Usage Information for the DirXML™ Java Remote Loader on Unix

Contents

Overview

The DirXML Java Remote Loader is used to host a Java DirXML application shim or to control another instance of the remote loader that is hosting a DirXML application shim.

The DirXML Java Remote Loader is a pure Java application. It should be able to run on any system with a compatible JRE (1.4.0 minimum; 1.4.2 or higher recommended) and Java Sockets.

Communication between a shim-hosting instance and the command line instance being used to control the shim-hosting instance is through a TCP/IP port. This is referred to as the command port. Another TCP/IP port is used for communication with the DirXML engine, via the remote interface shim.

The remote loader will only load the DirXML application shim when the remote loader is in communication with the remote interface shim on the DirXML server. This means, for example, that the application shim will be shut down if the remote loader loses communication with the DirXML server.

Command Line Options and Parameters

Command line options are used with the DirXML remote loader for three purposes. One class of command line options specifies various parameters for a remote loader instance that is hosting a DirXML application shim. These options include specifying the shim class name, the connection parameters used for communicating with the remote interface shim on the DirXML server, initial trace level, etc.

Another class of command line options is used to send commands to a remote loader instance that is hosting a DirXML application shim. These options include changing the trace level and unloading the remote loader.

The last class of command line options is used for certain configuration purposes. These options include setting the passwords used to secure the communications between the DirXML server and the remote loader.

Option

Secondary Name

Parameter

Description

-class -cl Java class name Specifies the Java class name of the DirXML application shim that is to be hosted.

Example:

-class com.novell.nds.dirxml.driver.delimitedtext.DelimitedTextDriver

-cl com.novell.nds.dirxml.driver.delimitedtext.DelimitedTextDriver

-commandport -cp port number Specifies the TCP/IP port that the remote loader instance will use for control purposes.

If the remote loader instance is hosting an application shim the command port is the port on which another remote loader instance will communicate with the instance hosting the shim.

If the remote loader instance is sending a command to an instance that is hosting an application shim the command port is the port on which the hosting instance is listening.

If not specified the default command port is 8000.

Multiple instances of the remote loader can be run on the same server hosting different driver instances by specifying different connection ports and command ports.

Example:

-commandport 8001

-cp 8001

-config   filename Specifies a configuration file. The configuration file can contain any command line options except config. Options specified on the command line override options specified in the configuration file.

Example:

-config config8000.txt

-connection -conn connection configuration string The connection configuration string specifies the connection parameters for the connection to the DirXML server running the DirXML remote interface shim.

The default connection method for the remote loader is TCP/IP using SSL. The default TCP/IP port for this connection is 8090.

Multiple instances of the remote loader can be run on the same server. Each instance of the remote loader hosts a separate DirXML application shim instance. Multiple instances of the remote loader are differentiated by specifying different connection ports and command ports for each remote loader instance.

Example:

-connection "port=8091 keystore=server1.keystore storepass=dirxml"

-conn "port=8091 keystore=server1.keystore storepass=dirxml"

-password -p password Specifies the password for command authentication. This password must be the same as the first password specified with setpasswords for the loader instance being commanded.

If a command option (unload, tracechange, etc.) is specified and the password option is not specified the user will be prompted to enter the password for the loader that is the target of the command.

Example:

-password novell4

-p novell4

-setpasswords -sp password password Specifies the password for the remote loader instance and the password of the DirXML-Driver object of the remote interface shim with which the remote loader will communicate.

The first password in the argument is the password for the remote loader. The second password in the argument is the password for the DirXML-Driver object associated with the remote interface shim on the DirXML server.

Both passwords must be specified.

This is a configuration option. Using this option configures the remote loader instance with the passwords specified but does not load a DirXML application shim or communicate with another loader instance.

Example:

-setpasswords novell4 fishlips3

-sp novell4 fishlips3

-trace -t integer Specifies the trace level. This is only used when hosting an application shim.

Trace levels correspond to those used on the DirXML server.

Example:

-trace 3

-t 3

-tracechange -tc integer Command a remote loader instance that is hosting an application shim to change its trace level.

Trace levels correspond to those used on the DirXML server.

Example:

-tracechange 1

-tc 1

-tracefile -tf filename Specifies a file to which to write trace messages. Trace messages will be written to the file if the trace level is greater than zero.

Example:

-tracefile ./trace8000.log

-tf ./trace8000.log

-tracefilechange -tfc None, or filename Command a remote loader instance that is hosting an application shim to start using a trace file, or to close one already in use and use a new one.

Using the no-argument version of this option will cause the hosting instance to close any trace file being used.

Example:

-tracefilechange ./newtrace.log

-tfc ./newtrace.log

-tracefilemax -tfm size Specify the approximate maximum size that trace file data may occupy on disk. If this option is specified there will be a trace file with the name specified using the tracefile option and up to 9 additional "roll-over" files. The roll-over files are named using the base of the main trace filename plus "_n" where n is 1 through 9.

The size parameter is the number of bytes, and may be specified using the suffixes 'K', 'M', or 'G' for kilobytes, megabytes, or gigabytes, respectively.

Note that if the trace file data is larger than the specified maximum when the remote loader is started then the trace file data will remain larger than the specified maximum until roll-over is completed through all 10 files.

Example:

-tracefilemax 25M

-tfm 25M

-unload -u None Unload (stop) the remote loader instance.

Example:

-unload

-u

Connection Parameters

Connection parameters are specified using the connection command line option.

The DirXML Remote loader allows for custom connection methods between the remote loader and the remote interface shim that is hosted on the DirXML server. The default connection method is TCP/IP using SSL and is what is discussed in this section. Refer to the documentation that comes with the custom connection module for information regarding what is expected and allowed in the connection string for a custom connection module.

The remote loader opens a server socket and listens for connections from the remote interface shim. When the remote interface shim connects to the remote loader an SSL handshake is performed to establish a secure channel. Once a secure channel has been established the remote interface shim authenticates to the remote loader. If the authentication of the remote interface shim succeeds then the remote loader authenticates to the remote interface shim. Only when both sides are satisfied that they are communicating with an authorized entity does synchronization traffic occur.

The following section details the argument names and parameters for the TCP/IP connection method.

TCP/IP with SSL Connection Parameters

Option

Parameter

Description

address IP address Specifies that the remote loader will listen on a particular local IP address. This is useful if the server hosting the remote loader has multiple IP addresses and the remote loader must listen on only one of the addresses. If address is not specified the remote loader will listen on all local IP addresses.

Example:

address=137.65.134.83

keystore keystore Specifies the filename of the Java keystore that contains the trusted root certificate of the issuer of the certificate used by the remote interface shim. This will typically be the Certificate Authority of the eDirectory tree that is hosting the remote interface shim.

Example:

keystore=my.keystore

port decimal port number Specifies the TCP/IP port on which the remote loader will listen for connections from the remote interface shim.

Example:

port=8090

storepass keystore password Specifies the password for the Java keystore specified by the keystore parameter.

Example:

storepass=mypassword

Configuring a DirXML Application Shim for the Remote Loader

There are a few additional steps involved in setting up a DirXML application shim for use with the remote loader in addition to the normal procedure for setting up a DirXML application shim.

Using ConsoleOne (with the DirXML 1.x snapins):

Install a preconfigured driver file for the application shim

This is performed in the usual fashion using the ConsoleOne Create a new Application Driver... wizard.

Configure the driver for use with the remote loader

  1. If SSL is to be used for communication between the DirXML server and the Java remote loader: Create a Key Material Object (KMO) in the same container as the server object representing the server that is hosting the DirXML engine. Use all default parameters for the KMO.
  2. Open the DirXML-Driver object's Properties dialog.
  3. Select the Driver Module tab. Change the radio button from "Java" to "Connect to Remote Loader".
  4. Select the Driver Object Password tab. Enter a password. This password will be used by the remote loader to authenticate itself to the remote interface shim.
  5. Select the Authentication tab.
  6. Enter the password for the remote loader. This password is used by the remote interface shim to authenticate itself to the remote loader.
  7. Enter the communications parameters for the remote loader. This is a series of "name=value" pairs. The following are supported:

    Option

    Parameter

    Description

    hostname host name or ip address Specifies the address or name of the machine on which the remote loader will run.

    Example:

    hostname=192.168.0.1

    kmo Key Name Specifies the Key Name of the Key Material Object containing the keys and certificate used for SSL.

    Example:

    kmo='remote driver cert'

    port TCP port number Specifies the port on which the remote loader will accept connections from the remote interface shim.

    Example:

    port=8090


    An example of communication parameters is: hostname=192.168.0.1 port=8090 kmo=remotecert

Install the remote loader on the remote machine

  1. Using the dirxml_1.1a_jremote.tar file install the Java remote loader on the target machine.
  2. Copy the .jar file(s) containing the DirXML application shim onto the target machine.

Configure the remote loader

  1. If SSL is to be used for communication between the DirXML server and the Java remote loader:
  2. Edit the sample configuration file (config8000.txt) and specify the desired properties. In particular, specify the class name of the driver to be run, the connection parameters, and the command port.
  3. If SSL is to be used for communication betweeen the DirXML server and the Java remote loader add the "keystore" and "storepass" values reported by the create_keystore script to the connection string.

Run the remote loader

  1. Start the Java remote loader. For example:

    dirxml_jremote -config config8000.txt

  2. Start the remote interface shim using ConsoleOne or iManager.
  3. Confirm that the remote loader is operating properly.
  4. Stop the remote loader if desired. For example:

    dirxml_jremote -config config8000.txt -u

Copyright Information

This software is Copyright © 2001-2003 Novell Inc. (http://www.novell.com) All rights reserved.

This product includes code licensed from RSA Data Security.

Novell, Inc. assumes no liability for any data loss or other damage resulting from the use of this software.