How to use an active Directory to check SNMPv3 authentication?


I developed an SNMP agent based on Snmp4J-Agent API. Is it possible to check dynamically users security names using an Enterprise active Directoy (LDAP) ?
We assume that we have in our directory a list of users that can access the agent MIB.
Or users configurtaion should be hard-coded using the method addUsmUsers() ?


Hello Michael,

The most standard-oriented way to solve this, would be to implement your own USM like SecurityModel and use that security model as replacement of the USM.

Maybe you can reuse more code of SNMP4J’s USM but since the UsmUserTable is private in USM, that is currently not possible.

Nevertheless I will think about such use cases (external directory) and will refactor the USM to provide a pluggable interface in the near future. Thank you for the inspiration!

Best regards,

Hello Frank,
Thanks for the response.
It’s a good idea to provide this feature in next releases.
In some environment, the security access check is done using LDAP/Kerberos…