and this paragraph are included on all such 1208 copies and derivative works. However, this document itself may 1209 not be modified in any way, such as by removing the copyright 1210 notice or references to the Internet Society or other Internet 1211 organizations, except as needed for the purpose of developing 1212 Internet standards in which case the procedures for copyrights 1213 defined in the Internet Standards process must be followed, or 1214 as required to translate it into languages other than English. 1216 The limited permissions granted above are perpetual and will 1217 not be revoked by the Internet Society or its successors or 1218 assigns. 1220 This document and the information contained herein is provided 1221 on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET 1222 ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR 1223 IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE 1224 OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY 1225 IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A 1226 PARTICULAR PURPOSE."