Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
devel:documentation:systems:dev:remote-connector [2019/10/17 10:46] urbanl |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Remote connector server ====== | ||
- | {{tag> system connector configuration }} | ||
- | ===== Why use remote connector server? ===== | ||
- | System CzechIdM has available only certain types of connectors. If we want to use another connectors, such as **Active Directory** or **Google Apps**, we need to use a remote connector server with other connectors. | ||
- | |||
- | ===== How does a remote connector server works in CzechIdM? ===== | ||
- | The remote server connector configuration form behaves just like the local connector form - this means that definition is stored in the EAV attributes for system which it belongs. As a key to EAV attributes are used the system name, connector name, and connector version. Therefore, it is possible to have multiple connectors with different version on the remote connector server. | ||
- | |||
- | |||
- | ===== Connector server setup ===== | ||
- | Download connector-server. | ||
- | |||
- | If you have access to BCV connector server git, download prepared bundle and continue with the next step. | ||
- | |||
- | BCV connector-server git location: https:// | ||
- | |||
- | If you don't have this access download it from [[https:// | ||
- | |||
- | |||
- | Next you will need to add these libraries into **lib directory** of the connector server: | ||
- | |||
- | * jackson-annotations-2.9.8 | ||
- | * jackson-core-2.9.8 | ||
- | * jackson-databind-2.9.8 | ||
- | |||
- | You will probably need to add these libs into classpath in ConnectorServer.sh(linux) or ConnectorServer.bat(windows). | ||
- | |||
- | ==== Remote connector server configuration ==== | ||
- | |||
- | Create new user under which the connector server will be started and give him ownership of connector-server directory. | ||
- | < | ||
- | useradd connector-server | ||
- | chown -R connector-server: | ||
- | </ | ||
- | |||
- | |||
- | To configure settings (such as log, port...) will be found at configurations file: conf/ | ||
- | |||
- | * To directory " | ||
- | * To directory " | ||
- | * In default scripts will look to " | ||
- | |||
- | If you will add AD connector you also need create connector server truststore. | ||
- | Create truststore in "" | ||
- | < | ||
- | openssl genrsa -out fakecert.key | ||
- | openssl req -new -key fakecert.key -out fakecert.csr -subj "/ | ||
- | openssl x509 -req -in fakecert.csr -signkey fakecert.key -days 1 -sha256 -out fakecert.crt | ||
- | keytool -importcert -file fakecert.crt -alias placeholder-cert -keystore truststore.jks | ||
- | Enter keystore password: | ||
- | Re-enter new password: | ||
- | ... | ||
- | Trust this certificate? | ||
- | Certificate was added to keystore | ||
- | |||
- | rm fakecert.key fakecert.csr fakecert.crt | ||
- | chmod 644 truststore.jks | ||
- | chown connector-server: | ||
- | </ | ||
- | |||
- | Add truststore to start scripts: | ||
- | Add this java property to java start options in " | ||
- | < | ||
- | -Djavax.net.ssl.trustStore=/ | ||
- | </ | ||
- | or add this to service installation in „bin\ConnectorServer.bat“(windows) | ||
- | < | ||
- | " | ||
- | </ | ||
- | |||
- | ==== Start remote connector server - Linux ==== | ||
- | All commands execute in root folder of remote connector server. | ||
- | |||
- | |||
- | Next it's good to setup new password for connector server. This password will IdM use to connect to connector-server. | ||
- | < | ||
- | ./ | ||
- | </ | ||
- | |||
- | |||
- | Create service file for connector-server. Content of the file, change path according where you have your connector server | ||
- | / | ||
- | < | ||
- | |||
- | [Unit] | ||
- | Description=Java Connector Server Service | ||
- | [Service] | ||
- | User=connector-server | ||
- | WorkingDirectory=/ | ||
- | ExecStart=/ | ||
- | SuccessExitStatus=143 | ||
- | [Install] | ||
- | WantedBy=multi-user.target | ||
- | </ | ||
- | |||
- | Reload, enable and start deamon. To control service use " | ||
- | < | ||
- | systemctl daemon-reload | ||
- | systemctl enable java-connector-server | ||
- | systemctl start java-connector-server | ||
- | </ | ||
- | |||
- | ==== Start remote connector - Windows ==== | ||
- | All commands execute in root folder of remote connector server. | ||
- | |||
- | Start CMD under system admid. Then go to connector-server root directory. | ||
- | |||
- | < | ||
- | cd C: | ||
- | bin\ConnectorServer.bat /setkey | ||
- | bin\ConnectorServer.bat /install connector_server | ||
- | </ | ||
- | |||
- | Then start service in " | ||
- | If connector_server service started correctly set this service to automatic start. | ||
- | |||
- | |||
- | |||
- | ===== How to set up a remote connector server? ===== | ||
- | On the system tab we will create a new system. In the detail of this system, check option **"Use remote connector server" | ||
- | |||
- | |||
- | After saving all the necessary information to the remote connector of the server, we will go to the **" | ||
- | The functionality of the remote connector server can be verified as well as the functionality of the local connector - using the **" |