As the following figure illustrates, the Metadirectory engine runs on a server as part of eDirectory. An Identity Manager driver shim and its configured driver communicate with an application and with the Metadirectory engine.
Figure 3-1 The Metadirectory Engine Running Under eDirectory
As the following figure illustrates, a connected system extends Identity Manager functionality across applications:
Figure 3-2 A Connected System, Including the Remote Loader
A connected system requires a Remote Loader. This service enables the Metadirectory engine to exchange data with Identity Manager drivers running as different processes and in different locations, including the following:
As separate processes on the server where the Metadirectory engine is running
The Metadirectory engine runs as part of the eDirectory process. The Identity Manager drivers can run on the server where the Metadirectory engine is running. In fact, they can run as part of the same process as the Metadirectory engine.
However, for strategic reasons, you might want the Identity Manager driver to run as a separate process on the server. Typically, though, the Identity Manager drivers run on separate servers.
If the driver is running as a separate process, the Remote Loader provides a communication channel between the Metadirectory engine and the driver.
On servers other than the one where the Metadirectory engine is running
Some of the Identity Manager drivers are unable to run where the Metadirectory engine is running. The Remote Loader enables you to run the Metadirectory engine in one environment while running an Identity Manager driver on a server in a different environment. For example, you cannot run the Active Directory driver on a NetWare server. The Metadirectory engine can run on the NetWare server and the Remote Loader runs on an Active Directory server.
Scenario: Separate Servers. The Metadirectory engine is running on a NetWare server. You need to run the Identity Manager Driver for Active Directory. This driver is unable to run on a NetWare server because it must run in an Active Directory environment. You install and run the Remote Loader on a Windows 2003 server. The Remote Loader provides a communication channel between the Active Directory driver and the Metadirectory engine.
Scenario: Non-Host. The Metadirectory engine is running on Solaris. You need to communicate with a NIS system where you want to provision user accounts. That system usually doesn’t host the Metadirectory engine. You install the Remote Loader and the Identity Manager Driver for NIS on the NIS system. The Remote Loader on the NIS system runs the NIS driver and enables the Metadirectory engine and the NIS driver to exchange data.
Identity Manager provides Remote Loader functionality through dirxml_remote, rdxml, or dirxml_jremote.
Dirxml_remote
Dirxml_remote is an executable that enables the Metadirectory engine to communicate with the Identity Manager drivers running on Windows.
The Remote Loader Console uses dirxml_remote.exe. If you specify dirxml_remote.exe from the command line, without any parameters, the Remote Loader Application Wizard is launched. If you type dirxml_remote.exe and then pass in parameters, the Remote Loader is started.
Rdxml
Rdxml is an executable that enables the Metadirectory engine to communicate with the Identity Manager drivers running in Solaris, Linux, or AIX environments.
Rdxml can support both native and Java drivers.
Dirxml_jremote
Dirxml_jremote is a pure Java Remote Loader. It is used to exchange data between the Metadirectory engine running on one server and the Identity Manager drivers running in another location, where rdxml or Dirxml_jremote doesn’t run. It should be able to run on any system with a compatible JRE (1.4.0 minimum, 1.4.2 or higher recommended) and Java Sockets, but is only officially supported on the following:
HP-UX
AS/400
OS/390
z/OS
Overview: Main Tasks
Using the Remote Loader involves the following tasks:
If you plan to use the Secure Socket Layer (SSL), provide certificates for secure data transfers.
Install, configure, and run the Remote Loader.
Import, configure, and start the Identity Manager driver.
Some administrators prefer to import and configure the Identity Manager driver before setting up the Remote Loader. For example, the driver might already be running but you want to enable it to run remotely.
On the other hand, if the Remote Loader is running, you can import, configure, and start the driver, then immediately check whether proper communication is occurring among the Metadirectory engine, Remote Loader, and the Identity Manager driver.