Setting Up the Remote Loader on UNIX Tru64 with SSL
Novell Cool Solutions: Tip
By Michel Bluteau
|
Digg This -
Slashdot This
Posted: 11 Nov 2004 |
Setting up the DirXML Java Remote Loader on UNIX Tru64 with SSL
This article is a quick recipe on how to install and configure the Java Remote loader on UNIX Tru64 5.1B and leverage SSL for the connection. This configuration can be useful for securely connecting an Oracle server running on Tru64, which is a commonly used combination. While you could use a JDBC connection over the network, leveraging SSL allows you to secure that connection.
Initial Steps
Here are the initial setup steps to follow:
- Locate the Java Remote Loader on the NIM CD, under java_remoteloader.
- Copy the Java Remote Loader to the Tru64 server and uncompress it (gunzip, tar).
- Install Java Runtime Environment 1.4.1 or 1.4.2 on Tru64, which can be obtained from: http://h18012.www1.hp.com/java/download/unix/1.4.2
- Set or update JAVA_HOME and PATH as follows:
- Create a subdirectory and a symbolic link for the java executable, which the JRE expects to find under /bin/alpha/native_threads. For example:
- Customize the config file for the java remote loader. For example, to use the Oracle JDBC driver:
- Copy the required jar files into /lib under the java remote loader directory. For example, for Oracle, you would need:
export JAVA_HOME=/opt/jre142
export PATH=$JAVA_HOME/bin:$PATH
mkdir alpha
mkdir alpha/native_threads
cd alpha/native_threads
ln -s $JAVA_HOME/bin/java java
-commandport 8000
-connection "port=8099 keystore='/opt/javarl/OracleKeystore'
storepass='dirxml'"
-trace 4
-tracefile ./trace8000.log
-class com.novell.nds.dirxml.driver.jdbc.JDBCDriverShim
- JDBCShim.jar
- JDBCUtil.jar
- classes12.jar(available from http://otn.oracle.com)
- commondrivershim.jar (can be found under the /lib or /classes directory for the eDirectory server)
Password Configuration
I was unable to use the -sp option to configure the passwords for the remote loader and the driver on Tru64. A workaround I use is to install the java remote loader on another supported host, such as Solaris or Linux. Then I run the java remote loader on that system with the config file and the -sp option; then I FTP the resulting files (e.g. dpwd1f40, lpwd1f40) to Tru64. For example:
dirxml_jremote -config oracleConfig.txt -sp dirxml dirxml
I was even able to run the java remote loader on Windows(with JRE 1.4.2) in order to create the two password files, leveraging the following command:
java -classpath
.\lib\dirxml_remote.jar;.\lib\dirxml.jar;.\lib\dirxml_misc.jar;.\lib\JDBCShim.jar;.\lib\JDBCUtil.jar;.\lib\classe12.jar;.\lib\xp.jar;.\lib\nxsl.jar;.\lib\jdbm.jar;.\lib\activation.jar;.\lib\imap.jar;.\lib\mail.jar;.\lib\mailapi.jar;.\lib\pop3.jar;.\lib\smtp.jar;.\lib\commondrivershim.jar
com.novell.nds.dirxml.remote.loader.RemoteLoader -config oracleConfig.txt -sp dirxml dirxml
Creating the Keystore
In order to use SSL (keystore='/opt/javarl/OracleKeystore' storepass='dirxml' in the config file), you must first create the keystore. The create_keystore utility does not seem to run on Tru64. I was able to use keystore on a Solaris server with the native remote loader, and then FTP the keystore file to my Tru64 server. For example:
keytool -import -alias trustedroot -file EDIR_TREE.b64 -keystore OracleKeystore -storepass dirxml
... where EDIR_TREE.b64 is the export file for the Self-Signed Certificate for the CA (Certificate Authority for my tree). I also created a custom server certificate for my remote loader and configured the driver in eDirectory for using SSL (see the SSL documentation).
You can also use the create keystore utility on Solaris or Linux to create the keystore file:
create_keystore EDIR_TREE.b64 OracleKeystore
Conclusion
Once you implement these steps, you can fire up the driver and have a working SSL connection through the Java Remote Loader.
Please do not hesitate to forward comments or feedback to me, as well as questions and corrections.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com