This section provides information on the following:
This section provides information on the following:
Run the Identity Manager installation program (for example, \nt\install.exe).
View the Welcome page, accept the license agreement, and view the two Overview pages.
In the Identity Manager Install dialog box, deselect all components except
, then click .Select a location for the connected system (the Remote Loader and remote driver shims), then click
.Select the
and remote driver shims (drivers), then click .Acknowledge the activation requirement, view products to be installed, then click
.Select whether to place the Remote Loader Console icon on your desktop.
This section assumes that you have downloaded and expanded Identity Manager. If you need to download Identity Manager, go to the Novell download Web site.
After you expand the Identity Manager file that you downloaded from the Novell Web site, complete the following steps:
Run one of the following installation files, depending on your platform:
dirxml_solaris.bin
dirxml_linux.bin
dirxml_aix.bin
After accepting the license agreement, press Enter to arrive at the Choose Install Set page:
Select Connected System Server by typing 2, then press Enter.
At the Pre-Installation Summary screen, review components that you have selected to install, then press Enter.
The HP-UX, AS/400, OS/390,and z/OS platforms require the Java Remote Loader.
Create a directory on the target system where you want to run the Java Remote Loader.
From the Identity Manager CD or download image, copy the appropriate file in the /java_remoteloader directory to the directory that you created in Step 1:
For HP-UX, AS/400, or z/OS, unzip the dirxml_jremote file.
Untar the file that you just copied.
The Java Remote Loader is now ready for configuration. Because the tar file doesn’t contain drivers, you must manually copy the drivers into the lib directory. The lib directory is under the directory where the untarring occurred.
For information on MVS, untar the dirxml_jremote_mvs.tar file. Then refer to the usage.html document.
The Remote Loader can host the Identity Manager application shims contained in .dll, .so, or .jar files. The Java Remote Loader hosts only Java driver shims. It won’t load or host a native (C++) driver shim.
The Remote Loader Console only runs on Windows. The Console enables you to manage all Identity Manager drivers running under the Remote Loader on that computer:
If you are upgrading to Identity Manager, the Console detects and imports existing instances of the Remote Loader. (To be automatically imported, driver configurations must be stored in the remote loader directory, typically c:\novell\remoteloader.) You can then use the Console to manage the remote drivers.
To launch the Remote Loader Console, click the Remote Loader Console icon on your desktop.
Figure 3-3 Remote Loader Console Icon
The Remote Loader Console allows you to start, stop, add, remove, and edit each instance of a Remote Loader Service.
Figure 3-4 The Remote Loader Console
If you type dirxml_remote.exe from the command line, without any parameters, the Remote Loader Application Wizard is launched.
NOTE:Using the wizard and the Console together can cause unexpected behavior. Therefore, we recommend that you use the Remote Loader Console going forward and upgrade your existing configurations into the Console.
To add a Remote Loader instance, click Add, then provide the following information:
Figure 3-5 Remote Loader Configuration Parameters
Figure 3-6 Remote Driver Configuration
Description: Specify a description to identify the Remote Loader instance.
Driver: Browse to and select the appropriate shim for your driver.
Config File: Specify a name for the configuration file.
The Remote Loader Console places configuration parameters into this text file and uses those parameters when it runs.
Figure 3-7 Communication Parameters
IP Address: Specify the IP address where the Remote Loader listens for connections from the metadirectory server.
Connection Port - metadirectory server. Specify the TCP port on which the Remote Loader listens for connections from the metadirectory server.
The default TCP/IP port for this connection is 8090. With each new instance you create, the default port number automatically increases by one.
Command Port - Local Host Communication Only: Specify the TCP port number where a Remote Loader listens for commands such as Stop and Change Trace Level.
Each instance of the Remote Loader that runs on a particular computer must have a different command port number. The default command port is 8000. With each new instance you create, the default port number automatically increases by one.
NOTE:By specifying different connection ports and command ports, you can run multiple instances of the Remote Loader on the same server hosting different driver instances.
Figure 3-8 Remote Loader Password
Password: This password is used to control access to a Remote Loader instance for a driver.
The password must be the same case-sensitive password that you typed in the Enter the Remote Loader Password edit box in the Authentication section on the Identity Manager Configuration page, when you configured the driver.
Confirm: Re-enter the password.
Figure 3-9 Driver Object Password
Password: The Remote Loader uses this password to authenticate itself to the metadirectory server.
This password must be the same password you typed in the Driver Object Password edit box on the Driver Configuration page, when you configured the driver.
Confirm: Re-enter the password.
Figure 3-10 Secure Socket Link (Secure Socket Layer)
Use an SSL Connection: To specify an SSL connection, select this option.
Trusted Root File: Browse to and select a trusted root file.
This is the exported self-signed certificate from the eDirectory tree’s Organization Certificate Authority. See Section 3.2.2, Exporting a Self-Signed Certificate.
Figure 3-11 Trace File
Trace Level: For the Remote Loader instance to display a trace window that contains informational messages from both the Remote Loader and the driver, set a trace level greater than zero. The most common setting is trace level 3.
If the trace level is set to 0, the trace window won’t appear or display messages.
Trace File Specify a trace filename where trace messages are written.
Each Remote Loader instance running on a particular machine must use a different trace file. Trace messages are written to the trace file only if the trace level is greater than zero.
Maximum Disk Space Allowed for all Trace Logs (MB): Specify the approximate maximum size that trace file data for this instance can occupy on disk.
Figure 3-12 Establish a Remote Loader Service for this Driver Instance
To configure the Remote Loader instance as a service, select this option. When the option is enabled, the operating system automatically starts the Remote Loader when the computer starts.
Select the Remote Loader instance from the Description column.
Click
, type the Remote Loader password, then click .Click
, then modify the configuration information. These are the same fields as when you add a Remote Loader instance.To run the Remote Loader, all platforms use a configuration file (for example, LDAPShim.txt). You can create or edit a configuration file by using command-line options. The following steps provide information on basic parameters for the configuration file. For information on additional parameters, see Section B.0, Options for Configuring a Remote Loader.
Open a text editor.
(Optional) Specify a description by using the -description option.
Specify a TCP/IP port that the Remote Loader instance will use by using the -commandport option.
Specify the parameters for the connection to the metadirectory server running the Identity Manager remote interface shim by using the -connection option.
Type -connection “ parameter [parameter] [parameter]” .
For example, type one of the following:
-connection "port=8091 rootfile=server1.pem" -conn "port=8091 rootfile=server1.pem"
All the parameters must be included within quotation marks. Parameters include the following:
(Optional) Specify a trace parameter by using the -trace option.
(Optional) Specify a tracefile by using the -tracefile option.
(Optional) Limit the size of the tracefile by using the -tracefilemax option.
For example, type one of the following:
-tracefilemax 1000M -tfm 1000M
In this example, the tracefile can be only 1 GB.
Specify the class by using the -class option or module by using the -module option.
Option |
Secondary Name |
Parameter |
Description |
---|---|---|---|
-class |
-cl |
Java class name |
Specifies the Java class name of the Identity Manager application shim that is to be hosted. For example, for a Java driver, type one of the following: -class com.novell.nds.dirxml.driver.ldap.LDAPDriverShim -cl com.novell.nds.dirxml.driver.ldap.LDAPDriverShim Java uses a keystore to read certificates. The -class option and the -module option are mutually exclusive. To see a list of the Java class name see Table B-2 in Section B.0, Options for Configuring a Remote Loader. |
-module |
-m |
modulename |
Specifies the module containing the Identity Manager application shim that is to be hosted. For example, for a native driver, type one of the following: -module "c:\Novell\RemoteLoader\Exchange5Shim.dll" -m "c:\Novell\RemoteLoader\Exchange5Shim.dll" or -module "usr/lib/dirxml/NISDriverShim.so" -m "usr/lib/dirxml/NISDriverShim.so" The -module option uses a rootfile certificate. The -module option and the -class option are mutually exclusive. |
Name and save the file.
You can change some settings while the Remote Loader is running. For information on these settings, refer to Section B.0, Options for Configuring a Remote Loader.
After installing the Remote Loader, you can set the environment variable RDXML_PATH, which changes the current directory for rdxml. This directory is then taken as the base path for files that are subsequently created. To set the value of the RDXML_PATH variable, enter the following commands:
set RDXML_PATH= path
export RDXML_PATH
To run the Remote Loader on Windows:
Figure 3-13 Remote Loader Console Icon
Click the Remote Loader Console icon on the desktop.
Figure 3-14 The Remote Loader Console
Select a driver instance, then click
.On Solaris, Linux, or AIX, the binary component rdxml provides the Remote Loader functionality. This component is located in the /usr/bin/ directory. On Windows, the default is c:\novell\RemoteLoader.
To run the Remote Loader:
Set the password.
Start the Remote Loader.
Using iManager, start the driver.
Confirm that the Remote Loader is operating properly.
The Remote Loader loads the Identity Manager application shim only when the Remote Loader is in communication with the remote interface shim on the metadirectory server. This means, for example, that the application shim will be shut down if the Remote Loader loses communication with the metadirectory server.
For Linux, Solaris, or AIX, use the ps command or a trace file to find out whether the command and connection ports are listening.
For HP-UX and similar platforms, monitor the Java Remote Loader by using the tail command on the tracefile:
tail -f trace filename
If the last line of the log shows the following, the loader is successfully running and awaiting connection from the Identity Manager remote interface shim:
TRACE: Remote Loader: Entering listener accept()
To configure the Remote Loader (rdxml) to start automatically on UNIX, see TID 10097249.
If multiple instances of the Remote Loader are running on the computer, pass the -cp command port option so that the Remote Loader can stop the appropriate instance.
When you stop the Remote Loader, you must have sufficient rights or enter the Remote Loader password.
Scenario: Sufficient Rights. The Remote Loader is running as a Windows service. You have sufficient rights to stop it. You enter a password, but realize that it is incorrect. The Remote Loader stops anyway.
The Remote Loader isn’t “accepting” the password. Instead, it is ignoring the password because the password is redundant in this case. If you run the Remote Loader as an application rather than as a service, the password is used.