Connection parameters are specified using the connection command line option.The Identity Manager Remote loader allows for custom connection methods between the Remote Loader and the remote interface shim that is hosted on the Identity Manager server. The default connection method is TCP/IP using SSL and is what is discussed in this section. Refer to the documentation that comes with the custom connection module for information regarding what is expected and allowed in the connection string for a custom connection module.The Remote Loader opens a server socket and listens for connections from the remote interface shim. When the remote interface shim connects to the Remote Loader an SSL handshake is performed to establish a secure channel. Once a secure channel has been established the remote interface shim authenticates to the Remote Loader. If the authentication of the remote interface shim succeeds then the Remote Loader authenticates to the remote interface shim. Only when both sides are satisfied that they are communicating with an authorized entity does synchronization traffic occur.The following section details the argument names and parameters for the TCP/IP connection method.
Option |
Parameter |
Description |
---|---|---|
address |
-IP address |
Specifies that the Remote Loader will listen on a particular local IP address. This is useful if the server hosting the Remote Loader has multiple IP addresses and the Remote Loader must listen on only one of the addresses. If address is not specified the Remote Loader will listen on all local IP addresses. Example: address=137.65.134.83 |
fromaddress |
IP address |
Specifies that the Remote Loader will only accept connections from the specified IP address. Example: fromaddress=137.65.134.84 |
handshaketimeout |
time value in milliseconds |
Specifies the "handshake timeout" value for connections to the Remote Loader. If the SSL handshake and password exchange handshake do not complete within this period following the establishment of the initial TCP connection the Remote Loader will close the connection. The default value is 1000 (1 second). The default value should only be changed in cases where handshake timeouts are occurring with otherwise valid connections from the Identity Manager engine. Example: handshaketimeout=1500 |
keystore |
keystore |
Used only for Identity Manager application shims contained in .jar files.Specifies the filename of the Java keystore that contains the trusted root certificate of the issuer of the certificate used by the remote interface shim. This will typically be the Certificate Authority of the eDirectory tree that is hosting the remote interface shim. Example: keystore=my.keystore |
port |
decimal port number |
Specifies the TCP/IP port on which the Remote Loader will listen for connections from the remote interface shim. Example: port=8090 |
rootfile |
filename |
Used only for Identity Manager application shims contained in .so files.Specifies the file containing the trusted root certificate of the issuer of the certificate used by the remote interface shim. This will typically be the Certificate Authority of the eDirectory tree that is hosting the remote interface shim. The certificate file must be in Base 64 format (PEM). Example: rootfile=trusted_root.pem |
storepass |
storepass |
Used only for Identity Manager application shims contained in .jar files.Specifies the password for the Java keystore specified by the keystore parameter. Example: storepass=mypassword |