Novell Home

Setting Up the Remote Loader on UNIX Tru64 with SSL

Novell Cool Solutions: Tip
By Michel Bluteau

Digg This - Slashdot This

Posted: 11 Nov 2004
 

Setting up the DirXML Java Remote Loader on UNIX Tru64 with SSL

This article is a quick recipe on how to install and configure the Java Remote loader on UNIX Tru64 5.1B and leverage SSL for the connection. This configuration can be useful for securely connecting an Oracle server running on Tru64, which is a commonly used combination. While you could use a JDBC connection over the network, leveraging SSL allows you to secure that connection.

Initial Steps

Here are the initial setup steps to follow:

  1. Locate the Java Remote Loader on the NIM CD, under java_remoteloader.
  2. Copy the Java Remote Loader to the Tru64 server and uncompress it (gunzip, tar).
  3. Install Java Runtime Environment 1.4.1 or 1.4.2 on Tru64, which can be obtained from: http://h18012.www1.hp.com/java/download/unix/1.4.2
  4. Set or update JAVA_HOME and PATH as follows:


  5. export JAVA_HOME=/opt/jre142
    export PATH=$JAVA_HOME/bin:$PATH

  6. Create a subdirectory and a symbolic link for the java executable, which the JRE expects to find under /bin/alpha/native_threads. For example:


  7. mkdir alpha
    mkdir alpha/native_threads
    cd alpha/native_threads
    ln -s $JAVA_HOME/bin/java java

  8. Customize the config file for the java remote loader. For example, to use the Oracle JDBC driver:


  9. -commandport 8000
    -connection "port=8099 keystore='/opt/javarl/OracleKeystore'
    storepass='dirxml'"
    -trace 4
    -tracefile ./trace8000.log
    -class com.novell.nds.dirxml.driver.jdbc.JDBCDriverShim


  10. Copy the required jar files into /lib under the java remote loader directory. For example, for Oracle, you would need:
  • JDBCShim.jar
  • JDBCUtil.jar
  • classes12.jar(available from http://otn.oracle.com)
  • commondrivershim.jar (can be found under the /lib or /classes directory for the eDirectory server)

Password Configuration

I was unable to use the -sp option to configure the passwords for the remote loader and the driver on Tru64. A workaround I use is to install the java remote loader on another supported host, such as Solaris or Linux. Then I run the java remote loader on that system with the config file and the -sp option; then I FTP the resulting files (e.g. dpwd1f40, lpwd1f40) to Tru64. For example:

dirxml_jremote -config oracleConfig.txt -sp dirxml dirxml

I was even able to run the java remote loader on Windows(with JRE 1.4.2) in order to create the two password files, leveraging the following command:

java -classpath

.\lib\dirxml_remote.jar;.\lib\dirxml.jar;.\lib\dirxml_misc.jar;.\lib\JDBCShim.jar;.\lib\JDBCUtil.jar;.\lib\classe12.jar;.\lib\xp.jar;.\lib\nxsl.jar;.\lib\jdbm.jar;.\lib\activation.jar;.\lib\imap.jar;.\lib\mail.jar;.\lib\mailapi.jar;.\lib\pop3.jar;.\lib\smtp.jar;.\lib\commondrivershim.jar
com.novell.nds.dirxml.remote.loader.RemoteLoader -config oracleConfig.txt -sp dirxml dirxml

Creating the Keystore

In order to use SSL (keystore='/opt/javarl/OracleKeystore' storepass='dirxml' in the config file), you must first create the keystore. The create_keystore utility does not seem to run on Tru64. I was able to use keystore on a Solaris server with the native remote loader, and then FTP the keystore file to my Tru64 server. For example:

keytool -import -alias trustedroot -file EDIR_TREE.b64 -keystore OracleKeystore -storepass dirxml

... where EDIR_TREE.b64 is the export file for the Self-Signed Certificate for the CA (Certificate Authority for my tree). I also created a custom server certificate for my remote loader and configured the driver in eDirectory for using SSL (see the SSL documentation).

You can also use the create keystore utility on Solaris or Linux to create the keystore file:

create_keystore EDIR_TREE.b64 OracleKeystore

Conclusion

Once you implement these steps, you can fire up the driver and have a working SSL connection through the Java Remote Loader.

Please do not hesitate to forward comments or feedback to me, as well as questions and corrections.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell