Differences

This shows you the differences between two versions of the page.

--- en:services:general_services:idm:installing_remote_loader_software [2023/02/01 16:33] – [Configuration] skloepp2
+++ en:services:general_services:idm:installing_remote_loader_software [2024/09/05 15:04] (current) – [Overview] ggroesc
@@ Line 8: / Line 8: @@
 </code>
-For system requirements see: [[https://www.netiq.com/documentation/identity-manager-47/pdfdoc/driver_admin/driver_admin.pdf|System requirements P. 15]]
+For system requirements see: [[https://www.netiq.com/documentation/identity-manager-48/system-requirements-identity-manager-48x/data/system-requirements-identity-manager-48x.html|System requirements]]
 =====  Installation on Windows  =====
-Remote loader files: [[https://idm.gwdg.de/RemoteLoader/RemoteLoader4.7WindowsSetup.zip|- download -]]\\
+Remote loader files: [[https://idm.gwdg.de/RemoteLoader/RemoteLoader4.8WindowsSetup.zip|- download -]]\\
-Remote loader SP 4: [[https://idm.gwdg.de/RemoteLoader/RemoteLoader4.7WindowsSP4.zip|- download -]]\\
+Remote loader service pack: [[https://idm.gwdg.de/RemoteLoader/RemoteLoader4.8WindowsSP6.zip|- download -]]\\
 Sectigo-chain: [[https://idm.gwdg.de/RemoteLoader/Sectigo-chain.zip|- download -]]\\
-Documentation remote loader installation (NetIQ) P. 59 ff: [[https://www.netiq.com/documentation/identity-manager-47/pdfdoc/setup_windows/setup_windows.pdf#windowsinstallremoteloader|- link -]]\\
+Documentation remote loader installation (NetIQ) P. 47 ff: [[https://www.netiq.com/documentation/identity-manager-48/pdfdoc/setup_windows/setup_windows.pdf#page=47|- link -]]\\
-PW-Filter installation P 47 ff: [[https://www.netiq.com/documentation/identity-manager-47-drivers/pdfdoc/ad/ad.pdf#page=47|- link -]]
+Documentation remote loader configuration (NetIQ) P. 32 ff: [[https://www.netiq.com/documentation/identity-manager-48/pdfdoc/driver_admin/driver_admin.pdf#b18xta1v|- link -]]\\
+Documentation Creating an Administrative Account (NetIQ) P. 26 ff: [[https://www.netiq.com/documentation/identity-manager-48-drivers/pdfdoc/ad/ad.pdf#page=26|- link -]]\\
+PW-Filter installation P 47 ff: [[https://www.netiq.com/documentation/identity-manager-48-drivers/pdfdoc/ad/ad.pdf#page=47|- link -]]
 ====  Installation  ====
-  *  Download remote loader files
+  * We strongly recommend not to install directly on a domain controller but using a member server of the domain
-  *  Download T-TeleSec-GlobalRoot-Class-2 certificate
+  * Download remote loader files and Remote loader service pack
+  *  Download Sectigo chain
   *  Extract remote loader files and certificate
-  *  Run ''idm_install.exe''
+  *  If necessary unblock extracted files e.g. ''childitem -path C:\Downloads\RemoteLoader4.8Setup -recurse | unblock-file''
-  *  Choose only **Novell Identity Manager Connected System Server (64-bit)**
+  *  Run ''install.exe''
-  *  Ignore licence warning
+     * Recommendation: Do not install directly on a domain controller but on a active directory member server.
-  * Run ''install.bat'' of SP4
+  *  Accept license agreement (can be ignored - is associated with IDENTITY MANAGER server software not the remote loader)
-  * Verify if SP4 is installed. Go to the installation path (Default: C:\Novell\RemoteLoader). Open Preferences of file ''dirxml_remote.exe''. switch to Details Tab. Check if Productversion is 4.7.__4__.0
+  * Run ''IdentityManagerServer\install.exe'' of service pack
+  * How to verify if SP is installed.
+     * Go to the installation path (Default: C:\NetIQ\IDM\RemoteLoader\64bit). Open preferences of file ''dirxml_remote.exe''.
+     * Switch to details tab. Check if productversion is 4.8.__6__.0 where __6__ ist the Number of the downloaded SP.
 ====  Configuration  ====
-  *  Run rlconsole.exe within the installation path **as administrator** (Default: C:\Novell\RemoteLoader)
+  * Run rlconsole.exe within the installation path **as administrator** (Default: C:\NetIQ\IDM\RemoteLoader)
-  *  Click add
+  * Click add
-  *  Add description
+  * Add description
-  *  Choose driver (eg. ADDriver.dll)
+  * Choose driver (eg. ADDriver.dll)
-  *  Choose the IP address where to listen (Default: All)
+  * Choose the IP address where to listen (Default: All)
-  *  Set communication port (Default: 8090)
+  * Set communication port (Default: 8090)
-  *  Set remote loader password (required by GWDG)
+  * Set remote loader password (required by GWDG)
-  *  Set driver object password (required by GWDG)
+    * Requirements: At least 12 character of upper and lower case letters and digits (no special character)
-  *  Activate SSL
+  * Set driver object password (required by GWDG)
-  *  choose path to //Sectigo-chain.b64//
+    * Requirements: At least 12 character of upper and lower case letters and digits (no special character)
-  * Select "run as servcie"
+  * Activate SSL
-  *  Accept (don't start the remote loader service)
+  * Choose path to //Sectigo-chain.b64//
-  * Go to the installation path (Default: C:\Novell\RemoteLoader) and edit the file <instanceName>-Config.txt (maybe you have to open the file as administrator)
+  * Check "Remote Loader-Service für diese Treiber-Instanz erstellen"
-  *  Start the remote loader
+  * Accept (don't start the remote loader service)
+  * Open windows services (services.msc) identify the "DirXML Loader" Service and enter the active directory user as service logon account
-====  Notices  ====
+  * Start the remote loader
-If you are using the Active Directory driver the user who runs the service needs to be in the **local** administrator group.
+====  Active Directory User ====
+  * The user who runs the service has to be in the **local** administrator group (Local Users and Groups -> Groups -> Administrators).
+  * Necessary user right: "Replicating Directory Changes" (**not** Replication Directory Changes All) for all object and all descendant objects for the domain
+    * Domain -> Properties -> Tab Security -> Advanced -> Add
+    * Choose user -> "clear all" -> check  "Replicating Directory Changes"
+  * Necessary user right: "Log on as a service"
+  * Full access for relevant objects in ou/container
+    * Container -> Properties -> Security -> Advanced -> Add -> choose user -> Descendant User objects/Descendant Group objects -> check "Full control"
 =====  Installation on Linux  =====
-The installation on Linux systems differs between certified sytsems (SLES 12, RHEL 7.6, etc. [[https://www.netiq.com/documentation/identity-manager-47/system-requirements-identity-manager-47x/data/system-requirements-identity-manager-47x.html|see ]]) and non-certified systems.
+The installation on Linux systems differs between certified systems (eg SLES 15, RHEL 8, etc. [[https://www.netiq.com/documentation/identity-manager-48/system-requirements-identity-manager-48x/data/system-requirements-identity-manager-48x.html|see ]]) and non-certified systems.
 If you are using a non-certified system eg. Ubuntu the Java remote loader has to  be installed.
 ====  Installation on certified Linux systems  ====
-Remote loader files: [[https://idm.gwdg.de/RemoteLoader/RemoteLoader4.7LinuxSetup.iso|- download -]]\\
+Remote loader files: [[https://idm.gwdg.de/RemoteLoader/RemoteLoader4.8LinuxSetup.zip|- download -]]\\
-Remote loader SP 4: [[https://idm.gwdg.de/RemoteLoader/RemoteLoader4.7LinuxSP4.zip|- download -]]\\
+Remote loader service pack: [[https://idm.gwdg.de/RemoteLoader/RemoteLoader4.8LinuxSP6.zip|- download -]]\\
 Sectigo-chain: [[https://idm.gwdg.de/RemoteLoader/Sectigo-chain.zip|- download -]]\\
-Documentation remote loader installation (NetIQ) P. 35ff: [[https://www.netiq.com/documentation/identity-manager-47/pdfdoc/setup_linux/setup_linux.pdf#installidentitymanagerlinux|- link -]]
+Documentation remote loader installation (NetIQ) P. 65ff: [[https://www.netiq.com/documentation/identity-manager-48/pdfdoc/setup_linux/setup_linux.pdf#installidentitymanagerlinux|- link -]]
 ===  Prerequisites  ===
@@ Line 61: / Line 74: @@
   *  Extract the certificate
-==  CentOS 6  ==
+==  CentOS  ==
 The 32Bit version of glibc has to be installed on x86_64 systems:
 <code>
@@ Line 90: / Line 103: @@
 ====  Installation on **non-certified** Linux systems  ====
-Remote Loader files: [[https://idm.gwdg.de/RemoteLoader/JavaRemoteLoader4.8.5.zip|- download -]]\\
+Remote Loader files: [[https://idm.gwdg.de/RemoteLoader/JavaRemoteLoader4.8.7.zip|- download -]]\\
-Sectigo-chain: [[https://idm.gwdg.de/RemoteLoader/Sectigo-chain.zip|- download -]]\\ Documentation remote loader installation (NetIQ) P. 43ff: [[https://www.netiq.com/documentation/identity-manager-47/pdfdoc/setup_linux/setup_linux.pdf#installlinuxjavaremoteloader|- link -]]
+Sectigo-chain: [[https://idm.gwdg.de/RemoteLoader/Sectigo-chain.zip|- download -]]\\ Documentation remote loader installation (NetIQ) P. 75ff: [[https://www.netiq.com/documentation/identity-manager-48/pdfdoc/setup_linux/setup_linux.pdf#installlinuxjavaremoteloader|- link -]]
 ===  Prerequisites  ===
@@ Line 98: / Line 111: @@
   *  Extract the certificate
   *  JRE Java8u112, at a minimum is required
+    * Java has to be in PATH variable! <code>
+PATH=$PATH:/path/to/java/bin/
+</code>
+  * Apache Log4j is necessary and need to be in the ''CLASSPATH''
 ===  Install Java remote loader  ===
   *  Extract Java remote loader
-  *  Make dirxml_jremote and create_keystore executable
+  *  Make ''dirxml_jremote'' and ''create_keystore'' executable
-====  Configuration  ====
+===  Configuration  ===
-  * Change into installation directory eg. ///opt/novell/dirxml/bin/x86_64///
+  * Change into installation directory eg. ///opt/novell/eDirectory///
-  * Crerate keystore file
+  * Create keystore file <code>./create_keystore Sectigo-chain.b64</code>
-  * <code>./create_keystore Sectigo-chain.b64</code>
+  * Edit dirxml_jremote
-  * Edit dirxml_jremote and replace
+    * Replace the path for the jarlist with the actual installation path <code>jarlist=`ls /opt/novell/eDirectory/lib/dirxml/classes/*.jar`
-  * <code>jarlist=`ls /opt/novell/eDirectory/lib/dirxml/classes/*.jar`</code>
+jarlist=`ls /<installation path>/lib/*.jar`</code>
-  * with
+    * Add core and api jar of log4j to CLASSPATH e.g. <code> CLASSPATH=/usr/share/java/log4j-core.jar:/usr/share/java/log4j-api.jar
-  * <code>jarlist=`ls /<installation path>/lib/*.jar`</code>
+</code>
   *  Add/Edit **config8000.txt**
+     * Example LDAP Konfiguration: <code>
-**Example LDAP Konfiguration**
-<code>
 -commandport 8000
--connection "port=8090 keystore='<installation directory>/dirxml.keystore' storepass=dirxml"
+-connection "port=8090 keystore='<installation path>/dirxml.keystore' storepass=dirxml"
 -trace 4
 -tracefile ./trace8000.log
@@ Line 123: / Line 137: @@
 -class com.novell.nds.dirxml.driver.ldap.LDAPDriverShim
 </code>
-  *  Set remote loader and driver object password (both are required by GWDG):
+  *  Set remote loader and driver object password
-<code>
+    * Both are required by GWDG and need to be set in the complement driver
+    * Password requirements: At least 12 character of upper and lower case letter and digits (**no special character**) <code>
 ./dirxml_jremote -config config8000.txt -sp <remote loader password> <driver object password>
 </code>
-  *  Run the Java remote loader:
+  *  Run the Java remote loader: <code>
-<code>
 ./dirxml_jremote -config config8000.txt
-</code>
-  *  Java has to be in PATH variable!
-<code>
-PATH=$PATH:/path/to/java/bin/
 </code>
@@ Line 140: / Line 150: @@
 <code>
 #!/bin/sh
-INSTDIR=/opt/novell/dirxml/bin/x86_64/
+INSTDIR=/opt/novell/eDirectory
-STAGEDIR=$INSTDIR/stage
 USER=ldap