• No results found

Understanding the Configuration Parameters for the Remote Loader

In document NetIQ Identity Manager Setup Guide (Page 148-152)

Creating a Keystore on Windows

18.2 Understanding the Configuration Parameters for the Remote Loader

For the Remote Loader to work with a driver instance that hosts an Identity Manager application shim, you must configure the driver instance. For example, you must specify the connection and port settings for the instance. You can specify the settings from the command line, in a configuration file (UNIX or Linux), or in the Remote Loader Console (Windows). Once the instance is running, you can use the command line to modify the configuration parameters or instruct the Remote Loader to perform a function. For example, you might want to open the trace window or unload the Remote Loader.

This section provides information about the configuration parameters. The explanation specifies whether a parameter can be sent from the command line to updated the Remote Loader while the instance is running.

For more information about configuring a new driver instance, see the following sections:

Š Linux and UNIX: Section 18.3, “Configuring the Remote Loader for Driver Instances on UNIX or Linux,” on page 156

Š Windows: Section 18.4, “Configuring the Remote Loader for Driver Instances on Windows,” on page 157.

18.2.1 Configuration Parameters for the Driver Instances in the Remote Loader

You can configure a driver instance from the command line or in a configuration file. NetIQ provides a sample file config8000.txt to help you configure the Remote Loader and drivers for use with your application shim. The sample file is located by default in the /opt/novell/dirxml/doc directory. For example, the configuration file might include the following lines:

-commandport 8000

-connection "port=8090 rootfile=/dirxmlremote/root.pem"

-module $DXML_HOME/dirxmlremote/libcskeldrv.so.0.0.0 -trace 3

Use the following parameters:

-description value (-desc value)

(Optional) Specifies a short description in string format, such as SAP, which the application uses for the title of the trace window and for audit logging. For example:

-description SAP -desc SAP

Configuring the Remote Loader and Drivers 149 -class name (-cl name)

(Conditional) When using a Java driver, specifies the Java class name of the Identity Manager application shim that you want to host. This options tells the application to use a Java keystore to read certificates. For example:

-class com.novell.nds.dirxml.driver.ldap.LDAPDriverShim -cl com.novell.nds.dirxml.driver.ldap.LDAPDriverShim NOTE

Š You cannot use this option if you specify a -module option.

Š If you use the tab character as a delimiter in the -class option, the Remote Loader does not start automatically. Instead, you must manually start it. For the Remote Loader to start properly, you can use a space character instead of a tab.

Š For more information about names that you can specify for this option, see “Understanding the Names for the Java -class Parameter” on page 155.

-commandport port_number (-cp port_number)

Specifies the TCP/IP port that the driver instance uses for control purposes. For example, -commandport 8001 or -cp 8001. The default value is 8000.

To use multiple driver instances with the Remote Loader on the same server, specify different connection ports and command ports for each instance.

If the driver instance hosts an application shim, the command port is the port on which another instance communicates with the instance that is hosting the shim. If the driver instance sends a command to an instance that is hosting an application shim, the command port is the port on which the hosting instance is listening.

When you send this parameter from the command line to an instance that hosts an application shim, the command port represents the port on which the hosting instance is listening. You can send this command when the Remote Loader is running.

-config filename

Specifies a configuration file for the driver instance. For example:

-config config.txt

The configuration file can contain any command line options except -config. Options specified on the command line override options specified in the configuration file.

You can send this command when the Remote Loader is running.

-connection “parameters” (-conn “parameters”)

Specifies the settings for connecting to the server hosting the Identity Manager engine that runs the Identity Manager remote interface shim. The default connection method is TCP/IP using SSL.

To use multiple driver instances with the Remote Loader on the same server, specify different connection ports and command ports for each instance.

Enter the connection settings in the following syntax:

-connection "parameter parameter parameter"

For example:

-connection "port=8091 fromaddress=198.51.100.0 rootfile=server1.pem keystore=ca.pem localaddress=198.51.100.0 hostname=198.51.100.0 kmo=remote driver cert"

Use the following parameters for the specifying the settings for a TCP/IP connection:

address=IP_address

(Optional) Specifies whether the Remote Loader listens on a particular local IP address.

This is useful if the server hosting the Remote Loader has multiple IP addresses and the Remote Loader must listen on only one of the addresses. The following values are valid:

Š address=address number

Š address='localhost' For example:

address=198.51.100.0

If you do not specify a value, the Remote Loader listens on all local IP addresses.

fromaddress=IP_address

Specifies the server from which the Remote Loader accepts connections. The application ignores connections from other addresses. Specify an IP address or the DNS name of the server. For example:

fromaddress=198.51.100.0

fromaddress=testserver1.company.com handshaketimeout=milliseconds

(Conditional) Applies when handshake timeouts occur with otherwise valid connections from the Identity Manager engine. Specifies the timeout period, in milliseconds, for the handshake between the Remote Loader and the Identity Manager engine. For example:

handshaketimeout=1000

You can specify an integer greater than or equal to zero. Zero means that the connection never times out. The default value is 1000 milliseconds.

hostname=server

Specifies the IP address or name of the server on which the Remote Loader runs. For example:

hostname=198.51.100.0 keystore=filename

(Conditional) Applies when Identity Manager application shims are contained in .jar files.

Specifies the file name of the Java keystore that contains the trusted root certificate of the issuer of the certificate that the remote interface shim uses. For example:

keystore=ca.pem

Usually, you specify the Certificate Authority of the tree that is hosting the remote interface shim.

kmo=name

Specifies the key name of the Key Material Object containing the keys and certificate used for SSL connections. For example:

kmo=remote driver cert localaddress=IP_address

Specifies the IP address to which you want to bind the socket for client connection. For example:

localaddress=198.51.100.0

Configuring the Remote Loader and Drivers 151 port=port_number

Specifies the TCP/IP port on which the Remote Loader listens for connections from the remote interface shim. To specify the default port, enter port=8090.

rootfile=trusted certname

(Conditional) Applies only when you use SSL and you want the Remote Loader to

communicate with a native driver. Specifies the file that contains the trusted root certificate of the issuer of the certificate used by the remote interface shim. The certificate file must be in Base 64 format (PEM). For example:

rootfile=server1.pem

Usually, the file will be the Certificate Authority of the tree that is hosting the remote interface shim.

storepass=password

(Conditional) Applies only to the Java Remote Loader, when Identity Manager application shims are contained in .jar files. Specifies password for the Java keystore that you entered for the keystore parameter. For example:

storepass=mypassword

NOTE: If you use SSL and you want the Remote Loader to communicate with a Java driver, specify a key-value pair, using the following syntax:

keystore=keystorename storepass=password -datadir directory (-dd directory)

Specifies the directory for data files that the Remote Loader uses. For example:

-datadir /var/opt/novell/dirxml/rdxml/data

When you use this command, the rdxml process changes its current directory to the specified directory. Trace files and other files that do not have an explicitly specified path will be created in this data directory.

-help (-h)

Instructs the application to display the Help.

-java (-j)

(Conditional) Specifies that you want to set passwords for a Java driver shim instance.

NOTE: Use this option with the -setpasswords option when you do not also specify a -class value.

-javadebugport port_number (-jdp port_number)

Instructs the instance to enable Java debugging on the specified port. For example:

-javadebugport 8080

Use this command when developing Identity Manager application shims. You can send this command when the Remote Loader is running.

-javaparam parameters (-jp parameters)

Specifies the parameters for the Java environment. Enter the Java environment parameters in the following syntax:

-javaparam parameter -jp parameter

-jp parameter

To specify multiple values for an individual parameter, enclose the parameter in quotation marks.

For example:

-javaparam DHOST_JVM_MAX_HEAP=512M -jp DHOST_JVM_MAX_HEAP=512M

-jp "DHOST_JVM_OPTIONS=-Dfile.encoding=utf-8 -Duser.language=en"

Use the following parameters for setting the Java environment:

In document NetIQ Identity Manager Setup Guide (Page 148-152)
Download now "NetIQ Identity Manager..."

Outline

Related documents