No opendj metrics via JMX

[Cenness]

Describe the bug
JMX does not return any metrics for the server, except jvm, host and flag that says jmx is enabled

To Reproduce
Steps to reproduce the behavior:

1. Setup opendj
2. Run commands from listing 1
3. Download jmx_prometheus_javaagent-1.0.1.jar
4. Create jmx-exporter.yml with content from listing 2
5. Restart opendj with parameters from listing 3
6. Call curl localhost:7072/metrics | grep opends, get

org_opends_server_rootdse_active{rdn1="cn-config",rdn2="cn-Connection_Handlers",rdn3="cn-JMX_Connection_Handler",type="jmxRmiConnectorNoClientCertificateName"} 1.0

7. With jconsole connect to service:jmx:rmi:///jndi/rmi://localhost:1690/jmxrmi
8. All org.opends.server mbeans are attributeless except for jmxRmiConnectorNoClientCertificateName
9. With jconsole try connecting to service:jmx:rmi:///jndi/rmi://localhost:1690/org.opends.server.protocols.jmx.client-unknown, get connection failed

listing 1:

#enable jmx
/opt/opendj/bin/dsconfig \
  set-connection-handler-prop \
  --bindDN "$ROOT_USER_DN" \
  --bindPassword "$ROOT_PASSWORD" \
  --handler-name "JMX Connection Handler" \
  --set enabled:true \
  --trustAll \
  --no-prompt

#allow admin to access jmx
/opt/opendj/bin/dsconfig \
  set-root-dn-prop \
  --bindDN "$ROOT_USER_DN" \
  --bindPassword "$ROOT_PASSWORD" \
  --add default-root-privilege-name:jmx-notify \
  --add default-root-privilege-name:jmx-read \
  --add default-root-privilege-name:jmx-write \
  --trustAll \
  --no-prompt

listing 2

username: cn=directory manager
password: password
ssl: false
startDelaySeconds: 0
lowercaseOutputName: true
lowercaseOutputLabelNames: true

rules:
- pattern: ".*"

listing 3

-javaagent:/path/to/jmx_prometheus_javaagent-1.0.1.jar=7072:/path/to/jmx-exporter.yml
-Dcom.sun.management.jmxremote.port=1690
-Dcom.sun.management.jmxremote.rmi.port=1690
-Djava.rmi.server.hostname=127.0.0.1
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false

Expected behavior
Same metrics as you can get from ldap monitoring

Screenshots

Specs:

Ubuntu 22.04.2 LTS

--- Server Details ---
Host Name:
od-opendj-az0-0.od-opendj-hs-az0.opendj.svc.cluster.local
Administrative Users:     cn=Directory Manager
Installation Path:        /opt/opendj
Instance Path:            /opt/opendj/data
Version:                  OpenDJ Server 4.6.6-SNAPSHOT
Java Version:             19.0.2
Administration Connector: Port 4444 (LDAPS)

          --- Connection Handlers ---
Address:Port : Protocol               : State
-------------:------------------------:---------
--           : LDIF                   : Disabled
8989         : Replication            : Enabled
0.0.0.0:1389 : LDAP (allows StartTLS) : Enabled
0.0.0.0:1636 : LDAPS                  : Enabled
0.0.0.0:1689 : JMX                    : Enabled
0.0.0.0:8080 : HTTP                   : Disabled

          --- Data Sources ---
Base DN:                      dc=local
Backend ID:                   userRoot
Entries:                      134
Replication:                  Enabled
Missing Changes:              <not available>
Age of Oldest Missing Change: <not available>

Additional context
snmp doesn't work either, installed opendmk, configured as in docs and all connections to port are refused
ldap monitoring works fine

[vharseko]

setup server

./setup --addBaseEntry -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --cli --acceptLicense --no-prompt 

Configure the server to activate JMX access.
The following example uses the reserved port number, 1689:

bin/dsconfig set-connection-handler-prop --handler-name "JMX Connection Handler" --set enabled:true --trustAll --no-prompt --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password

Add appropriate privileges to access JMX monitoring information.
By default, no users have privileges to access the JMX connection. The following commands create a user with JMX privileges, who can authenticate over an insecure connection:

bin/dsconfig create-password-policy --policy-name "Allow insecure authentication"  --type password-policy --set default-password-storage-scheme:PBKDF2-HMAC-SHA256 --set password-attribute:userPassword --trustAll --no-prompt --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password

Prepare the JMX monitor user entry.
Notice the privileges and password policy settings:

bin/ldapmodify --port 1389 --bindDN "cn=Directory Manager" --bindPassword password
dn: uid=JMX Monitor,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: JMX Monitor
sn: User
uid: JMX Monitor
userPassword: password
ds-privilege-name: monitor-read
ds-privilege-name: jmx-notify
ds-privilege-name: jmx-read
ds-privilege-name: jmx-write
ds-pwp-password-policy-dn: cn=Allow insecure authentication,cn=Password Policies,cn=config

Processing ADD request for uid=JMX Monitor,dc=example,dc=com
ADD operation successful for DN uid=JMX Monitor,dc=example,dc=com
^C

Connect remotely.

jconsole

• Remote process: service:jmx:rmi:///jndi/rmi://localhost:1689/org.opends.server.protocols.jmx.client-unknown
• Username*: uid=JMX Monitor,dc=example,dc=com
• Password*: password

Connect -> Insecure connection