Novell IDENTITY MANAGER Remote Loader Guide

Novell®
www.novell.com
Remote Loader Guide
Identity Manager
novdocx (en) 17 September 2009
AUTHORIZED DOCUMENTATION
3.6.1

Identity Manager 3.6.1 Remote Loader Guide

Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the
Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on
exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
novdocx (en) 17 September 2009
Copyright © 2007-2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or more additional patents or pending patent applications in the U.S. and in other countries.
Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com
Online Documentation: To access the latest online documentation for this and other Novell products, see
the Novell Documentation Web page (http://www.novell.com/documentation).
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/
trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
novdocx (en) 17 September 2009
novdocx (en) 17 September 2009
4 Identity Manager 3.6.1 Remote Loader Guide
Contents
About This Guide 7
1 Remote Loader Overview 9
1.1 Java Remote Loader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2 Installing the Remote Loader 13
3 Configuring the Remote Loader 15
3.1 Configuring the Remote Loader on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2 Configuring the Remote Loader for Linux/UNIX by Creating a Configuration File . . . . . . . . . . 18
3.2.1 Setting Environment Variables on Solaris, Linux, or AIX . . . . . . . . . . . . . . . . . . . . . 25
3.3 Configuring the Java Remote Loader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.4 Configuring the Identity Manager Drivers for Use with the Remote Loader . . . . . . . . . . . . . . . 34
3.5 Creating a Secure Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.5.1 Creating a Server Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.5.2 Exporting a Self-Signed Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3.5.3 Creating a Keystore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
novdocx (en) 17 September 2009
4 Managing the Remote Loader 39
4.1 Starting the Remote Loader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.1.1 Starting the Remote Loader on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.1.2 Auto-Starting the Remote Loader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
4.1.3 Starting the Remote Loader on Solaris, Linux, or AIX . . . . . . . . . . . . . . . . . . . . . . . . 42
4.2 Stopping the Remote Loader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
A Options for Configuring a Remote Loader 45
Contents 5
novdocx (en) 17 September 2009
6 Identity Manager 3.6.1 Remote Loader Guide

About This Guide

This guide contains detailed information about the Remote Loader. It explains how and when you use the Remote Loader as part of your Identity Manager solution. It also contains configuration and management information for the Remote Loader.
Chapter 1, “Remote Loader Overview,” on page 9
Chapter 2, “Installing the Remote Loader,” on page 13
Chapter 3, “Configuring the Remote Loader,” on page 15
Chapter 4, “Managing the Remote Loader,” on page 39
Appendix A, “Options for Configuring a Remote Loader,” on page 45
Audience
This guide is intended for Identity Manager administrators, partners, and consultants.
novdocx (en) 17 September 2009
Feedback
We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there.
Documentation Updates
For the most recent version of the Remote Loader Guide, visit the Identity Manager Documentation
Web site (http://www.novell.com/documentation/idm36/).
Additional Documentation
For documentation on Identity Manager, see the Identity Manager Documentation Web site (http://
www.novell.com/documentation/idm36/index.html).
Documentation Conventions
In Novell items in a cross-reference path.
A trademark symbol ( trademark.
®
documentation, a greater-than symbol (>) is used to separate actions within a step and
®
, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
About This Guide 7
novdocx (en) 17 September 2009
8 Identity Manager 3.6.1 Remote Loader Guide
1
Server
Identity Vault
Metadirectory engine
Dr iv er
Application
Identity Vault
Metadirectory engine
LDAP driver Remote Loader instance
Remote Loader
Active Directory driver
Active Directory
Server
Application
Server

Remote Loader Overview

Identity Manager has an additional feature that extends Identity Manager functionality across applications. It is called the Remote Loader, and it allows the driver to access the application without having the Identity Vault and the Metadirectory engine installed on the same server as the application. As part of the planning process when installing Identity Manager, you need to decide if you are going to use the Remote Loader or not. This section defines what the Remote Loader is and contains instructions for installing and configuring the Remote Loader.
There are two different ways to configure the installation of the Metadirectory engine. Figure 1-1 illustrates the first way. It shows that the Identity Vault, Metadirectory engine, and the driver shim all are installed and running on the same server. The driver shim is configured to communicate with the application and the Metadirectory engine.
Figure 1-1 All Components Installed on the Same Server
novdocx (en) 17 September 2009
1
Figure 1-2 illustrates both configurations. The LDAP driver is installed on the same server as the
Metadirectory engine and the Identity Vault. The Active Directory* driver is installed on different servers with the Remote Loader. The Remote Loader allows the driver to access the application without having the Identity Vault and Metadirectory engine installed on that same server.
Figure 1-2 A System Using the Remote Loader
Remote Loader Overview
9
The Remote Loader enables the Metadirectory engine to exchange data with the Identity Vault as different processes and in different locations, including the following:
novdocx (en) 17 September 2009
As a separate process on the server where the Metadirectory engine is running: The
Metadirectory engine runs as part of an eDirectory
TM
process. The Identity Manager drivers can run on the server where the Metadirectory engine is running. In fact, they can run as part of the same process as the Metadirectory engine.
However, for strategic reasons and to simplifying troubleshooting, you might want the Identity Manager driver to run as a separate process on the server.
If the driver is running as a separate process, the Remote Loader provides a communication channel between the Metadirectory engine and the driver.
On a server that is not running the Metadirectory engine: Some of the Identity Manager
drivers are unable to run where the Metadirectory engine is running. The Remote Loader enables you to run the Metadirectory engine in one environment while running an Identity Manager driver on a server in a different environment. For example, you cannot run the Active
®
Directory driver on a Linux
server. The Metadirectory engine can run on the Linux Server
while the Remote Loader runs on an Active Directory server.
Scenario: Separate Servers. The Metadirectory engine is running on a Linux Server. You
need to run the Identity Manager Driver for Active Directory. This driver is unable to run on a Linux Server because it must run in an Active Directory environment. You install and run the Remote Loader on a Windows 2003 server. The Remote Loader provides a communication channel between the Active Directory driver and the Metadirectory engine.
Scenario: Non-Host. The Metadirectory engine is running on Solaris*. You need to
communicate with a NIS system where you want to provision user accounts. That system usually doesn’t host the Metadirectory engine. You install the Remote Loader and the Identity Manager Driver for NIS on the NIS system. The Remote Loader on the NIS system runs the NIS driver and enables the Metadirectory engine and the NIS driver to exchange data.
®
Novell
recommends that you use the Remote Loader configuration for use with your drivers where possible. Use the Remote Loader even in cases where the connected system is on the same server as the Metadirectory engine. The following benefits occur by running the driver with the Remote Loader configuration:
eDirectory is protected from any exceptions encountered by the driver shim.
It improves the performance of the server running the Metadirectory engine, by offloading
driver commands to the remote application or database.
It allows you to run additional drivers on the server where the Metadirectory engine is not
installed.

1.1 Java Remote Loader

The remote loader can host a remote interface shim (DirXML application shim) on the DirXML server. To control all the instances that host such remote interface shim, you use DirXML Java Remote Loader.
The DirXML Java Remote Loader is a Java application, which runs on any system with JRE 1.3.0 or
1.4.2 (for optimal performance) and Java Sockets.
10 Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
NOTE: You run the DirXML Java Remote Loader by using a shell script named
dirxml_jremote
.
Remote Loader Overview 11
novdocx (en) 17 September 2009
12 Identity Manager 3.6.1 Remote Loader Guide
2

Installing the Remote Loader

The Remote Loader can be installed as a 32-bit application or a 64-bit application. The installation program detects the type of OS that is installed and then installs the corresponding version of the Remote Loader. For the installation instructions, see “Installing the Remote Loader” in the Identity
Manager 3.6.1 Installation Guide.
novdocx (en) 17 September 2009
2
Installing the Remote Loader
13
novdocx (en) 17 September 2009
14 Identity Manager 3.6.1 Remote Loader Guide
3

Configuring the Remote Loader

The Remote Loader uses shims to communicate with the application. A shim is the file or files that contains the code to processes the events that are synchronizing between the Identity Vault and the application.
novdocx (en) 17 September 2009
3
The Remote Loader can host the Identity Manager application shims contained in
.jar
files. The Java* Remote Loader hosts only Java driver shims. It won’t load or host a native
(C++) driver shim.
Configuring the Remote Loader is a two-step process; the Remote Loader requires configuration and the Driver object requires configuration. There are different configuration steps depending on if you are using Windows or Linux/UNIX.
Section 3.1, “Configuring the Remote Loader on Windows,” on page 15
Section 3.2, “Configuring the Remote Loader for Linux/UNIX by Creating a Configuration
File,” on page 18
Section 3.3, “Configuring the Java Remote Loader,” on page 25
Section 3.4, “Configuring the Identity Manager Drivers for Use with the Remote Loader,” on
page 34
Section 3.5, “Creating a Secure Connection,” on page 35
.dll, .so
, or

3.1 Configuring the Remote Loader on Windows

You can configure the driver on Windows through a graphical utility called the Remote Loader Console utility or from the command line.
The Remote Loader Console utility enables you to manage all Remote Loader instances for Identity Manager drivers running on the Windows server. The utility is installed during the installation of Identity Manager.
If you are upgrading, the Console detects and imports existing instances of the Remote Loader. (To be automatically imported, driver configurations must be stored in the Remote Loader directory, typically
c:\novell\remoteloader
1 Double-click the Remote Loader Console icon on the desktop to launch the Remote Loader
Console.
The Remote Loader Console allows you to start, stop, add, remove, and edit each instance of a Remote Loader.
2 Click Add to add a Remote Loader instance of your driver on this server.
3 Use the information in the following table to configure the Remote Loader instance for your
driver.
Headings Description
Description Specify a description to identify the Remote Loader instance in
.) You can then use the Console to manage the remote drivers.
the Remote Loader Console utility.
Configuring the Remote Loader
15
Headings Description
Driver Select the Java class name for the driver. If you are using the
Active Directory driver, select ADDriver.dll. Table 3-3 on
page 33 contains a list of all of the Java class names for each
driver.
Config File Specify the name of the configuration file. The Remote Loader
Console places configuration parameters into this text file and uses those parameters when it runs.
Communications IP Address: Specify the IP address where the Remote
Loader listens for connections from the Metadirectory server.
Connection Port - Metadirectory Server: Specify the
TCP port on which the Remote Loader listens for connections from the Metadirectory server.
The default TCP/IP port for this connection is 8090. With each new instance you create, the default port number automatically increases by one.
Command Port - Local host communication only:
Specify the TCP port number where a Remote Loader listens for commands such as Stop and Change Trace Level.
Each instance of the Remote Loader that runs on a particular computer must have a different command port number. The default command port is 8000. With each new instance you create, the default port number automatically increases by one.
novdocx (en) 17 September 2009
NOTE: By specifying different connection ports and command ports, you can run multiple instances of the Remote Loader on the same server, hosting different driver instances.
Remote Loader Password Specify the Remote Loader password. This password is used to
control access to a Remote Loader instance for a driver. It must be the same case-sensitive password specified in the Enter the Remote Loader Password field on the Identity Manager driver configuration page. It is important that this password be difficult to guess and be different from the driver object password.
Driver Object Password Specify the Driver Object password. The Remote Loader uses
this password to authenticate to the Metadirectory server. It must be the same case-sensitive password specified in the Driver Object Password field on the Identity Manager driver configuration page. It is important that this password be difficult to guess and be different from the Remote Loader password.
Secure Socket Layer (SSL)
Use an SSL Connection: You should always select this
option. It is used to encrypt the transfer of data between the Remote Loader and the Metadirectory server.
Trusted Root File: This is the exported self-signed
TM
certificate from the eDirectory Certificate Authority. For more information, see
Section 3.5, “Creating a Secure Connection,” on page 35.
tree’s Organization
16 Identity Manager 3.6.1 Remote Loader Guide
Headings Description
Trace File Trace Level: Specify a trace level greater than zero to
display a trace window that contains informational messages from both the Remote Loader and the driver.
The most common setting is trace level 3. If the trace level is set to 0, the trace window is not displayed.
Trace File: Specify a trace filename where trace
messages are written.
Each Remote Loader instance running on a particular machine must use a different trace file. Trace messages are written to the trace file only if the trace level is greater than zero.
Maximum Disk Space Allowed for all Trace Logs
(Mb): Specify the approximate maximum size that the trace file for this instance can occupy on disk.
NOTE: Use the tracing options only for troubleshooting issues. Having the tracing enabled reduces the performance of the Remote Loader. Do not leave the tracing enabled in production.
novdocx (en) 17 September 2009
Establish a Remote Loader service for this driver instance
Select this option if you want the Remote Loader established as a service. When this option is enabled, the operating system automatically starts the Remote Loader when the computer starts.
4 Specify the advanced configuration parameters. To do so:
4a Click Advanced to display the Advanced Configuration dialog box.
4b Modify the following settings as desired.
Parameter Description
Classpath Additional paths for the JVM to search for
package (.jar) and class (.class) files. Using this parameter is the same as using the java ­classpath command. When entering multiple class paths, separate them with a semicolon (;) for a Windows JVM and a colon (:) for a UNIX/Linux JVM.
JVM Options The options used when starting the JVM
instance of the driver.
Heap size The initial and maximum heap size for the
JVM instance.
4c Click OK, to save the advanced configuration information.
5 Click OK to save the configuration file.
If you need to change any of the parameters:
1 In the Remote Loader Console, select the Remote Loader instance from the Description
column.
Configuring the Remote Loader 17
2 Click Stop, type the Remote Loader password, then click OK.
3 Click Edit, then modify the configuration information. See Step 3 on page 15 and Step 4 on
page 17 for a description of each parameter.
4 Click OK to save the changes.

3.2 Configuring the Remote Loader for Linux/ UNIX by Creating a Configuration File

novdocx (en) 17 September 2009
For the Remote Loader to run, it requires a configuration file (for example,
LDAPShim.txt
). Windows is the only platform that provides a GUI interface to create this file. You can also create or edit a configuration file by using command line options. The following steps provide information on basic parameters for the configuration file. For information on additional parameters, see
Appendix A, “Options for Configuring a Remote Loader,” on page 45.
1 To create a configuration file, open a text editor. You should enter each parameter on a separate
line in the configuration file.
2 (Optional) Specify a description by using the
Option
-description -desc short
Secondary Name
Parameter Description
description
-description
Specify a short description string (for example, SAP) to be used for the trace window title and for
®
Novell
Example:
-description SAP
-desc SAP
The Remote Loader Console places long forms in the configuration files. You can use either a long form (for example, -description) or a short form (for example, -desc).
Audit logging.
option.
3 Specify a TCP/IP port that the Remote Loader instance will use by using the -commandport
option.
18 Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Option
-commandport -cp port number Specifies the TCP/IP port that the Remote Loader
Secondary Name
Parameter Description
instance uses for control purposes. If the Remote Loader instance is hosting an application shim, the command port is the port on which another Remote Loader instance communicates with the instance that is hosting the shim. If the Remote Loader instance is sending a command to an instance that is hosting an application shim, the command port is the port on which the hosting instance is listening. If a port is not specified, the default command port is 8000. Multiple instances of the Remote Loader can run on the same server, hosting different driver instances by specifying different connection ports and command ports.
Example:
-commandport 8001
-cp 8001
4 Specify the parameters for the connection to the Metadirectory server running the Identity
Manager remote interface shim by using the -connection option.
Use the format
-connection “parameter [parameter] [parameter]”
.
For example, type one of the following:
-connection "port=8091 rootfile=server1.pem"
-conn "port=8091 rootfile=server1.pem"
All the parameters must be included within quotation marks. Parameters include the following:
Option
-connection -conn connection
Secondary Name
Parameter Description
configuration string
Specifies the connection parameters for the connection to the Metadirectory server running the Identity Manager remote interface shim. The default connection method for the Remote Loader is TCP/IP using SSL. The default TCP/ IP port for this connection is 8090. Multiple instances of the Remote Loader can run on the same server. Each instance of the Remote Loader hosts a separate Identity Manager application shim instance. Differentiate multiple instances of the Remote Loader by specifying different connection ports and command ports for each Remote Loader instance.
Example:
-connection “port=8091 rootfile=server1.pem”
-conn “port=8091 rootfile=server1.pem”
Configuring the Remote Loader 19
novdocx (en) 17 September 2009
Option
port decimal port
Secondary Name
Parameter Description
A required parameter. It specifies the TCP/IP
number
port on which the Remote Loader listens for connections from the remote interface shim.
Example:
port=8090
address IP address An optional parameter. Specifies that the
Remote Loader listens on a particular local IP address. This is useful if the server hosting the Remote Loader has multiple IP addresses and the Remote Loader must listen on only one of the addresses.
You have three options:
address=address number address=’localhost’ Don’t use this parameter
If you don’t use the address, the Remote Loader listens on all local IP addresses.
Example:
address=137.65.134.83
fromaddress None IP address The Remote Loader only accepts connections
from the specified IP address. Any other connections are not allowed.
Example:
--conn "port=8092 fromaddress=10.0.0.2"
or
-connect "port=8094 fromaddress=metaserver1.company.com ”
handshaketimeout None number of
milliseconds
Increases the time out period of the handshake between the Remote Loader and the Metadirectory engine.
Example:
-connection “port=8091 handshaketimeout=1000”
The value can be some integer greater than or equal to zero. Zero means never time out. The non-zero number is the number of milliseconds for the time out to occur. The default value is 1000 milliseconds.
20 Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Option
rootfile A conditional parameter. If you are running SSL
Secondary Name
Parameter Description
and need the Remote Loader to communicate with a native driver, use
rootfile=’trusted certname
keystore Conditional parameter. Used only for the Identity
Manager application shims contained in files.
Specifies the filename of the Java keystore that contains the trusted root certificate of the issuer of the certificate used by the remote interface shim. This is typically the Certificate Authority of the eDirectory tree that is hosting the remote interface shim.
If you are running SSL and need the Remote Loader to communicate with a Java driver, use a key-value pair:
.jar
keystore=’keystorename’ storepass=’password
storepass storepass Used only for the Identity Manager application
shims contained in password for the Java keystore specified by the keystore parameter.
.jar
files. Specifies the
Example:
storepass=mypassword
This option applies only to the Java Remote Loader.
5 (Optional) Specify a trace parameter by using the -trace option.
Option
-trace -t integer Specifies the trace level. This is only used when
Secondary Name
Parameter Description
hosting an application shim. Trace levels correspond to those used on the Metadirectory server.
Example:
-trace 3
-t 3
6 (Optional) Specify a trace file by using the -tracefile option.
Configuring the Remote Loader 21
novdocx (en) 17 September 2009
Option
Secondary Name
Parameter Description
-tracefile -tf filename Specify a file to write trace messages to. Trace messages are written to the file if the trace level is greater than zero. Trace messages are written to the file even if the trace window is not open.
Example:
-tracefile c:\temp\trace.txt
-tf c:\temp\trace.txt
7 (Optional) Limit the size of the trace file by using the -tracefilemax option.
Option
-tracefilemax -tfm size Specifies the approximate maximum size that trace
Secondary Name
Parameter Description
file data can occupy on disk. If you specify this option, there will be a trace file with the name specified using the tracefile option and up to 9 additional “roll-over” files. The roll-over files are named using the base of the main trace filename plus _n, where n is 1 through 9.
The size parameter is the number of bytes. Specify the size by using the suffixes K, M, or G for kilobytes, megabytes, or gigabytes.
If the trace file data is larger than the specified maximum when the Remote Loader is started, the trace file data remains larger than the specified maximum until roll-over is completed through all 10 files
Example:
-tracefilemax 1000M
-tfm 1000M
In this example, the trace file can be only 1 GB.
22 Identity Manager 3.6.1 Remote Loader Guide
8 (Optional) Specify a Java parameter by using the -javaparam option.
novdocx (en) 17 September 2009
Option
-javaparam -jp java
Secondary Name
Parameter Description
Specify that the specified Java environment environment parameter
parameters are set to the specified values. The
supported parameters are
DHOST_JVM_ADD_CLASSPATH (for additional jar
files to be loaded alongwith the ones in standard
IDM classpath), DHOST_JVM_INITIAL_HEAP,
DHOST_JVM_MAX_HEAP, and
DHOST_JVM_OPTIONS.
Example:
-javaparam DHOST_JVM_MAX_HEAP=512M
-jp DHOST_JVM_MAX_HEAP=512M
9 Specify the class by using the -class option, or specify the module by using the -module option.
Configuring the Remote Loader 23
novdocx (en) 17 September 2009
Option
-class -cl Java class
Secondary Name
Parameter Description
Specifies the Java class name of the Identity
name
Manager application shim that is to be hosted.
For example, for a Java driver, use one of the following:
-class com.novell.nds.dirxml.driver.ldap.LDA PDriverShim
-cl com.novell.nds.dirxml.driver.ldap.LDA PDriverShim
Java uses a keystore to read certificates. The ­class option and the -module option are mutually exclusive.
To see a list of the Java class names see Table 3-3
on page 33.
-module -m modulename Specifies the module containing the Identity Manager application shim that is to be hosted.
For example, for a native driver, type one of the following:
-module "c:\Novell\RemoteLoader\ADDriver.dll"
-m "c:\Novell\RemoteLoader\ADDriver.dll"
or
-module "usr/lib/dirxml/ NISDriverShim.so"
-m "usr/lib/dirxml/NISDriverShim.so"
The
-module
-module
mutually exclusive.
option uses a rootfile certificate. The
option and the
-class
option are
10 Name and save the file.
You can change some settings while the Remote Loader is running. See Tab l e 3 - 1 for a list of some of these settings. For a complete list of these settings, see Appendix A, “Options for Configuring a
Remote Loader,” on page 45.
Table 3-1 Selected Remote Loader Parameters
Parameter Description
-commandport Specifies an instance of the Remote Loader.
-config Specifies a configuration file.
24 Identity Manager 3.6.1 Remote Loader Guide
Parameter Description
-javadebugport Specifies that the Remote Loader instance is to enable Java debugging on the specified port.
-password Specifies the password for authentication.
-service Installs an instance as a service. Windows only.
-tracechange Changes the trace level.
-tracefilechange Changes the name of the trace file being written to.
-unload Unloads the Remote Loader instance.
-window Turns the trace window on or off in a Remote Loader instance. Windows only.
IMPORTANT: For the Remote Loader to automatically start when your computer starts, place the configuration file in the following location:
/etc/opt/novell/dirxml/rdxml
novdocx (en) 17 September 2009

3.2.1 Setting Environment Variables on Solaris, Linux, or AIX

After installing the Remote Loader, you can set the environment variable changes the current directory for rdxml. This directory is then taken as the base path for files that are subsequently created. To set the value of the
RDXML_PATH
variable, specify the following
commands:
set RDXML_PATH=path
export RDXML_PATH
Refer to TID 7001255 (http://www.novell.com/support/php/
search.do?cmd=displayKC&docType=kc&externalId=7001255&sliceId=2&docTypeID=DT_TID_ 1_1&dialogID=102067736&stateId=0%200%20102071280) for configuring the Remote Loader on
UNIX platforms.
RDXML_PATH
, which

3.3 Configuring the Java Remote Loader

The options in the following table enable you to configure the Java Remote Loader on Linux, Solaris, and AIX.
Configuring the Remote Loader 25
Table 3-2 Remote Loader Options
novdocx (en) 17 September 2009
Option
address IP address An optional parameter. Specifies that the Remote
-class -cl Java class
Secondary Name
Parameter Description
Loader listens on a particular local IP address. This is useful if the server hosting the Remote Loader has multiple IP addresses and the Remote Loader must listen on only one of the addresses.
You have three options: address=address number address=‘localhost’ Don't use this parameter.
If you don't use the address, the Remote Loader listens on all local IP addresses.
Example:
Specifies the Java class name of the Identity
name
Manager application shim that is to be hosted.
For example, for a Java driver, use one of the following:
address=137.65.134.83
-class com.novell.nds.dirxml.driver.ldap.LDA PDriverShim
-cl com.novell.nds.dirxml.driver.ldap.LDA PDriverShim
Java uses a keystore to read certificates. The ­class option and the -module option are mutually exclusive.
To see a list of the Java class names see Table 3-3
on page 33.
26 Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Option
-commandport -cp port number Specifies the TCP/IP port that the Remote Loader
Secondary Name
Parameter Description
instance uses for control purposes. If the Remote Loader instance is hosting an application shim, the command port is the port on which another Remote Loader instance communicates with the instance that is hosting the shim. If the Remote Loader instance is sending a command to an instance that is hosting an application shim, the command port is the port on which the hosting instance is listening. If it is not specified, the default command port is 8000. Multiple instances of the Remote Loader can run on the same server hosting different driver instances by specifying different connection ports and command ports.
Example:
-commandport 8001
-cp 8001
-config None filename Specifies a configuration file. The configuration file
can contain any command line options except the config option. Options specified on the command line override options specified in the configuration file.
-connection -conn connection
configuration string
Example:
-config config.txt
Specifies the connection parameters for the connection to the Metadirectory server running the Identity Manager remote interface shim. The default connection method for the Remote Loader is TCP/IP using SSL. The default TCP/IP port for this connection is 8090. Multiple instances of the Remote Loader can run on the same server. Each instance of the Remote Loader hosts a separate Identity Manager application shim instance. Differentiate multiple instances of the Remote Loader by specifying different connection ports and command ports for each Remote Loader instance.
Example:
-connection "port=8091 rootfile=server1.pem"
-conn "port=8091 rootfile=server1.pem"
Configuring the Remote Loader 27
novdocx (en) 17 September 2009
Option
-description -desc short
Secondary Name
Parameter Description
Specify a short description string (for example,
description
SAP) to be used for the trace window title and for Novell® Audit logging.
Example:
-description SAP
-desc SAP
The Remote Loader Console places long forms in the configuration files. You can use either a long form (for example, -description) or a short form (for example, -desc).
fromaddress None IP address The Remote Loader only accepts connections
from the specified IP address. Any other connections are not allowed.
Example:
--conn "port=8092 fromaddress=10.0.0.2"
or
-connection "port=8094 fromaddress=metaserver1.company.com"
handshaketimeout None number of
milliseconds
Increases the time out period of the handshake between the Remote Loader and the Metadirectory engine.
Example:
-connection "port= 8093 handshaketimeout=1000"
The value can be some integer greater than or equal to zero. Zero means never time out. The non-zero number is the number of milliseconds for the time out to occur. The default value is 1000 milliseconds.
-help -? None Displays help.
Example:
-help
-?
-java -j None Specifies that the passwords are to be set for a
Java shim instance. This option is only useful in conjunction with the setpasswords option. If -class is specified with -setpasswords, this option isn't necessary.
28 Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Option
-javadebugport -jdp Port number Specifies that the Remote Loader instance is to
keystore Conditional parameters. Used only for Identity
Secondary Name
Parameter Description
enable Java debugging on the specified port. This is useful for developers of the Identity Manager application shims.
Example:
-javadebugport 8080
-jdp 8080
Manager application shims contained in files.
Specifies the filename of the Java keystore that contains the trusted root certificate of the issuer of the certificate used by the remote interface shim. This is typically the Certificate Authority of the eDirectoryTM tree that is hosting the remote interface shim.
If you are running SSL and need the Remote Loader to communicate with a Java driver, use a key-value pair:
.jar
keystore=‘keystorename’
storepass=‘password’
-module -m modulename Specifies the module containing the Identity
Manager application shim that is to be hosted.
For example, for a native driver, use one of the following:
-module "c:\Novell\RemoteLoader\Exchange5Shim .dll"
-m "c:\Novell\RemoteLoader\Exchange5Shim .dll"
or
-module "usr/lib/dirxml/ NISDriverShim.so"
-m "usr/lib/dirxml/NISDriverShim.so"
The -module option uses a rootfile certificate. The
-module option and the -class option are mutually exclusive.
Configuring the Remote Loader 29
novdocx (en) 17 September 2009
Option
-password -p password Specifies the password for command
Secondary Name
Parameter Description
authentication. This password must be the same as the first password specified with the setpasswords option for the Remote Loader instance being commanded. If a command option (for example, unload or tracechange) is specified and the password option isn't specified, the user is prompted to enter the password for the loader that is the target of the command.
Example:
-password novell4
-p novell4
port decimal port
number
rootfile A conditional parameter. If you are running SSL
A required parameter. It specifies the TCP/IP port on which the Remote Loader listens for connections from the remote interface shim.
Example:
port=8090
and need the Remote Loader to communicate with a native driver, use
-service -serv None, or install/
uninstall
rootfile=‘trusted certname
To install an instance as a service, use the install argument together with any other arguments necessary to host an application shim. For example, the arguments used must include ­module, but any argument can include ­connection, -commandport, and so forth.
This option installs the Win32 service but doesn't start the service.
To uninstall an instance running as a service, use the uninstall argument together with any other arguments necessary to host the application shim.
The no-argument version of this option is only used on the command line to an instance being run as a Win32* service. This is automatically set up when installing an instance as a service.
Example:
-service install
-serv uninstall
This option isn't available on rdxml or the Java Remote Loader.
30 Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Option
-setpasswords -sp password
storepass storepass Used only for Identity Manager application shims
Secondary Name
Parameter Description
Specifies the password for the Remote Loader
password
instance and the password of the Identity Manager Driver object of the remote interface shim that the Remote Loader communicates with. The first password in the argument is the password for the Remote Loader. The second password in the optional arguments is the password for the Identity Manager Driver object associated with the remote interface shim on the Metadirectory server. Either no password or both passwords must be specified. If no password is specified, the Remote Loader prompts for the passwords. This is a configuration option. Using this option configures the Remote Loader instance with the passwords specified but doesn't load a Identity Manager application shim or communicate with another loader instance.
Example:
-setpasswords novell4 staccato3
-sp novell4 staccato3
contained in .jar files. Specifies the password for the Java keystore specified by the keystore parameter.
Example:
storepass=mypassword
This option applies only to the Java Remote Loader.
-trace -t integer Specifies the trace level. This is only used when
hosting an application shim. Trace levels correspond to those used on the metadirectory server.
Example:
-trace 3
-t 3
-tracechange -tc integer Commands a Remote Loader instance that is
hosting an application shim to change its trace level. Trace levels correspond to those used on the metadirectory server.
Example:
-tracechange 1
-tc 1
Configuring the Remote Loader 31
novdocx (en) 17 September 2009
Option
-tracefile -tf filename Specify a file to write trace messages to. Trace
Secondary Name
Parameter Description
messages are written to the file if the trace level is greater than zero. Trace messages are written to the file even if the trace window is not open.
Example:
-tracefile c:\temp\trace.txt
-tf c:\temp\trace.txt
-tracefilechange -tfc None, or
filename
Commands a Remote Loader instance that is hosting an application shim to start using a trace file, or to close one already in use and use a new one. Using the no-argument version of this option causes the hosting instance to close any trace file being used.
Example:
-tracefilechange c:\temp\newtrace.txt
tfc c:\temp\newtrace.txt
-tracefilemax -tfm size Specifies the approximate maximum size that
trace file data can occupy on disk. If you specify this option, there is a trace file with the name specified using the tracefile option and up to 9 additional “roll-over” files. The roll-over files are named using the base of the main trace filename plus _n, where n is 1 through 9.
The size parameter is the number of bytes. Specify the size by using the suffixes K, M, or G for kilobytes, megabytes, or gigabytes.
If the trace file data is larger than the specified maximum when the Remote Loader is started, the trace file data remains larger than the specified maximum until roll-over is completed through all 10 files
Example:
-tracefilemax 1000M
-tfm 1000M
In this example, the trace file can be only 1 GB.
-unload -u None Unloads the Remote Loader instance. If the
Remote Loader is running as a Win32 Service, this command stops the service.
Example:
-unload
-u
32 Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Option
Secondary Name
Parameter Description
-window -w On/Off Turns the trace window on or off in a Remote
Loader instance.
Example:
-window on
-w off
This option is available only on Windows platforms. It isn't available on the Java Remote Loader.
-wizard -wiz None Launches the Configuration Wizard. Running
dirxml_remote.exe
with no command line parameters also launches the wizard. This option is useful if a configuration file is also specified. In this case, the wizard starts with values from the configuration file and the wizard can be used to change the configuration without editing the configuration file directly.
Example:
-wizard
-wiz
This option is available only on Windows platforms. It isn't available on the Java Remote Loader.
Table 3-3 Java Class Names
Java Class Name Driver
com.novell.nds.dirxml.driver.avaya.PBXDriverShim Avaya* PBX Driver
com.novell.nds.dirxml.driver.delimitedtext.DelimitedTextDriver Delimited Text Driver
be.opns.dirxml.driver.ars.arsremedydrivershim.ARSDriverShim Driver for Remedy* ARS
com.novell.nds.dirxml.driver.nds.DriverShimImpl eDirectory Driver
com.novell.nds.dirxml.driver.entitlement.EntitlementServiceDriver Entitlements Service Driver
com.novell.gw.dirxml.driver.gw.GWdriverShim GroupWise
®
Driver
com.novell.idm.drivers.idprovider.IDProviderShim ID Provider Driver
com.novell.nds.dirxml.driver.jdbc.JDBCDriverShim JDBC* Driver
com.novell.nds.dirxml.driver.jms.JMSDriverShim JMS Driver
com.novell.nds.dirxml.driver.ldap.LDAPDriverShim LDAP Driver
com.novell.nds.dirxml.driver.loopback.LoopbackDriverShim Loopback Driver
com.novell.nds.dirxml.driver.manualtask.driver.ManualTaskDriver Manual Task Driver
Configuring the Remote Loader 33
Java Class Name Driver
com.novell.nds.dirxml.driver.nisdriver.NISDriverShim NIS Driver
com.novell.nds.dirxml.driver.notes.NotesDriverShim Notes Driver
com.novell.nds.dirxml.driver.psoftshim.PSOFTDriverShim PeopleSoft* Driver
com.novell.nds.dirxml.driver.SAPShim.SAPDriverShim SAP HR Driver
com.novell.nds.dirxml.driver.sapusershim.SAPDriverShim SAP User Management Driver
com.novell.nds.dirxml.driver.soap.SOAPDriver SOAP Driver
com.novell.idm.driver.ComposerDriverShim User Application
com.novell.nds.dirxml.driver.workorder.WorkOrderDriverShim WorkOrder Driver

3.4 Configuring the Identity Manager Drivers for Use with the Remote Loader

You can configure a new driver or enable an existing driver to communicate with the Remote Loader. This section provides general information on configuring drivers so that they communicate with the Remote Loader. For driver-specific information, refer to the relevant driver implementation guide at the Identity Manager Driver Documentation Web page (http://www.novell.com/
documentation/idm36drivers/index.html).
novdocx (en) 17 September 2009
When you create a new Driver object in either Designer or iManager, there are additional fields to populate to enable the Remote Loader. You add information to these same fields if you modify an existing driver.
To configure the driver:
1 In the properties of the Driver object, fill in the following fields:
Driver Module: Select Connect to Remote Loader.
Driver Object Password: The driver object password is used by the Remote Loader to
authenticate itself to the Metadirectory server. This password must match the password for the driver object defined on the Remote Loader.
Remote Loader Connection Parameters: Specify the information required to connect to the Remote Loader. The parameter format is
kmo=certificatename port
is the port the Remote Loader is listening on (the default is 8090). The
, where
hostname
hostname=xxx.xxx.xxx.xxx port=xxxx
is the IP address of the Remote Loader server and
kmo
parameter is used only when an SSL connection exists between the Remote Loader and the Metadirectory engine; tt defines the Key Name of the Key Material Object containing the keys and certificate used for SSL.
Example:
hostname=10.0.0.1 port=8090 kmo=IDMCertificate
Remote Loader Password: Specify the password required for the Metadirectory engine (or Remote Loader shim) to authenticate to the Remote Loader.
2 Define a security-equivalent user, click Next, then click Finish.
34 Identity Manager 3.6.1 Remote Loader Guide

3.5 Creating a Secure Connection

If you plan to use the Remote Loader, the first step is to provide secure data transfer between the Remote Loader and the Metadirectory engine. This requires you to use the Secure Socket Layer (SSL) to setup a connection between the Remote Loader and the Metadirectory engine.
To accomplish this, complete the following tasks:
Section 3.5.1, “Creating a Server Certificate,” on page 35
Section 3.5.2, “Exporting a Self-Signed Certificate,” on page 35
Section 3.5.3, “Creating a Keystore,” on page 36

3.5.1 Creating a Server Certificate

If you are unfamiliar with certificates, it is easy to create a new one.
1 In Novell iManager, click Novell Certificate Server > Create Server Certificate.
2 Select the server to own the certificate, and give the certificate a nickname (for example,
remotecert).
novdocx (en) 17 September 2009
IMPORTANT: We recommend that you don’t use spaces in the certificate nickname. For example, use remotecert instead of remote cert.
Also, make a note of the certificate nickname. This nickname is used for the KMO name in the driver’s remote connection parameters.
3 Leave the Creation method set to Standard, then click Next.
4 Review the Summary, click Finish, then click Close.
You have created a server certificate. Continue with Section 3.5.2, “Exporting a Self-Signed
Certificate,” on page 35.

3.5.2 Exporting a Self-Signed Certificate

You can export a newly created certificate. Or, if an SSL server certificate already exists and you have experience with SSL certificates, you can use the existing certificate instead of creating and using a new one.
When a server joins a tree, eDirectory creates the following default certificates:
SSL CertificateIP
SSL CertificateDNS
1 In iManager, click eDirectory Administration > Modify Object.
Configuring the Remote Loader 35
2 Browse to and select the Certificate Authority in the Security container, then click OK.
The Certificate Authority (CA) is named after the tree name (Treename-CA.Security).
3 Click the Certificates tab, select the Self-Signed Certificate, then click Export.
4 In the Export Certificate Wizard, deselect Export private key.
novdocx (en) 17 September 2009
You don’t want to export the private key with the certificate.
5 Set the export format to BASE64, then click Next.
IMPORTANT: When the Remote Loader is running on a Windows 2003 R2 SP1 32-bit server, the certificate must be in Base64 format. If you use the DER format, the Remote Loader fails to connect to the Identity Manager engine.
6 Click the link to Save the exported certificate, specify a location, then click Save.
7 Click Close.

3.5.3 Creating a Keystore

A keystore is a Java file that contains encryption keys and, optionally, certificates. If you want to use SSL between the Remote Loader and the Metadirectory engine, and you are using a Java shim, you need to create a keystore file.
“Keystore on Windows” on page 37
“Keystore on Solaris, Linux, or AIX” on page 37
“Keystore on All Platforms” on page 37
36 Identity Manager 3.6.1 Remote Loader Guide
Keystore on Windows
novdocx (en) 17 September 2009
On Windows, run the Keytool utility, typically found in the
c:\novell\remoteloader\jre\bin
directory.
Keystore on Solaris, Linux, or AIX
On Solaris, Linux, or AIX environments, use the installed with rdxml. It is located in the
install_directory/dirxml/bin
create_keystore file is also included in the
dirxml\java_remoteloader
\
directory. The
create_keystore
dirxml_jremote.tar.gz
create_keystore
file.
file is a shell script that calls the
Create_keystore
directory. The
file, found in the
is
Keytool utility.
On UNIX, when the self-signed certificate is used to create the keystore, the certificate can be exported in Base64 or binary DER format.
Enter the following at the command line:
create_keystore self-signed_certificate_name keystorename
For example, type one of the following
create_keystore tree-root.b64 mystore create_keystore tree-root.der mystore
The
create_keystore
script specifies a hard-coded password of “dirxml” for the keystore password. This is not a security risk because only a public certificate and public key are stored in the keystore.
Keystore on All Platforms
To create a keystore on any platform, you can enter the following at the command line:
keytool -import -alias trustedroot -file self-signed_certificate_name ­keystore filename -storepass
The filename can be any name (for example,
rdev_keystore
).
Configuring the Remote Loader 37
novdocx (en) 17 September 2009
38 Identity Manager 3.6.1 Remote Loader Guide
4

Managing the Remote Loader

The Remote Loader is either a service or a daemon. At times the server or daemon must be restarted. The following procedures explain how to start and stop the Remote Loader.
Section 4.1, “Starting the Remote Loader,” on page 39
Section 4.2, “Stopping the Remote Loader,” on page 43

4.1 Starting the Remote Loader

Each platform has a different way to start the Remote Loader.
Section 4.1.1, “Starting the Remote Loader on Windows,” on page 39
Section 4.1.2, “Auto-Starting the Remote Loader,” on page 41
Section 4.1.3, “Starting the Remote Loader on Solaris, Linux, or AIX,” on page 42
novdocx (en) 17 September 2009
4

4.1.1 Starting the Remote Loader on Windows

You can start the Remote Loader from the Remote Loader Console icon or from the command line.
“Starting from the Remote Loader Console” on page 39
“Starting from the Command Line in Windows” on page 40
Starting from the Remote Loader Console
1 Click the Remote Loader Console icon on the desktop.
Managing the Remote Loader
39
2 Select a driver instance, then click Start.
novdocx (en) 17 September 2009
Starting from the Command Line in Windows
The command line functionality is provided by
c:\novell\RemoteLoader\dirxml_remote.exe
dirxml_remote.exe
.
. By default, it is located in
1 At a command prompt, set the password for the Remote Loader. For password command
options, see Table 4-1 on page 41.
dirxml_remote -config path_to_config_file -sp password password
2 Start the Remote Loader.
dirxml_remote -config path_to_config_file
3 Use iManager to start the driver.
4 Confirm that the Remote Loader is working properly.
The Remote Loader loads the Identity Manager application shim only when the Remote Loader is in communication with the remote interface shim on the Metadirectory server. This means, for example, that the application shim shuts down if the Remote Loader loses communication with the Metadirectory server.
40 Identity Manager 3.6.1 Remote Loader Guide
Table 4-1 Password Command Line Options
novdocx (en) 17 September 2009
Option
-password -p password Specifies the password for command
Secondary Name
Parameter Description
authentication. This password must be the same as the first password specified with setpasswords for the loader instance being commanded. If a command option (for example, unload or tracechange) is specified and the option isn’t specified, the user is prompted to enter the password for the loader that is the target of the command.
Example:
password
-password novell4
-p novell4
-setpasswords -sp password
password
Specifies the password for the Remote Loader instance and the password of the Identity Manager Driver object of the remote interface shim that the Remote Loader communicates with. The first password in the argument is the password for the Remote Loader. The second password in the optional arguments is the password for the Identity Manager Driver object associated with the remote interface shim on the Metadirectory server. Either no password or both passwords must be specified. If no password is specified, the Remote Loader prompts for the passwords. This is a configuration option. Using this option configures the Remote Loader instance with the passwords specified but doesn’t load an Identity Manager application shim or communicate with another loader instance.
Example:
-setpasswords novell4 staccato3
-sp novell4 staccato3

4.1.2 Auto-Starting the Remote Loader

To auto-start the Remote Loader on a Windows platform, see Step 9 in Section 3.1, “Configuring the
Remote Loader on Windows,” on page 15.
Select Establish a Remote Loader service for this driver instance if you want the Remote Loader as a service.
When this option is enabled, the operating system automatically starts the Remote Loader when the computer starts.
Managing the Remote Loader 41
novdocx (en) 17 September 2009
To auto-start the Remote Loader on a Linux/Unix platform, place your configuration file in
opt/novell/dirxml/rdxml
. Your Remote Loader instance starts automatically when the computer
/etc/
starts.

4.1.3 Starting the Remote Loader on Solaris, Linux, or AIX

On Solaris, Linux, or AIX, the binary component rdxml provides the Remote Loader functionality. The default location of this component is in the
/usr/bin/
1 Set the password for the Remote Loader. For command password options, see Table 4-1 on
page 41.
Platform Command
Solaris LInux AIX
HP-UX* AS/400* OS/390* z/OS
rdxml
-config path_to_config_file -sp password password
dirxml_jremote
-config path_to_config_file -sp password password
A sample config file can be as follows:
commandport 8000
connection "port=8090 handshaketimeout=2000"
trace 4
tracefile /opt/novell/dirxml/bin/RemotePipeShim.log
tracefilemax 4096M
class com.novell.nds.dirxml.driver.delimitedtext.DelimitedTextDriver
2 The above command does not start the Remote Loader, but creates the encrypted password
files. See TID 7001255 (http://www.novell.com/support/php/
search.do?cmd=displayKC&docType=kc&externalId=7001255&sliceId=2&docTypeID=DT_ TID_1_1&dialogID=102067736&stateId=0%200%20102071280) for more information.
Now run the above command without the -sp option to start the Remote Loader.
directory.
Platform Command
Solaris LInux AIX
HP-UX AS/400 OS/390 z/OS
rdxml
-config path_to_config_file
dirxml_jremote
3 Use iManager to start the driver.
4 Confirm that the Remote Loader is operating properly.
42 Identity Manager 3.6.1 Remote Loader Guide
-config path_to_config_file
The Remote Loader loads the Identity Manager application shim only when the Remote Loader is in communication with the remote interface shim on the Metadirectory server. This means, for example, that the application shim shuts down if the Remote Loader loses communication with the Metadirectory server.
ps
For Linux, Solaris, or AIX, use the
command or a trace file to find out whether the
command and connection ports are listening.
tail
For HP-UX and similar platforms, monitor the Java Remote Loader by using the command on the tracefile:
tail -f trace filename
If the last line of the log shows the following, the loader is successfully running and awaiting connection from the Identity Manager remote interface shim:
TRACE: Remote Loader: Entering listener accept()

4.2 Stopping the Remote Loader

Each platform has a different way to stop the Remote Loader. Table 4-2 contains the instructions for each platform.
novdocx (en) 17 September 2009
Table 4-2 How to Stop the Remote Loader
Platform Command
Windows Use the Remote Loader Console to stop a driver instance.
Solaris LInux AIX
HP-UX AS/400 OS/390 z/OS
If multiple instances of the Remote Loader are running on the computer, pass the
rdxml -config path_to_config_file -u
dirxml_jremote -config path_to_config_file -u
-cp
command port
option so that the Remote Loader can stop the appropriate instance.
When you stop the Remote Loader, you must have sufficient rights or specify the Remote Loader password. For example, the Remote Loader is running as a Windows service. You have sufficient rights to stop it. You enter a password, but realize that it is incorrect. The Remote Loader stops anyway, because the Remote Loader isn’t “accepting” the password. Instead, it is ignoring the password because the password is redundant in this case. If you run the Remote Loader as an application rather than as a service, the password is used.
NOTE: If the Lotus Notes driver is loaded on the Notes server, the Domino console might occasionally show the error message '
de.exe (2488/0x9B8) has terminated abnormally
Process C:\Novell\RemoteLoader\dirxml_remote_
'. You can ignore this cosmetic error message. To avoid receiving this error message, move the Notes driver to a server that runs the Notes client. For more information about installing Notes driver on the machine that runs the client, see Local Installation on a Notes Client Workstation (http://www.novell.com/documentation/
idm36drivers/notes/data/agin4qb.html).
Managing the Remote Loader 43
novdocx (en) 17 September 2009
44 Identity Manager 3.6.1 Remote Loader Guide
A
Options for Configuring a Remote
novdocx (en) 17 September 2009
Loader
The options in the following table enable you to configure a Remote Loader.
Table A-1 Remote Loader Options
Options
address IP address An optional parameter. Specifies that the Remote Loader
Secondary
Name
Parameter Description
listens on a particular local IP address. This is useful if the server hosting the Remote Loader has multiple IP addresses and the Remote Loader must listen on only one of the addresses.
You have three options:
address=address number
address=‘localhost’
Don't use this parameter.
If you don't use the address, the Remote Loader listens on all local IP addresses.
A
-class -cl Java class
name
Example:
Specifies the Java class name of the Identity Manager application shim that is to be hosted.
For example, for a Java driver, use one of the following:
-class com.novell.nds.dirxml.driver.ldap.LDA PDriverShim
-cl com.novell.nds.dirxml.driver.ldap.LDA PDriverShim
Java uses a keystore to read certificates. The - class option and the -module option are mutually exclusive.
To see a list of the Java class names see Table A-2 on
page 52.
address=137.65.134.83
Options for Configuring a Remote Loader
45
novdocx (en) 17 September 2009
Options
­commandport
Secondary
Name
-cp port number Specifies the TCP/IP port that the Remote Loader
Parameter Description
instance uses for control purposes. If the Remote Loader instance is hosting an application shim, the command port is the port on which another Remote Loader instance communicates with the instance that is hosting the shim. If the Remote Loader instance is sending a command to an instance that is hosting an application shim, the command port is the port on which the hosting instance is listening. If it is not specified, the default command port is 8000. Multiple instances of the Remote Loader can run on the same server hosting different driver instances by specifying different connection ports and command ports.
Example:
-commandport 8001
-cp 8001
-config None filename Specifies a configuration file. The configuration file can
contain any command line options except the config option. Options specified on the command line override options specified in the configuration file.
-connection -conn connection
configuration string
Example:
-config config.txt
Specifies the connection parameters for the connection to the Metadirectory server running the Identity Manager remote interface shim. The default connection method for the Remote Loader is TCP/IP using SSL. The default TCP/IP port for this connection is 8090. Multiple instances of the Remote Loader can run on the same server. Each instance of the Remote Loader hosts a separate Identity Manager application shim instance. Differentiate multiple instances of the Remote Loader by specifying different connection ports and command ports for each Remote Loader instance.
Example:
-connection "port=8091 rootfile=server1.pem"
-conn "port=8091 rootfile=server1.pem"
46 Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Options
-description -desc short description Specify a short description string (for example, SAP) to
Secondary
Name
Parameter Description
be used for the trace window title and for Novell® Audit logging.
Example:
-description SAP
-desc SAP
The Remote Loader Console places long forms in the configuration files. You can use either a long form (for example, -description) or a short form (for example, ­desc).
fromaddress None IP address The Remote Loader only accepts connections from the
specified IP address. Any other connections are not allowed.
Example:
--conn "port=8092 fromaddress=10.0.0.2"
or
-connection "port=8094 fromaddress=metaserver1.company.com"
handshaketim eout
None number of
milliseconds
Increases the time out period of the handshake between the Remote Loader and the Metadirectory engine.
Example:
-connection "port= 8093 handshaketimeout=1000"
The value can be some integer greater than or equal to zero. Zero means never time out. The non-zero number is the number of milliseconds for the time out to occur. The default value is 1000 milliseconds.
-help -? None Displays help.
Example:
-help
-?
-java ? None Specifies that the passwords are to be set for a Java
shim instance. This option is only useful in conjunction with the setpasswords option. If -class is specified with ­setpasswords, this option isn't necessary
Options for Configuring a Remote Loader 47
novdocx (en) 17 September 2009
Options
­javadebugport
Secondary
Name
-jdp Port number Specifies that the Remote Loader instance is to enable
Parameter Description
Java debugging on the specified port. This is useful for developers of the Identity Manager application shims.
Example:
-javadebugport 8080
-jdp 8080
keystore Conditional parameters. Used only for Identity Manager
application shims contained in .jar files.
Specifies the filename of the Java keystore that contains the trusted root certificate of the issuer of the certificate used by the remote interface shim. This is typically the Certificate Authority of the eDirectoryTM tree that is hosting the remote interface shim.
If you are running SSL and need the Remote Loader to communicate with a Java driver, use a key-value pair:
keystore=‘keystorename
storepass=‘password
-module -m modulename Specifies the module containing the Identity Manager
application shim that is to be hosted.
For example, for a native driver, use one of the following:
-module "c:\Novell\RemoteLoader\Exchange5Shim .dll"
-m "c:\Novell\RemoteLoader\Exchange5Shim .dll"
or
-module "usr/lib/dirxml/ NISDriverShim.so"
-m "usr/lib/dirxml/NISDriverShim.so"
The -module option uses a rootfile certificate. The ­module option and the -class option are mutually exclusive.
48 Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Options
-password -p password Specifies the password for command authentication. This
Secondary
Name
Parameter Description
password must be the same as the first password specified with the setpasswords option for the Remote Loader instance being commanded. If a command option (for example, unload or tracechange) is specified and the password option isn't specified, the user is prompted to enter the password for the loader that is the target of the command.
Example:
-password novell4
-p novell4
port decimal port
number
A required parameter. It specifies the TCP/IP port on which the Remote Loader listens for connections from the remote interface shim.
Example:
port=8090
A conditional parameter. If you are running SSL and need the Remote Loader to communicate with a native driver, use
-service -serv None, or install/
uninstall
rootfile=‘trusted certname
To install an instance as a service, use the install argument together with any other arguments necessary to host an application shim. For example, the arguments used must include - module, but any argument can include - connection, -commandport, and so forth.
This option installs the Win32 service but doesn't start the service.
To uninstall an instance running as a service, use the uninstall argument together with any other arguments necessary to host the application shim.
The no-argument version of this option is only used on the command line to an instance being run as a Win32* service. This is automatically set up when installing an instance as a service.
Example:
-service install
-serv uninstall
This option isn't available on rdxml or the Java Remote Loader.
Options for Configuring a Remote Loader 49
novdocx (en) 17 September 2009
Options
­setpasswords
Secondary
Name
-sp password
Parameter Description
password
Specifies the password for the Remote Loader instance and the password of the Identity Manager Driver object of the remote interface shim that the Remote Loader communicates with. The first password in the argument is the password for the Remote Loader. The second password in the optional arguments is the password for the Identity Manager Driver object associated with the remote interface shim on the Metadirectory server. Either no password or both passwords must be specified. If no password is specified, the Remote Loader prompts for the passwords. This is a configuration option. Using this option configures the Remote Loader instance with the passwords specified but doesn't load a Identity Manager application shim or communicate with another loader instance.
Example:
-setpasswords novell4 staccato3
-sp novell4 staccato3
storepass storepass Used only for Identity Manager application shims
contained in .jar files. Specifies the password for the Java keystore specified by the keystore parameter.
Example:
storepass=mypassword
This option applies only to the Java Remote Loader.
-trace -t integer Specifies the trace level. This is only used when hosting
an application shim. Trace levels correspond to those used on the metadirectory server.
Example:
Example:
-trace 3
-t 3
-tracechange -tc integer Commands a Remote Loader instance that is hosting an
application shim to change its trace level. Trace levels correspond to those used on the metadirectory server.
Example:
-tracechange 1
-tc 1
50 Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Options
-tracefile -tf filename Specify a file to write trace messages to. Trace
Secondary
Name
Parameter Description
messages are written to the file if the trace level is greater than zero. Trace messages are written to the file even if the trace window is not open.
Example:
-tracefile c:\temp\trace.txt
-tf c:\temp\trace.txt
­tracefilechang e
-tfc None, or filename
Commands a Remote Loader instance that is hosting an application shim to start using a trace file, or to close one already in use and use a new one. Using the no­argument version of this option causes the hosting instance to close any trace file being used.
Example:
-tracefilechange c:\temp\newtrace.txt
tfc c:\temp\newtrace.txt
-tracefilemax -tfm size Specifies the approximate maximum size that trace file data can occupy on disk. If you specify this option, there is a trace file with the name specified using the tracefile option and up to 9 additional “roll-over” files. The roll-over files are named using the base of the main trace filename plus _n, where n is 1 through 9.
The size parameter is the number of bytes. Specify the size by using the suffixes K, M, or G for kilobytes, megabytes, or gigabytes.
If the trace file data is larger than the specified maximum when the Remote Loader is started, the trace file data remains larger than the specified maximum until roll-over is completed through all 10 files.
Example:
-tracefilemax 1000M
-tfm 1000M
In this example, the trace file can be only 1 GB.
-unload -u None Unloads the Remote Loader instance. If the Remote Loader is running as a Win32 Service, this command stops the service.
Example:
-unload
-u
Options for Configuring a Remote Loader 51
novdocx (en) 17 September 2009
Options
Secondary
Name
Parameter Description
-window -w On/Off Turns the trace window on or off in a Remote Loader instance.
Example:
-window on
-w off
This option is available only on Windows platforms. It isn't available on the Java Remote Loader.
-wizard -wiz None Launches the Configuration Wizard. Running dirxml_remote.exe with no command line parameters also launches the wizard. This option is useful if a configuration file is also specified. In this case, the wizard starts with values from the configuration file and the wizard can be used to change the configuration without editing the configuration file directly.
Example:
-wizard
-wiz
This option is available only on Windows platforms. It isn't available on the Java Remote Loader.
Table A-2 Java Class Names
Java Class Name Driver
com.novell.nds.dirxml.driver.avaya.PBXDriverShim Avaya* PBX Driver
com.novell.nds.dirxml.driver.delimitedtext.DelimitedTextDriver Delimited Text Driver
be.opns.dirxml.driver.ars.arsremedydrivershim.ARSDriverShim Driver for Remedy* ARS
com.novell.nds.dirxml.driver.nds.DriverShimImpl eDirectory Driver
com.novell.nds.dirxml.driver.entitlement.EntitlementServiceDriver Entitlements Service Driver
com.novell.gw.dirxml.driver.gw.GWdriverShim GroupWise® Driver
com.novell.idm.driver.idprovider.IDProviderShim ID Provider Driver
com.novell.nds.dirxml.driver.jdbc.JDBCDriverShim JDBC* Driver
com.novell.idm.driver.jms.JMSDriverShim JMS Driver
com.novell.nds.dirxml.driver.ldap.LDAPDriverShim LDAP Driver
com.novell.nds.dirxml.driver.loopback.LoopbackDriverShim Loopback Driver
com.novell.nds.dirxml.driver.manualtask.driver.ManualTaskDriver Manual Task Driver
com.novell.nds.dirxml.driver.nisdriver.NISDriverShim NIS Driver
52 Identity Manager 3.6.1 Remote Loader Guide
Java Class Name Driver
com.novell.nds.dirxml.driver.notes.NotesDriverShim Notes Driver
com.novell.nds.dirxml.driver.psoftshim.PSOFTDriverShim PeopleSoft* Driver
com.novell.nds.dirxml.driver.SAPShim.SAPDriverShim SAP HR Driver
com.novell.nds.dirxml.driver.sapusershim.SAPDriverShim SAP User Management Driver
com.novell.nds.dirxml.driver.soap.SOAPDriver SOAP Driver
com.novell.idm.driver.ComposerDriverShim User Application
com.novell.nds.dirxml.driver.workorder.WorkOrderDriverShim WorkOrder Driver
novdocx (en) 17 September 2009
Options for Configuring a Remote Loader 53
novdocx (en) 17 September 2009
54 Identity Manager 3.6.1 Remote Loader Guide
Loading...