Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.,
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the
trade laws of other countries. You agree to comply with all export control regulations and to obtain any required
licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on
the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws.
You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the
Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on
exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export
approvals.
Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this
document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S.
patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or
more additional patents or pending patent applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the latest online documentation for this and other Novell products, see
the Novell Documentation Web page (http://www.novell.com/documentation).
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/
trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
This guide contains detailed information about the Remote Loader. It explains how and when you
use the Remote Loader as part of your Identity Manager solution. It also contains configuration and
management information for the Remote Loader.
Chapter 1, “Remote Loader Overview,” on page 9
Chapter 2, “Installing the Remote Loader,” on page 13
Chapter 3, “Configuring the Remote Loader,” on page 15
Chapter 4, “Managing the Remote Loader,” on page 39
Appendix A, “Options for Configuring a Remote Loader,” on page 45
Audience
This guide is intended for Identity Manager administrators, partners, and consultants.
novdocx (en) 17 September 2009
Feedback
We want to hear your comments and suggestions about this manual and the other documentation
included with this product. Please use the User Comments feature at the bottom of each page of the
online documentation, or go to www.novell.com/documentation/feedback.html and enter your
comments there.
Documentation Updates
For the most recent version of the Remote Loader Guide, visit the Identity Manager Documentation
Web site (http://www.novell.com/documentation/idm36/).
Additional Documentation
For documentation on Identity Manager, see the Identity Manager Documentation Web site (http://
www.novell.com/documentation/idm36/index.html).
Documentation Conventions
In Novell
items in a cross-reference path.
A trademark symbol (
trademark.
®
documentation, a greater-than symbol (>) is used to separate actions within a step and
®
, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
About This Guide7
novdocx (en) 17 September 2009
8Identity Manager 3.6.1 Remote Loader Guide
1
Server
Identity Vault
Metadirectory engine
Dr iv er
Application
Identity Vault
Metadirectory engine
LDAP driver
Remote Loader instance
Remote Loader
Active Directory driver
Active Directory
Server
Application
Server
Remote Loader Overview
Identity Manager has an additional feature that extends Identity Manager functionality across
applications. It is called the Remote Loader, and it allows the driver to access the application without
having the Identity Vault and the Metadirectory engine installed on the same server as the
application. As part of the planning process when installing Identity Manager, you need to decide if
you are going to use the Remote Loader or not. This section defines what the Remote Loader is and
contains instructions for installing and configuring the Remote Loader.
There are two different ways to configure the installation of the Metadirectory engine. Figure 1-1
illustrates the first way. It shows that the Identity Vault, Metadirectory engine, and the driver shim
all are installed and running on the same server. The driver shim is configured to communicate with
the application and the Metadirectory engine.
Figure 1-1 All Components Installed on the Same Server
novdocx (en) 17 September 2009
1
Figure 1-2 illustrates both configurations. The LDAP driver is installed on the same server as the
Metadirectory engine and the Identity Vault. The Active Directory* driver is installed on different
servers with the Remote Loader. The Remote Loader allows the driver to access the application
without having the Identity Vault and Metadirectory engine installed on that same server.
Figure 1-2 A System Using the Remote Loader
Remote Loader Overview
9
The Remote Loader enables the Metadirectory engine to exchange data with the Identity Vault as
different processes and in different locations, including the following:
novdocx (en) 17 September 2009
As a separate process on the server where the Metadirectory engine is running: The
Metadirectory engine runs as part of an eDirectory
TM
process. The Identity Manager drivers can
run on the server where the Metadirectory engine is running. In fact, they can run as part of the
same process as the Metadirectory engine.
However, for strategic reasons and to simplifying troubleshooting, you might want the Identity
Manager driver to run as a separate process on the server.
If the driver is running as a separate process, the Remote Loader provides a communication
channel between the Metadirectory engine and the driver.
On a server that is not running the Metadirectory engine: Some of the Identity Manager
drivers are unable to run where the Metadirectory engine is running. The Remote Loader
enables you to run the Metadirectory engine in one environment while running an Identity
Manager driver on a server in a different environment. For example, you cannot run the Active
®
Directory driver on a Linux
server. The Metadirectory engine can run on the Linux Server
while the Remote Loader runs on an Active Directory server.
Scenario: Separate Servers. The Metadirectory engine is running on a Linux Server. You
need to run the Identity Manager Driver for Active Directory. This driver is unable to run
on a Linux Server because it must run in an Active Directory environment. You install and
run the Remote Loader on a Windows 2003 server. The Remote Loader provides a
communication channel between the Active Directory driver and the Metadirectory
engine.
Scenario: Non-Host. The Metadirectory engine is running on Solaris*. You need to
communicate with a NIS system where you want to provision user accounts. That system
usually doesn’t host the Metadirectory engine. You install the Remote Loader and the
Identity Manager Driver for NIS on the NIS system. The Remote Loader on the NIS
system runs the NIS driver and enables the Metadirectory engine and the NIS driver to
exchange data.
®
Novell
recommends that you use the Remote Loader configuration for use with your drivers where
possible. Use the Remote Loader even in cases where the connected system is on the same server as
the Metadirectory engine. The following benefits occur by running the driver with the Remote
Loader configuration:
eDirectory is protected from any exceptions encountered by the driver shim.
It improves the performance of the server running the Metadirectory engine, by offloading
driver commands to the remote application or database.
It allows you to run additional drivers on the server where the Metadirectory engine is not
installed.
1.1 Java Remote Loader
The remote loader can host a remote interface shim (DirXML application shim) on the DirXML
server. To control all the instances that host such remote interface shim, you use DirXML Java
Remote Loader.
The DirXML Java Remote Loader is a Java application, which runs on any system with JRE 1.3.0 or
1.4.2 (for optimal performance) and Java Sockets.
10Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
NOTE: You run the DirXML Java Remote Loader by using a shell script named
dirxml_jremote
.
Remote Loader Overview11
novdocx (en) 17 September 2009
12Identity Manager 3.6.1 Remote Loader Guide
2
Installing the Remote Loader
The Remote Loader can be installed as a 32-bit application or a 64-bit application. The installation
program detects the type of OS that is installed and then installs the corresponding version of the
Remote Loader. For the installation instructions, see “Installing the Remote Loader” in the Identity
Manager 3.6.1 Installation Guide.
novdocx (en) 17 September 2009
2
Installing the Remote Loader
13
novdocx (en) 17 September 2009
14Identity Manager 3.6.1 Remote Loader Guide
3
Configuring the Remote Loader
The Remote Loader uses shims to communicate with the application. A shim is the file or files that
contains the code to processes the events that are synchronizing between the Identity Vault and the
application.
novdocx (en) 17 September 2009
3
The Remote Loader can host the Identity Manager application shims contained in
.jar
files. The Java* Remote Loader hosts only Java driver shims. It won’t load or host a native
(C++) driver shim.
Configuring the Remote Loader is a two-step process; the Remote Loader requires configuration
and the Driver object requires configuration. There are different configuration steps depending on if
you are using Windows or Linux/UNIX.
Section 3.1, “Configuring the Remote Loader on Windows,” on page 15
Section 3.2, “Configuring the Remote Loader for Linux/UNIX by Creating a Configuration
File,” on page 18
Section 3.3, “Configuring the Java Remote Loader,” on page 25
Section 3.4, “Configuring the Identity Manager Drivers for Use with the Remote Loader,” on
page 34
Section 3.5, “Creating a Secure Connection,” on page 35
.dll, .so
, or
3.1 Configuring the Remote Loader on Windows
You can configure the driver on Windows through a graphical utility called the Remote Loader
Console utility or from the command line.
The Remote Loader Console utility enables you to manage all Remote Loader instances for Identity
Manager drivers running on the Windows server. The utility is installed during the installation of
Identity Manager.
If you are upgrading, the Console detects and imports existing instances of the Remote Loader. (To
be automatically imported, driver configurations must be stored in the Remote Loader directory,
typically
c:\novell\remoteloader
1 Double-click the Remote Loader Console icon on the desktop to launch the Remote Loader
Console.
The Remote Loader Console allows you to start, stop, add, remove, and edit each instance of a
Remote Loader.
2 Click Add to add a Remote Loader instance of your driver on this server.
3 Use the information in the following table to configure the Remote Loader instance for your
driver.
HeadingsDescription
DescriptionSpecify a description to identify the Remote Loader instance in
.) You can then use the Console to manage the remote drivers.
the Remote Loader Console utility.
Configuring the Remote Loader
15
HeadingsDescription
DriverSelect the Java class name for the driver. If you are using the
Active Directory driver, select ADDriver.dll. Table 3-3 on
page 33 contains a list of all of the Java class names for each
driver.
Config FileSpecify the name of the configuration file. The Remote Loader
Console places configuration parameters into this text file and
uses those parameters when it runs.
Communications IP Address: Specify the IP address where the Remote
Loader listens for connections from the Metadirectory
server.
Connection Port - Metadirectory Server: Specify the
TCP port on which the Remote Loader listens for
connections from the Metadirectory server.
The default TCP/IP port for this connection is 8090. With
each new instance you create, the default port number
automatically increases by one.
Command Port - Local host communication only:
Specify the TCP port number where a Remote Loader
listens for commands such as Stop and Change Trace
Level.
Each instance of the Remote Loader that runs on a
particular computer must have a different command port
number. The default command port is 8000. With each
new instance you create, the default port number
automatically increases by one.
novdocx (en) 17 September 2009
NOTE: By specifying different connection ports and command
ports, you can run multiple instances of the Remote Loader on
the same server, hosting different driver instances.
Remote Loader PasswordSpecify the Remote Loader password. This password is used to
control access to a Remote Loader instance for a driver. It must
be the same case-sensitive password specified in the Enter the Remote Loader Password field on the Identity Manager driver
configuration page. It is important that this password be difficult
to guess and be different from the driver object password.
Driver Object PasswordSpecify the Driver Object password. The Remote Loader uses
this password to authenticate to the Metadirectory server. It
must be the same case-sensitive password specified in the
Driver Object Password field on the Identity Manager driver
configuration page. It is important that this password be difficult
to guess and be different from the Remote Loader password.
Secure Socket Layer (SSL)
Use an SSL Connection: You should always select this
option. It is used to encrypt the transfer of data between
the Remote Loader and the Metadirectory server.
Trusted Root File: This is the exported self-signed
TM
certificate from the eDirectory
Certificate Authority. For more information, see
Section 3.5, “Creating a Secure Connection,” on page 35.
tree’s Organization
16Identity Manager 3.6.1 Remote Loader Guide
HeadingsDescription
Trace File Trace Level: Specify a trace level greater than zero to
display a trace window that contains informational
messages from both the Remote Loader and the driver.
The most common setting is trace level 3. If the trace level
is set to 0, the trace window is not displayed.
Trace File: Specify a trace filename where trace
messages are written.
Each Remote Loader instance running on a particular
machine must use a different trace file. Trace messages
are written to the trace file only if the trace level is greater
than zero.
Maximum Disk Space Allowed for all Trace Logs
(Mb): Specify the approximate maximum size that the
trace file for this instance can occupy on disk.
NOTE: Use the tracing options only for troubleshooting issues.
Having the tracing enabled reduces the performance of the
Remote Loader. Do not leave the tracing enabled in production.
novdocx (en) 17 September 2009
Establish a Remote Loader
service for this driver instance
Select this option if you want the Remote Loader established as
a service. When this option is enabled, the operating system
automatically starts the Remote Loader when the computer
starts.
4 Specify the advanced configuration parameters. To do so:
4a Click Advanced to display the Advanced Configuration dialog box.
4b Modify the following settings as desired.
ParameterDescription
ClasspathAdditional paths for the JVM to search for
package (.jar) and class (.class) files. Using
this parameter is the same as using the java classpath command. When entering multiple
class paths, separate them with a semicolon
(;) for a Windows JVM and a colon (:) for a
UNIX/Linux JVM.
JVM OptionsThe options used when starting the JVM
instance of the driver.
Heap sizeThe initial and maximum heap size for the
JVM instance.
4c Click OK, to save the advanced configuration information.
5 Click OK to save the configuration file.
If you need to change any of the parameters:
1 In the Remote Loader Console, select the Remote Loader instance from the Description
column.
Configuring the Remote Loader17
2 Click Stop, type the Remote Loader password, then click OK.
3 Click Edit, then modify the configuration information. See Step 3 on page 15 and Step 4 on
page 17 for a description of each parameter.
4 Click OK to save the changes.
3.2 Configuring the Remote Loader for Linux/
UNIX by Creating a Configuration File
novdocx (en) 17 September 2009
For the Remote Loader to run, it requires a configuration file (for example,
LDAPShim.txt
).
Windows is the only platform that provides a GUI interface to create this file. You can also create or
edit a configuration file by using command line options. The following steps provide information on
basic parameters for the configuration file. For information on additional parameters, see
Appendix A, “Options for Configuring a Remote Loader,” on page 45.
1 To create a configuration file, open a text editor. You should enter each parameter on a separate
line in the configuration file.
2 (Optional) Specify a description by using the
Option
-description -descshort
Secondary
Name
ParameterDescription
description
-description
Specify a short description string (for example,
SAP) to be used for the trace window title and for
®
Novell
Example:
-description SAP
-desc SAP
The Remote Loader Console places long forms in
the configuration files. You can use either a long
form (for example, -description) or a short form (for
example, -desc).
Audit logging.
option.
3 Specify a TCP/IP port that the Remote Loader instance will use by using the -commandport
option.
18Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Option
-commandport -cpport numberSpecifies the TCP/IP port that the Remote Loader
Secondary
Name
ParameterDescription
instance uses for control purposes. If the Remote
Loader instance is hosting an application shim,
the command port is the port on which another
Remote Loader instance communicates with the
instance that is hosting the shim. If the Remote
Loader instance is sending a command to an
instance that is hosting an application shim, the
command port is the port on which the hosting
instance is listening. If a port is not specified, the
default command port is 8000. Multiple instances
of the Remote Loader can run on the same server,
hosting different driver instances by specifying
different connection ports and command ports.
Example:
-commandport 8001
-cp 8001
4 Specify the parameters for the connection to the Metadirectory server running the Identity
Manager remote interface shim by using the -connection option.
Use the format
-connection “parameter [parameter] [parameter]”
.
For example, type one of the following:
-connection "port=8091 rootfile=server1.pem"
-conn "port=8091 rootfile=server1.pem"
All the parameters must be included within quotation marks. Parameters include the following:
Option
-connection-connconnection
Secondary
Name
ParameterDescription
configuration
string
Specifies the connection parameters for the
connection to the Metadirectory server running
the Identity Manager remote interface shim. The
default connection method for the Remote
Loader is TCP/IP using SSL. The default TCP/
IP port for this connection is 8090. Multiple
instances of the Remote Loader can run on the
same server. Each instance of the Remote
Loader hosts a separate Identity Manager
application shim instance. Differentiate multiple
instances of the Remote Loader by specifying
different connection ports and command ports
for each Remote Loader instance.
Example:
-connection “port=8091
rootfile=server1.pem”
-conn “port=8091
rootfile=server1.pem”
Configuring the Remote Loader19
novdocx (en) 17 September 2009
Option
portdecimal port
Secondary
Name
ParameterDescription
A required parameter. It specifies the TCP/IP
number
port on which the Remote Loader listens for
connections from the remote interface shim.
Example:
port=8090
addressIP addressAn optional parameter. Specifies that the
Remote Loader listens on a particular local IP
address. This is useful if the server hosting the
Remote Loader has multiple IP addresses and
the Remote Loader must listen on only one of
the addresses.
You have three options:
address=address number
address=’localhost’
Don’t use this parameter
If you don’t use the address, the Remote Loader
listens on all local IP addresses.
Example:
address=137.65.134.83
fromaddressNoneIP addressThe Remote Loader only accepts connections
from the specified IP address. Any other
connections are not allowed.
Increases the time out period of the handshake
between the Remote Loader and the
Metadirectory engine.
Example:
-connection “port=8091
handshaketimeout=1000”
The value can be some integer greater than or
equal to zero. Zero means never time out. The
non-zero number is the number of milliseconds
for the time out to occur. The default value is
1000 milliseconds.
20Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Option
rootfileA conditional parameter. If you are running SSL
Secondary
Name
ParameterDescription
and need the Remote Loader to communicate
with a native driver, use
rootfile=’trusted certname’
keystoreConditional parameter. Used only for the Identity
Manager application shims contained in
files.
Specifies the filename of the Java keystore that
contains the trusted root certificate of the issuer
of the certificate used by the remote interface
shim. This is typically the Certificate Authority of
the eDirectory tree that is hosting the remote
interface shim.
If you are running SSL and need the Remote
Loader to communicate with a Java driver, use a
key-value pair:
.jar
keystore=’keystorename’
storepass=’password’
storepassstorepassUsed only for the Identity Manager application
shims contained in
password for the Java keystore specified by the
keystore parameter.
.jar
files. Specifies the
Example:
storepass=mypassword
This option applies only to the Java Remote
Loader.
5 (Optional) Specify a trace parameter by using the -trace option.
Option
-trace-tintegerSpecifies the trace level. This is only used when
Secondary
Name
ParameterDescription
hosting an application shim. Trace levels
correspond to those used on the Metadirectory
server.
Example:
-trace 3
-t 3
6 (Optional) Specify a trace file by using the -tracefile option.
Configuring the Remote Loader21
novdocx (en) 17 September 2009
Option
Secondary
Name
ParameterDescription
-tracefile-tffilenameSpecify a file to write trace messages to. Trace
messages are written to the file if the trace level is
greater than zero. Trace messages are written to
the file even if the trace window is not open.
Example:
-tracefile c:\temp\trace.txt
-tf c:\temp\trace.txt
7 (Optional) Limit the size of the trace file by using the -tracefilemax option.
Option
-tracefilemax -tfmsizeSpecifies the approximate maximum size that trace
Secondary
Name
ParameterDescription
file data can occupy on disk. If you specify this
option, there will be a trace file with the name
specified using the tracefile option and up to 9
additional “roll-over” files. The roll-over files are
named using the base of the main trace filename
plus _n, where n is 1 through 9.
The size parameter is the number of bytes. Specify
the size by using the suffixes K, M, or G for
kilobytes, megabytes, or gigabytes.
If the trace file data is larger than the specified
maximum when the Remote Loader is started, the
trace file data remains larger than the specified
maximum until roll-over is completed through all 10
files
Example:
-tracefilemax 1000M
-tfm 1000M
In this example, the trace file can be only 1 GB.
22Identity Manager 3.6.1 Remote Loader Guide
8 (Optional) Specify a Java parameter by using the -javaparam option.
novdocx (en) 17 September 2009
Option
-javaparam-jpjava
Secondary
Name
ParameterDescription
Specify that the specified Java environment
environment
parameter
parameters are set to the specified values. The
supported parameters are
DHOST_JVM_ADD_CLASSPATH (for additional jar
files to be loaded alongwith the ones in standard
IDM classpath), DHOST_JVM_INITIAL_HEAP,
DHOST_JVM_MAX_HEAP, and
DHOST_JVM_OPTIONS.
Example:
-javaparam DHOST_JVM_MAX_HEAP=512M
-jp DHOST_JVM_MAX_HEAP=512M
9 Specify the class by using the -class option, or specify the module by using the -module option.
Configuring the Remote Loader23
novdocx (en) 17 September 2009
Option
-class-clJava class
Secondary
Name
ParameterDescription
Specifies the Java class name of the Identity
name
Manager application shim that is to be hosted.
For example, for a Java driver, use one of the
following:
Java uses a keystore to read certificates. The class option and the -module option are mutually
exclusive.
To see a list of the Java class names see Table 3-3
on page 33.
-module-mmodulenameSpecifies the module containing the Identity
Manager application shim that is to be hosted.
For example, for a native driver, type one of the
following:
-module
"c:\Novell\RemoteLoader\ADDriver.dll"
-m
"c:\Novell\RemoteLoader\ADDriver.dll"
or
-module "usr/lib/dirxml/
NISDriverShim.so"
-m "usr/lib/dirxml/NISDriverShim.so"
The
-module
-module
mutually exclusive.
option uses a rootfile certificate. The
option and the
-class
option are
10 Name and save the file.
You can change some settings while the Remote Loader is running. See Tab l e 3 - 1 for a list of some
of these settings. For a complete list of these settings, see Appendix A, “Options for Configuring a
Remote Loader,” on page 45.
Table 3-1 Selected Remote Loader Parameters
ParameterDescription
-commandportSpecifies an instance of the Remote Loader.
-configSpecifies a configuration file.
24Identity Manager 3.6.1 Remote Loader Guide
ParameterDescription
-javadebugportSpecifies that the Remote Loader instance is to enable Java debugging on the
specified port.
-passwordSpecifies the password for authentication.
-serviceInstalls an instance as a service. Windows only.
-tracechangeChanges the trace level.
-tracefilechangeChanges the name of the trace file being written to.
-unloadUnloads the Remote Loader instance.
-windowTurns the trace window on or off in a Remote Loader instance. Windows only.
IMPORTANT: For the Remote Loader to automatically start when your computer starts, place the
configuration file in the following location:
/etc/opt/novell/dirxml/rdxml
novdocx (en) 17 September 2009
3.2.1 Setting Environment Variables on Solaris, Linux, or AIX
After installing the Remote Loader, you can set the environment variable
changes the current directory for rdxml. This directory is then taken as the base path for files that are
subsequently created. To set the value of the
RDXML_PATH
variable, specify the following
commands:
set RDXML_PATH=path
export RDXML_PATH
Refer to TID 7001255 (http://www.novell.com/support/php/
search.do?cmd=displayKC&docType=kc&externalId=7001255&sliceId=2&docTypeID=DT_TID_
1_1&dialogID=102067736&stateId=0%200%20102071280) for configuring the Remote Loader on
UNIX platforms.
RDXML_PATH
, which
3.3 Configuring the Java Remote Loader
The options in the following table enable you to configure the Java Remote Loader on Linux,
Solaris, and AIX.
Configuring the Remote Loader25
Table 3-2 Remote Loader Options
novdocx (en) 17 September 2009
Option
addressIP addressAn optional parameter. Specifies that the Remote
-class-clJava class
Secondary
Name
ParameterDescription
Loader listens on a particular local IP address.
This is useful if the server hosting the Remote
Loader has multiple IP addresses and the Remote
Loader must listen on only one of the addresses.
You have three options:
address=address number
address=‘localhost’
Don't use this parameter.
If you don't use the address, the Remote Loader
listens on all local IP addresses.
Example:
Specifies the Java class name of the Identity
name
Manager application shim that is to be hosted.
For example, for a Java driver, use one of the
following:
Java uses a keystore to read certificates. The class option and the -module option are mutually
exclusive.
To see a list of the Java class names see Table 3-3
on page 33.
26Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Option
-commandport-cpport numberSpecifies the TCP/IP port that the Remote Loader
Secondary
Name
ParameterDescription
instance uses for control purposes. If the Remote
Loader instance is hosting an application shim, the
command port is the port on which another
Remote Loader instance communicates with the
instance that is hosting the shim. If the Remote
Loader instance is sending a command to an
instance that is hosting an application shim, the
command port is the port on which the hosting
instance is listening. If it is not specified, the
default command port is 8000. Multiple instances
of the Remote Loader can run on the same server
hosting different driver instances by specifying
different connection ports and command ports.
Example:
-commandport 8001
-cp 8001
-configNonefilenameSpecifies a configuration file. The configuration file
can contain any command line options except the
config option. Options specified on the command
line override options specified in the configuration
file.
-connection-connconnection
configuration
string
Example:
-config config.txt
Specifies the connection parameters for the
connection to the Metadirectory server running the
Identity Manager remote interface shim. The
default connection method for the Remote Loader
is TCP/IP using SSL. The default TCP/IP port for
this connection is 8090. Multiple instances of the
Remote Loader can run on the same server. Each
instance of the Remote Loader hosts a separate
Identity Manager application shim instance.
Differentiate multiple instances of the Remote
Loader by specifying different connection ports
and command ports for each Remote Loader
instance.
Example:
-connection "port=8091
rootfile=server1.pem"
-conn "port=8091
rootfile=server1.pem"
Configuring the Remote Loader27
novdocx (en) 17 September 2009
Option
-description -descshort
Secondary
Name
ParameterDescription
Specify a short description string (for example,
description
SAP) to be used for the trace window title and for
Novell® Audit logging.
Example:
-description SAP
-desc SAP
The Remote Loader Console places long forms in
the configuration files. You can use either a long
form (for example, -description) or a short form (for
example, -desc).
fromaddressNoneIP addressThe Remote Loader only accepts connections
from the specified IP address. Any other
connections are not allowed.
Increases the time out period of the handshake
between the Remote Loader and the
Metadirectory engine.
Example:
-connection "port= 8093
handshaketimeout=1000"
The value can be some integer greater than or
equal to zero. Zero means never time out. The
non-zero number is the number of milliseconds for
the time out to occur. The default value is 1000
milliseconds.
-help-?NoneDisplays help.
Example:
-help
-?
-java-jNoneSpecifies that the passwords are to be set for a
Java shim instance. This option is only useful in
conjunction with the setpasswords option.
If -class is specified with -setpasswords, this
option isn't necessary.
28Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Option
-javadebugport -jdpPort numberSpecifies that the Remote Loader instance is to
keystoreConditional parameters. Used only for Identity
Secondary
Name
ParameterDescription
enable Java debugging on the specified port. This
is useful for developers of the Identity Manager
application shims.
Example:
-javadebugport 8080
-jdp 8080
Manager application shims contained in
files.
Specifies the filename of the Java keystore that
contains the trusted root certificate of the issuer of
the certificate used by the remote interface shim.
This is typically the Certificate Authority of the
eDirectoryTM tree that is hosting the remote
interface shim.
If you are running SSL and need the Remote
Loader to communicate with a Java driver, use a
key-value pair:
.jar
keystore=‘keystorename’
storepass=‘password’
-module-mmodulenameSpecifies the module containing the Identity
Manager application shim that is to be hosted.
For example, for a native driver, use one of the
following:
The -module option uses a rootfile certificate. The
-module option and the -class option are mutually
exclusive.
Configuring the Remote Loader29
novdocx (en) 17 September 2009
Option
-password-ppasswordSpecifies the password for command
Secondary
Name
ParameterDescription
authentication. This password must be the same
as the first password specified with the
setpasswords option for the Remote Loader
instance being commanded. If a command option
(for example, unload or tracechange) is specified
and the password option isn't specified, the user is
prompted to enter the password for the loader that
is the target of the command.
Example:
-password novell4
-p novell4
portdecimal port
number
rootfileA conditional parameter. If you are running SSL
A required parameter. It specifies the TCP/IP port
on which the Remote Loader listens for
connections from the remote interface shim.
Example:
port=8090
and need the Remote Loader to communicate with
a native driver, use
-service-servNone, or install/
uninstall
rootfile=‘trusted certname’
To install an instance as a service, use the install
argument together with any other arguments
necessary to host an application shim. For
example, the arguments used must include module, but any argument can include connection, -commandport, and so forth.
This option installs the Win32 service but doesn't
start the service.
To uninstall an instance running as a service, use
the uninstall argument together with any other
arguments necessary to host the application shim.
The no-argument version of this option is only
used on the command line to an instance being
run as a Win32* service. This is automatically set
up when installing an instance as a service.
Example:
-service install
-serv uninstall
This option isn't available on rdxml or the Java
Remote Loader.
30Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Option
-setpasswords-sppassword
storepassstorepassUsed only for Identity Manager application shims
Secondary
Name
ParameterDescription
Specifies the password for the Remote Loader
password
instance and the password of the Identity Manager
Driver object of the remote interface shim that the
Remote Loader communicates with. The first
password in the argument is the password for the
Remote Loader. The second password in the
optional arguments is the password for the Identity
Manager Driver object associated with the remote
interface shim on the Metadirectory server. Either
no password or both passwords must be specified.
If no password is specified, the Remote Loader
prompts for the passwords. This is a configuration
option. Using this option configures the Remote
Loader instance with the passwords specified but
doesn't load a Identity Manager application shim
or communicate with another loader instance.
Example:
-setpasswords novell4 staccato3
-sp novell4 staccato3
contained in .jar files. Specifies the password for
the Java keystore specified by the keystore
parameter.
Example:
storepass=mypassword
This option applies only to the Java Remote
Loader.
-trace-tintegerSpecifies the trace level. This is only used when
hosting an application shim. Trace levels
correspond to those used on the metadirectory
server.
Example:
-trace 3
-t 3
-tracechange-tc integerCommands a Remote Loader instance that is
hosting an application shim to change its trace
level. Trace levels correspond to those used on
the metadirectory server.
Example:
-tracechange 1
-tc 1
Configuring the Remote Loader31
novdocx (en) 17 September 2009
Option
-tracefile-tffilenameSpecify a file to write trace messages to. Trace
Secondary
Name
ParameterDescription
messages are written to the file if the trace level is
greater than zero. Trace messages are written to
the file even if the trace window is not open.
Example:
-tracefile c:\temp\trace.txt
-tf c:\temp\trace.txt
-tracefilechange-tfcNone, or
filename
Commands a Remote Loader instance that is
hosting an application shim to start using a trace
file, or to close one already in use and use a new
one. Using the no-argument version of this option
causes the hosting instance to close any trace file
being used.
Example:
-tracefilechange c:\temp\newtrace.txt
tfc c:\temp\newtrace.txt
-tracefilemax-tfmsizeSpecifies the approximate maximum size that
trace file data can occupy on disk. If you specify
this option, there is a trace file with the name
specified using the tracefile option and up to 9
additional “roll-over” files. The roll-over files are
named using the base of the main trace filename
plus _n, where n is 1 through 9.
The size parameter is the number of bytes. Specify
the size by using the suffixes K, M, or G for
kilobytes, megabytes, or gigabytes.
If the trace file data is larger than the specified
maximum when the Remote Loader is started, the
trace file data remains larger than the specified
maximum until roll-over is completed through all
10 files
Example:
-tracefilemax 1000M
-tfm 1000M
In this example, the trace file can be only 1 GB.
-unload-uNoneUnloads the Remote Loader instance. If the
Remote Loader is running as a Win32 Service, this
command stops the service.
Example:
-unload
-u
32Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Option
Secondary
Name
ParameterDescription
-window-wOn/OffTurns the trace window on or off in a Remote
Loader instance.
Example:
-window on
-w off
This option is available only on Windows
platforms. It isn't available on the Java Remote
Loader.
-wizard-wizNoneLaunches the Configuration Wizard. Running
dirxml_remote.exe
with no command line
parameters also launches the wizard. This option
is useful if a configuration file is also specified. In
this case, the wizard starts with values from the
configuration file and the wizard can be used to
change the configuration without editing the
configuration file directly.
Example:
-wizard
-wiz
This option is available only on Windows
platforms. It isn't available on the Java Remote
Loader.
3.4 Configuring the Identity Manager Drivers for
Use with the Remote Loader
You can configure a new driver or enable an existing driver to communicate with the Remote
Loader. This section provides general information on configuring drivers so that they communicate
with the Remote Loader. For driver-specific information, refer to the relevant driver implementation
guide at the Identity Manager Driver Documentation Web page (http://www.novell.com/
documentation/idm36drivers/index.html).
novdocx (en) 17 September 2009
When you create a new Driver object in either Designer or iManager, there are additional fields to
populate to enable the Remote Loader. You add information to these same fields if you modify an
existing driver.
To configure the driver:
1 In the properties of the Driver object, fill in the following fields:
Driver Module: Select Connect to Remote Loader.
Driver Object Password: The driver object password is used by the Remote Loader to
authenticate itself to the Metadirectory server. This password must match the password for the
driver object defined on the Remote Loader.
Remote Loader Connection Parameters: Specify the information required to connect to the
Remote Loader. The parameter format is
kmo=certificatename
port
is the port the Remote Loader is listening on (the default is 8090). The
, where
hostname
hostname=xxx.xxx.xxx.xxx port=xxxx
is the IP address of the Remote Loader server and
kmo
parameter is
used only when an SSL connection exists between the Remote Loader and the Metadirectory
engine; tt defines the Key Name of the Key Material Object containing the keys and certificate
used for SSL.
Example:
hostname=10.0.0.1 port=8090 kmo=IDMCertificate
Remote Loader Password: Specify the password required for the Metadirectory engine (or
Remote Loader shim) to authenticate to the Remote Loader.
2 Define a security-equivalent user, click Next, then click Finish.
34Identity Manager 3.6.1 Remote Loader Guide
3.5 Creating a Secure Connection
If you plan to use the Remote Loader, the first step is to provide secure data transfer between the
Remote Loader and the Metadirectory engine. This requires you to use the Secure Socket Layer
(SSL) to setup a connection between the Remote Loader and the Metadirectory engine.
To accomplish this, complete the following tasks:
Section 3.5.1, “Creating a Server Certificate,” on page 35
Section 3.5.2, “Exporting a Self-Signed Certificate,” on page 35
Section 3.5.3, “Creating a Keystore,” on page 36
3.5.1 Creating a Server Certificate
If you are unfamiliar with certificates, it is easy to create a new one.
1 In Novell iManager, click Novell Certificate Server > Create Server Certificate.
2 Select the server to own the certificate, and give the certificate a nickname (for example,
remotecert).
novdocx (en) 17 September 2009
IMPORTANT: We recommend that you don’t use spaces in the certificate nickname. For
example, use remotecert instead of remote cert.
Also, make a note of the certificate nickname. This nickname is used for the KMO name in the
driver’s remote connection parameters.
3 Leave the Creation method set to Standard, then click Next.
4 Review the Summary, click Finish, then click Close.
You have created a server certificate. Continue with Section 3.5.2, “Exporting a Self-Signed
Certificate,” on page 35.
3.5.2 Exporting a Self-Signed Certificate
You can export a newly created certificate. Or, if an SSL server certificate already exists and you
have experience with SSL certificates, you can use the existing certificate instead of creating and
using a new one.
When a server joins a tree, eDirectory creates the following default certificates:
SSL CertificateIP
SSL CertificateDNS
1 In iManager, click eDirectory Administration > Modify Object.
Configuring the Remote Loader35
2 Browse to and select the Certificate Authority in the Security container, then click OK.
The Certificate Authority (CA) is named after the tree name (Treename-CA.Security).
3 Click the Certificates tab, select the Self-Signed Certificate, then click Export.
4 In the Export Certificate Wizard, deselect Export private key.
novdocx (en) 17 September 2009
You don’t want to export the private key with the certificate.
5 Set the export format to BASE64, then click Next.
IMPORTANT: When the Remote Loader is running on a Windows 2003 R2 SP1 32-bit server,
the certificate must be in Base64 format. If you use the DER format, the Remote Loader fails to
connect to the Identity Manager engine.
6 Click the link to Save the exported certificate, specify a location, then click Save.
7 Click Close.
3.5.3 Creating a Keystore
A keystore is a Java file that contains encryption keys and, optionally, certificates. If you want to use
SSL between the Remote Loader and the Metadirectory engine, and you are using a Java shim, you
need to create a keystore file.
“Keystore on Windows” on page 37
“Keystore on Solaris, Linux, or AIX” on page 37
“Keystore on All Platforms” on page 37
36Identity Manager 3.6.1 Remote Loader Guide
Keystore on Windows
novdocx (en) 17 September 2009
On Windows, run the Keytool utility, typically found in the
c:\novell\remoteloader\jre\bin
directory.
Keystore on Solaris, Linux, or AIX
On Solaris, Linux, or AIX environments, use the
installed with rdxml. It is located in the
install_directory/dirxml/bin
create_keystore file is also included in the
dirxml\java_remoteloader
\
directory. The
create_keystore
dirxml_jremote.tar.gz
create_keystore
file.
file is a shell script that calls the
Create_keystore
directory. The
file, found in the
is
Keytool utility.
On UNIX, when the self-signed certificate is used to create the keystore, the certificate can be
exported in Base64 or binary DER format.
script specifies a hard-coded password of “dirxml” for the keystore
password. This is not a security risk because only a public certificate and public key are stored in the
keystore.
Keystore on All Platforms
To create a keystore on any platform, you can enter the following at the command line:
The Remote Loader is either a service or a daemon. At times the server or daemon must be restarted.
The following procedures explain how to start and stop the Remote Loader.
Section 4.1, “Starting the Remote Loader,” on page 39
Section 4.2, “Stopping the Remote Loader,” on page 43
4.1 Starting the Remote Loader
Each platform has a different way to start the Remote Loader.
Section 4.1.1, “Starting the Remote Loader on Windows,” on page 39
Section 4.1.2, “Auto-Starting the Remote Loader,” on page 41
Section 4.1.3, “Starting the Remote Loader on Solaris, Linux, or AIX,” on page 42
novdocx (en) 17 September 2009
4
4.1.1 Starting the Remote Loader on Windows
You can start the Remote Loader from the Remote Loader Console icon or from the command line.
“Starting from the Remote Loader Console” on page 39
“Starting from the Command Line in Windows” on page 40
Starting from the Remote Loader Console
1 Click the Remote Loader Console icon on the desktop.
Managing the Remote Loader
39
2 Select a driver instance, then click Start.
novdocx (en) 17 September 2009
Starting from the Command Line in Windows
The command line functionality is provided by
c:\novell\RemoteLoader\dirxml_remote.exe
dirxml_remote.exe
.
. By default, it is located in
1 At a command prompt, set the password for the Remote Loader. For password command
4 Confirm that the Remote Loader is working properly.
The Remote Loader loads the Identity Manager application shim only when the Remote Loader
is in communication with the remote interface shim on the Metadirectory server. This means,
for example, that the application shim shuts down if the Remote Loader loses communication
with the Metadirectory server.
40Identity Manager 3.6.1 Remote Loader Guide
Table 4-1 Password Command Line Options
novdocx (en) 17 September 2009
Option
-password-ppasswordSpecifies the password for command
Secondary
Name
ParameterDescription
authentication. This password must be the same
as the first password specified with setpasswords
for the loader instance being commanded. If a
command option (for example, unload or
tracechange) is specified and the
option isn’t specified, the user is prompted to enter
the password for the loader that is the target of the
command.
Example:
password
-password novell4
-p novell4
-setpasswords -sppassword
password
Specifies the password for the Remote Loader
instance and the password of the Identity Manager
Driver object of the remote interface shim that the
Remote Loader communicates with. The first
password in the argument is the password for the
Remote Loader. The second password in the
optional arguments is the password for the Identity
Manager Driver object associated with the remote
interface shim on the Metadirectory server. Either
no password or both passwords must be specified.
If no password is specified, the Remote Loader
prompts for the passwords. This is a configuration
option. Using this option configures the Remote
Loader instance with the passwords specified but
doesn’t load an Identity Manager application shim
or communicate with another loader instance.
Example:
-setpasswords novell4 staccato3
-sp novell4 staccato3
4.1.2 Auto-Starting the Remote Loader
To auto-start the Remote Loader on a Windows platform, see Step 9 in Section 3.1, “Configuring the
Remote Loader on Windows,” on page 15.
Select Establish a Remote Loader service for this driver instance if you want the Remote Loader as
a service.
When this option is enabled, the operating system automatically starts the Remote Loader when the
computer starts.
Managing the Remote Loader41
novdocx (en) 17 September 2009
To auto-start the Remote Loader on a Linux/Unix platform, place your configuration file in
opt/novell/dirxml/rdxml
. Your Remote Loader instance starts automatically when the computer
/etc/
starts.
4.1.3 Starting the Remote Loader on Solaris, Linux, or AIX
On Solaris, Linux, or AIX, the binary component rdxml provides the Remote Loader functionality.
The default location of this component is in the
/usr/bin/
1 Set the password for the Remote Loader. For command password options, see Table 4-1 on
class com.novell.nds.dirxml.driver.delimitedtext.DelimitedTextDriver
2 The above command does not start the Remote Loader, but creates the encrypted password
files. See TID 7001255 (http://www.novell.com/support/php/
search.do?cmd=displayKC&docType=kc&externalId=7001255&sliceId=2&docTypeID=DT_
TID_1_1&dialogID=102067736&stateId=0%200%20102071280) for more information.
Now run the above command without the -sp option to start the Remote Loader.
directory.
PlatformCommand
Solaris
LInux
AIX
HP-UX
AS/400
OS/390
z/OS
rdxml
-config path_to_config_file
dirxml_jremote
3 Use iManager to start the driver.
4 Confirm that the Remote Loader is operating properly.
42Identity Manager 3.6.1 Remote Loader Guide
-config path_to_config_file
The Remote Loader loads the Identity Manager application shim only when the Remote Loader
is in communication with the remote interface shim on the Metadirectory server. This means,
for example, that the application shim shuts down if the Remote Loader loses communication
with the Metadirectory server.
ps
For Linux, Solaris, or AIX, use the
command or a trace file to find out whether the
command and connection ports are listening.
tail
For HP-UX and similar platforms, monitor the Java Remote Loader by using the
command on the tracefile:
tail -f trace filename
If the last line of the log shows the following, the loader is successfully running and awaiting
connection from the Identity Manager remote interface shim:
TRACE: Remote Loader: Entering listener accept()
4.2 Stopping the Remote Loader
Each platform has a different way to stop the Remote Loader. Table 4-2 contains the instructions for
each platform.
novdocx (en) 17 September 2009
Table 4-2 How to Stop the Remote Loader
PlatformCommand
WindowsUse the Remote Loader Console to stop a driver instance.
Solaris
LInux
AIX
HP-UX
AS/400
OS/390
z/OS
If multiple instances of the Remote Loader are running on the computer, pass the
rdxml -config path_to_config_file -u
dirxml_jremote -config path_to_config_file -u
-cp
command port
option so that the Remote Loader can stop the appropriate instance.
When you stop the Remote Loader, you must have sufficient rights or specify the Remote Loader
password. For example, the Remote Loader is running as a Windows service. You have sufficient
rights to stop it. You enter a password, but realize that it is incorrect. The Remote Loader stops
anyway, because the Remote Loader isn’t “accepting” the password. Instead, it is ignoring the
password because the password is redundant in this case. If you run the Remote Loader as an
application rather than as a service, the password is used.
NOTE: If the Lotus Notes driver is loaded on the Notes server, the Domino console might
occasionally show the error message '
de.exe (2488/0x9B8) has terminated abnormally
Process C:\Novell\RemoteLoader\dirxml_remote_
'. You can ignore this cosmetic error
message. To avoid receiving this error message, move the Notes driver to a server that runs the
Notes client. For more information about installing Notes driver on the machine that runs the client,
see Local Installation on a Notes Client Workstation (http://www.novell.com/documentation/
idm36drivers/notes/data/agin4qb.html).
Managing the Remote Loader43
novdocx (en) 17 September 2009
44Identity Manager 3.6.1 Remote Loader Guide
A
Options for Configuring a Remote
novdocx (en) 17 September 2009
Loader
The options in the following table enable you to configure a Remote Loader.
Table A-1 Remote Loader Options
Options
addressIP addressAn optional parameter. Specifies that the Remote Loader
Secondary
Name
ParameterDescription
listens on a particular local IP address. This is useful if
the server hosting the Remote Loader has multiple IP
addresses and the Remote Loader must listen on only
one of the addresses.
You have three options:
address=address number
address=‘localhost’
Don't use this parameter.
If you don't use the address, the Remote Loader listens
on all local IP addresses.
A
-class-clJava class
name
Example:
Specifies the Java class name of the Identity Manager
application shim that is to be hosted.
For example, for a Java driver, use one of the following:
Java uses a keystore to read certificates. The - class
option and the -module option are mutually exclusive.
To see a list of the Java class names see Table A-2 on
page 52.
address=137.65.134.83
Options for Configuring a Remote Loader
45
novdocx (en) 17 September 2009
Options
commandport
Secondary
Name
-cpport numberSpecifies the TCP/IP port that the Remote Loader
ParameterDescription
instance uses for control purposes. If the Remote Loader
instance is hosting an application shim, the command
port is the port on which another Remote Loader
instance communicates with the instance that is hosting
the shim. If the Remote Loader instance is sending a
command to an instance that is hosting an application
shim, the command port is the port on which the hosting
instance is listening. If it is not specified, the default
command port is 8000. Multiple instances of the Remote
Loader can run on the same server hosting different
driver instances by specifying different connection ports
and command ports.
Example:
-commandport 8001
-cp 8001
-configNonefilenameSpecifies a configuration file. The configuration file can
contain any command line options except the config
option. Options specified on the command line override
options specified in the configuration file.
-connection-connconnection
configuration
string
Example:
-config config.txt
Specifies the connection parameters for the connection
to the Metadirectory server running the Identity Manager
remote interface shim. The default connection method for
the Remote Loader is TCP/IP using SSL. The default
TCP/IP port for this connection is 8090. Multiple
instances of the Remote Loader can run on the same
server. Each instance of the Remote Loader hosts a
separate Identity Manager application shim instance.
Differentiate multiple instances of the Remote Loader by
specifying different connection ports and command ports
for each Remote Loader instance.
Example:
-connection "port=8091
rootfile=server1.pem"
-conn "port=8091
rootfile=server1.pem"
46Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Options
-description-descshort description Specify a short description string (for example, SAP) to
Secondary
Name
ParameterDescription
be used for the trace window title and for Novell® Audit
logging.
Example:
-description SAP
-desc SAP
The Remote Loader Console places long forms in the
configuration files. You can use either a long form (for
example, -description) or a short form (for example, desc).
fromaddressNoneIP addressThe Remote Loader only accepts connections from the
specified IP address. Any other connections are not
allowed.
Increases the time out period of the handshake between
the Remote Loader and the Metadirectory engine.
Example:
-connection "port= 8093
handshaketimeout=1000"
The value can be some integer greater than or equal to
zero. Zero means never time out. The non-zero number
is the number of milliseconds for the time out to occur.
The default value is 1000 milliseconds.
-help-?NoneDisplays help.
Example:
-help
-?
-java?NoneSpecifies that the passwords are to be set for a Java
shim instance. This option is only useful in conjunction
with the setpasswords option. If -class is specified with setpasswords, this option isn't necessary
Options for Configuring a Remote Loader47
novdocx (en) 17 September 2009
Options
javadebugport
Secondary
Name
-jdpPort numberSpecifies that the Remote Loader instance is to enable
ParameterDescription
Java debugging on the specified port. This is useful for
developers of the Identity Manager application shims.
Example:
-javadebugport 8080
-jdp 8080
keystoreConditional parameters. Used only for Identity Manager
application shims contained in .jar files.
Specifies the filename of the Java keystore that contains
the trusted root certificate of the issuer of the certificate
used by the remote interface shim. This is typically the
Certificate Authority of the eDirectoryTM tree that is
hosting the remote interface shim.
If you are running SSL and need the Remote Loader to
communicate with a Java driver, use a key-value pair:
keystore=‘keystorename’
storepass=‘password’
-module-mmodulenameSpecifies the module containing the Identity Manager
application shim that is to be hosted.
For example, for a native driver, use one of the following:
The -module option uses a rootfile certificate. The module option and the -class option are mutually
exclusive.
48Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Options
-password-ppasswordSpecifies the password for command authentication. This
Secondary
Name
ParameterDescription
password must be the same as the first password
specified with the setpasswords option for the Remote
Loader instance being commanded. If a command option
(for example, unload or tracechange) is specified and the
password option isn't specified, the user is prompted to
enter the password for the loader that is the target of the
command.
Example:
-password novell4
-p novell4
portdecimal port
number
A required parameter. It specifies the TCP/IP port on
which the Remote Loader listens for connections from
the remote interface shim.
Example:
port=8090
A conditional parameter. If you are running SSL and
need the Remote Loader to communicate with a native
driver, use
-service-servNone, or install/
uninstall
rootfile=‘trusted certname’
To install an instance as a service, use the install
argument together with any other arguments necessary
to host an application shim. For example, the arguments
used must include - module, but any argument can
include - connection, -commandport, and so forth.
This option installs the Win32 service but doesn't start
the service.
To uninstall an instance running as a service, use the
uninstall argument together with any other arguments
necessary to host the application shim.
The no-argument version of this option is only used on
the command line to an instance being run as a Win32*
service. This is automatically set up when installing an
instance as a service.
Example:
-service install
-serv uninstall
This option isn't available on rdxml or the Java Remote
Loader.
Options for Configuring a Remote Loader49
novdocx (en) 17 September 2009
Options
setpasswords
Secondary
Name
-sppassword
ParameterDescription
password
Specifies the password for the Remote Loader instance
and the password of the Identity Manager Driver object of
the remote interface shim that the Remote Loader
communicates with. The first password in the argument
is the password for the Remote Loader. The second
password in the optional arguments is the password for
the Identity Manager Driver object associated with the
remote interface shim on the Metadirectory server. Either
no password or both passwords must be specified. If no
password is specified, the Remote Loader prompts for
the passwords. This is a configuration option. Using this
option configures the Remote Loader instance with the
passwords specified but doesn't load a Identity Manager
application shim or communicate with another loader
instance.
Example:
-setpasswords novell4 staccato3
-sp novell4 staccato3
storepassstorepassUsed only for Identity Manager application shims
contained in .jar files. Specifies the password for the Java
keystore specified by the keystore parameter.
Example:
storepass=mypassword
This option applies only to the Java Remote Loader.
-trace-tintegerSpecifies the trace level. This is only used when hosting
an application shim. Trace levels correspond to those
used on the metadirectory server.
Example:
Example:
-trace 3
-t 3
-tracechange-tcintegerCommands a Remote Loader instance that is hosting an
application shim to change its trace level. Trace levels
correspond to those used on the metadirectory server.
Example:
-tracechange 1
-tc 1
50Identity Manager 3.6.1 Remote Loader Guide
novdocx (en) 17 September 2009
Options
-tracefile-tffilenameSpecify a file to write trace messages to. Trace
Secondary
Name
ParameterDescription
messages are written to the file if the trace level is
greater than zero. Trace messages are written to the file
even if the trace window is not open.
Example:
-tracefile c:\temp\trace.txt
-tf c:\temp\trace.txt
tracefilechang
e
-tfcNone, or
filename
Commands a Remote Loader instance that is hosting an
application shim to start using a trace file, or to close one
already in use and use a new one. Using the noargument version of this option causes the hosting
instance to close any trace file being used.
Example:
-tracefilechange c:\temp\newtrace.txt
tfc c:\temp\newtrace.txt
-tracefilemax-tfmsizeSpecifies the approximate maximum size that trace file
data can occupy on disk. If you specify this option, there
is a trace file with the name specified using the tracefile
option and up to 9 additional “roll-over” files. The roll-over
files are named using the base of the main trace filename
plus _n, where n is 1 through 9.
The size parameter is the number of bytes. Specify the
size by using the suffixes K, M, or G for kilobytes,
megabytes, or gigabytes.
If the trace file data is larger than the specified maximum
when the Remote Loader is started, the trace file data
remains larger than the specified maximum until roll-over
is completed through all 10 files.
Example:
-tracefilemax 1000M
-tfm 1000M
In this example, the trace file can be only 1 GB.
-unload-uNoneUnloads the Remote Loader instance. If the Remote
Loader is running as a Win32 Service, this command
stops the service.
Example:
-unload
-u
Options for Configuring a Remote Loader51
novdocx (en) 17 September 2009
Options
Secondary
Name
ParameterDescription
-window-wOn/OffTurns the trace window on or off in a Remote Loader
instance.
Example:
-window on
-w off
This option is available only on Windows platforms. It
isn't available on the Java Remote Loader.
-wizard-wizNoneLaunches the Configuration Wizard. Running
dirxml_remote.exe with no command line parameters
also launches the wizard. This option is useful if a
configuration file is also specified. In this case, the wizard
starts with values from the configuration file and the
wizard can be used to change the configuration without
editing the configuration file directly.
Example:
-wizard
-wiz
This option is available only on Windows platforms. It
isn't available on the Java Remote Loader.