Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
en:services:general_services:idm:installing_remote_loader_software [2023/09/15 09:09] – [Installation] ggroescen:services:general_services:idm:installing_remote_loader_software [2024/05/28 10:04] (current) – [Active Directory User] ggroesc
Line 20: Line 20:
  
 ====  Installation  ==== ====  Installation  ====
-  *  Download remote loader files +  *  Download remote loader files and Remote loader service pack 
-  *  Download T-TeleSec-GlobalRoot-Class-2 certificate+  *  Download Sectigo chain
   *  Extract remote loader files and certificate   *  Extract remote loader files and certificate
   *  If necessary unblock extracted files e.g. ''childitem -path C:\Downloads\RemoteLoader4.8Setup -recurse | unblock-file''   *  If necessary unblock extracted files e.g. ''childitem -path C:\Downloads\RemoteLoader4.8Setup -recurse | unblock-file''
   *  Run ''install.exe''   *  Run ''install.exe''
 +     * Recommendation: Do not install directly on a domain controller but on a active directory member server.
   *  Accept license agreement (can be ignored - is associated with IDENTITY MANAGER server software not the remote loader)   *  Accept license agreement (can be ignored - is associated with IDENTITY MANAGER server software not the remote loader)
-  * Run ''IdentityManagerServer\install.bat'' of service pack +  * Run ''IdentityManagerServer\install.exe'' of service pack 
   * How to verify if SP is installed.    * How to verify if SP is installed. 
-    * Go to the installation path (Default: C:\NetIQ\IDM\RemoteLoader\64bit). Open preferences of file ''dirxml_remote.exe''.  +     * Go to the installation path (Default: C:\NetIQ\IDM\RemoteLoader\64bit). Open preferences of file ''dirxml_remote.exe''.  
-    * Switch to details tab. Check if productversion is 4.8.__6__.0 where __6__ ist the Number of the downloaded SP.+     * Switch to details tab. Check if productversion is 4.8.__6__.0 where __6__ ist the Number of the downloaded SP.
  
 ====  Configuration  ==== ====  Configuration  ====
-  *  Run rlconsole.exe within the installation path **as administrator** (Default: C:\Novell\RemoteLoader) +  * Run rlconsole.exe within the installation path **as administrator** (Default: C:\NetIQ\IDM\RemoteLoader) 
-  *  Click add +  * Click add 
-  *  Add description +  * Add description 
-  *  Choose driver (eg. ADDriver.dll) +  * Choose driver (eg. ADDriver.dll) 
-  *  Choose the IP address where to listen (Default: All)  +  * Choose the IP address where to listen (Default: All)  
-  *  Set communication port (Default: 8090) +  * Set communication port (Default: 8090) 
-  *  Set remote loader password (required by GWDG) +  * Set remote loader password (required by GWDG
-  *  Set driver object password (required by GWDG) +    * Requirements: At least 12 character of upper and lower case letters and digits (no special character
-  *  Activate SSL +  * Set driver object password (required by GWDG
-  *  choose path to //Sectigo-chain.b64// +    * Requirements: At least 12 character of upper and lower case letters and digits (no special character
-  * Select "run as servcie+  * Activate SSL 
-  *  Accept (don't start the remote loader service) +  * Choose path to //Sectigo-chain.b64// 
-  * Go to the installation path (Default: C:\Novell\RemoteLoader) and edit the file <instanceName>-Config.txt (maybe you have to open the file as administrator) +  * Check "Remote Loader-Service für diese Treiber-Instanz erstellen
-  *  Start the remote loader +  * Accept (don't start the remote loader service) 
- +  * Open windows services (services.mscidentify the "DirXML Loader" Service and enter the active directory user as service logon account 
-====  Notices  ==== +  * Start the remote loader
-If you are using the Active Directory driver the user who runs the service needs to be in the **local** administrator group.+
  
 +====  Active Directory User ====
 +  * The user who runs the service has to be in the **local** administrator group (Local Users and Groups -> Groups -> Administrators).
 +  * Necessary user right: "Replicating Directory Changes" (**not** Replication Directory Changes All) for all object and all descendant objects for the domain
 +    * Domain -> Properties -> Tab Security -> Advanced -> Add
 +    * Choose user -> "clear all" -> check  "Replicating Directory Changes"
 +  * Necessary user right: "Log on as a service"
 +  * Full access for relevant objects in ou/container
 +    * Container -> Properties -> Security -> Advanced -> Add -> choose user -> Descendant User objects/Descendant Group objects -> check "Full control"
 =====  Installation on Linux  ===== =====  Installation on Linux  =====
 The installation on Linux systems differs between certified systems (eg SLES 15, RHEL 8, etc. [[https://www.netiq.com/documentation/identity-manager-48/system-requirements-identity-manager-48x/data/system-requirements-identity-manager-48x.html|see ]]) and non-certified systems. The installation on Linux systems differs between certified systems (eg SLES 15, RHEL 8, etc. [[https://www.netiq.com/documentation/identity-manager-48/system-requirements-identity-manager-48x/data/system-requirements-identity-manager-48x.html|see ]]) and non-certified systems.