Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
en:services:general_services:idm:installing_remote_loader_software [2020/01/24 10:33] – [Installation on Linux] skloepp2en:services:general_services:idm:installing_remote_loader_software [2023/12/11 20:18] (current) – [Configuration] ggroesc
Line 1: Line 1:
 +======  Remote loader installation  ======
 +=====  Overview =====
 +The remote loader is used to synchronize data between the meta directory and the connected system (AD, LDAP, MySQL, etc).
 +It is required to open the communication port (default 8090 (TCP) incoming) for the following IP addresses within your firewall:
  
 +<code>
 +134.76.9.64/28
 +</code>
 +
 +For system requirements see: [[https://www.netiq.com/documentation/identity-manager-48/pdfdoc/driver_admin/driver_admin.pdf|System requirements]]
 +
 +=====  Installation on Windows  =====
 +Remote loader files: [[https://idm.gwdg.de/RemoteLoader/RemoteLoader4.8WindowsSetup.zip|- download -]]\\ 
 +Remote loader service pack: [[https://idm.gwdg.de/RemoteLoader/RemoteLoader4.8WindowsSP6.zip|- download -]]\\ 
 +Sectigo-chain: [[https://idm.gwdg.de/RemoteLoader/Sectigo-chain.zip|- download -]]\\ 
 +Documentation remote loader installation (NetIQ) P. 47 ff: [[https://www.netiq.com/documentation/identity-manager-48/pdfdoc/setup_windows/setup_windows.pdf#page=47|- link -]]\\ 
 +Documentation remote loader configuration (NetIQ) P. 32 ff: [[https://www.netiq.com/documentation/identity-manager-48/pdfdoc/driver_admin/driver_admin.pdf#b18xta1v|- link -]]\\ 
 +Documentation Creating an Administrative Account (NetIQ) P. 26 ff: [[https://www.netiq.com/documentation/identity-manager-48-drivers/pdfdoc/ad/ad.pdf#page=26|- link -]]\\ 
 +PW-Filter installation P 47 ff: [[https://www.netiq.com/documentation/identity-manager-48-drivers/pdfdoc/ad/ad.pdf#page=47|- link -]]
 +
 +====  Installation  ====
 +  *  Download remote loader files and Remote loader service pack
 +  *  Download Sectigo chain
 +  *  Extract remote loader files and certificate
 +  *  If necessary unblock extracted files e.g. ''childitem -path C:\Downloads\RemoteLoader4.8Setup -recurse | unblock-file''
 +  *  Run ''install.exe''
 +  *  Accept license agreement (can be ignored - is associated with IDENTITY MANAGER server software not the remote loader)
 +  * Run ''IdentityManagerServer\install.exe'' of service pack 
 +  * How to verify if SP is installed. 
 +    * Go to the installation path (Default: C:\NetIQ\IDM\RemoteLoader\64bit). Open preferences of file ''dirxml_remote.exe''
 +    * Switch to details tab. Check if productversion is 4.8.__6__.0 where __6__ ist the Number of the downloaded SP.
 +
 +====  Configuration  ====
 +  *  Run rlconsole.exe within the installation path **as administrator** (Default: C:\NetIQ\IDM\RemoteLoader)
 +  *  Click add
 +  *  Add description
 +  *  Choose driver (eg. ADDriver.dll)
 +  *  Choose the IP address where to listen (Default: All) 
 +  *  Set communication port (Default: 8090)
 +  *  Set remote loader password (required by GWDG)
 +  *  Set driver object password (required by GWDG)
 +  *  Activate SSL
 +  *  choose path to //Sectigo-chain.b64//
 +  * Select "run as servcie"
 +  *  Accept (don't start the remote loader service)
 +  * Go to the installation path (Default: C:\NetIQ\IDM\RemoteLoader) and edit the file <instanceName>-Config.txt (maybe you have to open the file as administrator)
 +  *  Start the remote loader
 +
 +====  Notices  ====
 +If you are using the Active Directory driver the user who runs the service needs to be in the **local** administrator group.
 +
 +=====  Installation on Linux  =====
 +The installation on Linux systems differs between certified systems (eg SLES 15, RHEL 8, etc. [[https://www.netiq.com/documentation/identity-manager-48/system-requirements-identity-manager-48x/data/system-requirements-identity-manager-48x.html|see ]]) and non-certified systems.
 +If you are using a non-certified system eg. Ubuntu the Java remote loader has to  be installed.
 +
 +====  Installation on certified Linux systems  ====
 +Remote loader files: [[https://idm.gwdg.de/RemoteLoader/RemoteLoader4.8LinuxSetup.zip|- download -]]\\ 
 +Remote loader service pack: [[https://idm.gwdg.de/RemoteLoader/RemoteLoader4.8LinuxSP6.zip|- download -]]\\ 
 +Sectigo-chain: [[https://idm.gwdg.de/RemoteLoader/Sectigo-chain.zip|- download -]]\\ 
 +Documentation remote loader installation (NetIQ) P. 65ff: [[https://www.netiq.com/documentation/identity-manager-48/pdfdoc/setup_linux/setup_linux.pdf#installidentitymanagerlinux|- link -]]
 +
 +===  Prerequisites  ===
 +  *  Download remote loader files
 +  *  Download Sectigo chain certificate
 +  *  Extract the certificate
 +
 +==  CentOS  ==
 +The 32Bit version of glibc has to be installed on x86_64 systems:
 +<code>
 +yum install glibc.i686
 +</code>
 +
 +===  Installation  ===
 +  *  Extract remote loader
 +  *  Edit file  **silent.properties**
 +    *  METADIRECTORY_SERVER_SELECTED=false
 +    *  WEB_ADMIN_SELECTED=false
 +    *  UTILITIES_SELECTED=false
 +    *  Choose remote loader
 +      *  32 Bit
 +        *  CONNECTED_SYSTEM_SELECTED=true
 +        *  X64_CONNECTED_SYSTEM_SELECTED=false
 +      *  64 Bit
 +        *  CONNECTED_SYSTEM_SELECTED=false
 +        *  X64_CONNECTED_SYSTEM_SELECTED=true
 +
 +  *  Run the following commands as root in the setup directory: 
 +<code>
 +chmod -R 755 *
 +./idm_linux.bin -i silent -f silent.properties
 +</code>
 +
 +
 +
 +====  Installation on **non-certified** Linux systems  ====
 +Remote Loader files: [[https://idm.gwdg.de/RemoteLoader/JavaRemoteLoader4.8.7.zip|- download -]]\\ 
 +Sectigo-chain: [[https://idm.gwdg.de/RemoteLoader/Sectigo-chain.zip|- download -]]\\ Documentation remote loader installation (NetIQ) P. 75ff: [[https://www.netiq.com/documentation/identity-manager-48/pdfdoc/setup_linux/setup_linux.pdf#installlinuxjavaremoteloader|- link -]]
 +
 +===  Prerequisites  ===
 +  *  Download remote loader files
 +  *  Download Sectigo chain certificate
 +  *  Extract the certificate
 +  *  JRE Java8u112, at a minimum is required
 +
 +===  Install Java remote loader  ===
 +  *  Extract Java remote loader
 +  *  Make dirxml_jremote and create_keystore executable
 +
 +====  Configuration  ====
 +  * Change into installation directory eg. ///opt/novell/dirxml/bin/x86_64///
 +  * Create keystore file
 +  * <code>./create_keystore Sectigo-chain.b64</code>
 +  * Edit dirxml_jremote and replace
 +  * <code>jarlist=`ls /opt/novell/eDirectory/lib/dirxml/classes/*.jar`</code>
 +  * with
 +  * <code>jarlist=`ls /<installation path>/lib/*.jar`</code>
 +  *  Add/Edit **config8000.txt**
 +
 +
 +**Example LDAP Konfiguration**
 +<code>
 +-commandport 8000
 +-connection "port=8090 keystore='<installation directory>/dirxml.keystore' storepass=dirxml"
 +-trace 4
 +-tracefile ./trace8000.log
 +-tracefilemax 10M
 +-class com.novell.nds.dirxml.driver.ldap.LDAPDriverShim
 +</code>
 +  *  Set remote loader and driver object password (both are required by GWDG):
 +<code>
 +./dirxml_jremote -config config8000.txt -sp <remote loader password> <driver object password>
 +</code>
 +
 +  *  Run the Java remote loader: 
 +<code>
 +./dirxml_jremote -config config8000.txt
 +</code>
 +  *  Java has to be in PATH variable! 
 +<code>
 +PATH=$PATH:/path/to/java/bin/
 +</code>
 +
 +==== Remote loader start script example ====
 +<code>
 +#!/bin/sh
 +INSTDIR=/opt/novell/dirxml/bin/x86_64/
 +STAGEDIR=$INSTDIR/stage
 +USER=ldap
 +
 +export PATH=/usr/local/bin:$PATH
 +
 +cd $INSTDIR
 +
 +case "$1" in
 +
 +  stop)
 +    kill `ps aux | grep '[d]irxml_remote' | awk '{ print $2}'`
 +    ;;
 +
 +  start|*)
 +    echo -n " rloader"
 +    exec > /dev/null 2>&1
 +    touch trace8000.log
 +    chown $USER trace8000.log
 +    su $USER -c "$INSTDIR/dirxml_jremote -config $INSTDIR/config8000.txt &"
 +    ;;
 +
 +esac
 +</code>
 +
 +==== Remote loader unit file example ====
 +  * Requires user: remoteloader and group: remoteloader
 +  * touch trace8000.log && chown remoteloader:remoteloader trace8000.log
 +
 +<code>
 +[Unit]
 +Description=IDM Remote Loader
 +After=docker.service
 +
 +[Service]
 +Type=simple
 +ExecStart=/opt/novell/remoteloader/dirxml_jremote -config config8000.txt
 +WorkingDirectory=/opt/novell/remoteloader
 +User=remoteloader
 +Group=remoteloader
 +Restart=on-failure
 +
 +[Install]
 +WantedBy=multi-user.target
 +</code>
 +
 +==== Univention Corporate Server ====
 +Import Univention CA to Keystore to allow self signed LDAP certificate
 +**LDAP Certificate must also be available in Keystore**
 +<code>
 +keytool -import -trustcacerts -alias univention-ca -file /opt/idm/univention-ca.pem -keystore dirxml.keystore
 +keytool -import -trustcacerts -alias ldap -file /opt/idm/ldap.pem -keystore dirxml.keystore
 +</code>