Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
devel:documentation:systems:dev:remote-connector [2019/10/17 10:46]
urbanl
— (current)
Line 1: Line 1:
-====== Remote connector server ====== 
-{{tag> system connector configuration }} 
  
-===== Why use remote connector server? ===== 
-System CzechIdM has available only certain types of connectors. If we want to use another connectors, such as **Active Directory** or **Google Apps**, we need to use a remote connector server with other connectors. 
- 
-===== How does a remote connector server works in CzechIdM? ===== 
-The remote server connector configuration form behaves just like the local connector form - this means that definition is stored in the EAV attributes for system which it belongs. As a key to EAV attributes are used the system name, connector name, and connector version. Therefore, it is possible to have multiple connectors with different version on the remote connector server. 
- 
- 
-===== Connector server setup ===== 
-Download connector-server. 
- 
-If you have access to BCV connector server git, download prepared bundle and continue with the next step. 
- 
-BCV connector-server git location: https://git.bcvsolutions.eu/modules/connector-server 
- 
-If you don't have this access download it from [[https://connid.atlassian.net/wiki/spaces/BASE/pages/360458/Downloads#Downloads-JavaConnectorServer |from connid]] . Now is recommended **use version  1.4.5.1** of remote connector server and with connector-framework **1.4.3.0** .  
- 
- 
- Next you will need to add these libraries into **lib directory** of the connector server: 
- 
-  * jackson-annotations-2.9.8 
-  * jackson-core-2.9.8 
-  * jackson-databind-2.9.8 
- 
-You will probably need to add these libs into classpath in ConnectorServer.sh(linux) or ConnectorServer.bat(windows). 
- 
-==== Remote connector server configuration ==== 
- 
-Create new user under which the connector server will be started and give him ownership of connector-server directory. 
-<code> 
-useradd connector-server 
-chown -R connector-server:connector-server /opt/connid-connector-server 
-</code> 
- 
- 
-To configure settings (such as log, port...) will be found at configurations file: conf/connectorserver.properties 
- 
-* To directory "bundles" add .jar connectors. 
-* To directory "scripts" add scripts which IdM will use. 
-* In default scripts will look to "cert" directory for certificates. 
- 
-If you will add AD connector you also need create connector server truststore. 
-Create truststore in "". On windows use gitbash. 
-<code> 
-openssl genrsa -out fakecert.key 
-openssl req -new -key fakecert.key -out fakecert.csr -subj "/C=CZ/ST=Czech Republic/L=Prague/O=BCV/CN=Connector placeholder cert" 
-openssl x509 -req -in fakecert.csr -signkey fakecert.key -days 1 -sha256 -out fakecert.crt 
-keytool -importcert -file fakecert.crt -alias placeholder-cert -keystore truststore.jks 
-    Enter keystore password:  ENTER SOME PASSWORD HERE AND REMEMBER IT FOR LATER 
-    Re-enter new password: 
-    ... 
-    Trust this certificate? [no]:  yes 
-    Certificate was added to keystore 
- 
-rm fakecert.key fakecert.csr fakecert.crt 
-chmod 644 truststore.jks 
-chown connector-server:connector-server truststore.jks 
-</code> 
- 
-Add truststore to start scripts: 
-Add this java property to java start options in "bin/ConnectorServer.sh"(linux) 
-<code> 
--Djavax.net.ssl.trustStore=/opt/cconnid-connector-server/conf/truststore.jks -Djavax.net.ssl.trustStorePassword=TODO_PASSWORD 
-</code> 
- or add this to service installation in „bin\ConnectorServer.bat“(windows) 
-<code> 
-"-Djavax.net.ssl.trustStore=C:\connid-connector-server\conf\truststore.jks";"-Djavax.net.ssl.trustStorePassword=TODO_PASSWORD" 
-</code> 
- 
-==== Start remote connector server - Linux ==== 
-All commands execute in root folder of remote connector server. 
- 
- 
-Next it's good to setup new password for connector server. This password will IdM use to connect to connector-server. 
-<code> 
-./bin/ConnectorServer.sh -setKey -key yourKey -properties conf/connectorserver.properties 
-</code> 
- 
- 
-Create service file for connector-server. Content of the file, change path according where you have your connector server 
-/etc/systemd/system/java-connector-server.service 
-<code> 
- 
-[Unit] 
-Description=Java Connector Server Service 
-[Service] 
-User=connector-server 
-WorkingDirectory=/opt/connid-connector-server 
-ExecStart=/bin/bash /opt/connid-connector-server/bin/ConnectorServer.sh -run -properties /opt/connid-connector-server/conf/connectorserver.properties 
-SuccessExitStatus=143 
-[Install] 
-WantedBy=multi-user.target 
-</code> 
- 
-Reload, enable and start deamon. To control service use "systemctl start/stop/status java-connector-server". 
-<code> 
-systemctl daemon-reload 
-systemctl enable java-connector-server 
-systemctl start java-connector-server 
-</code> 
- 
-==== Start remote connector - Windows ==== 
-All commands execute in root folder of remote connector server. 
- 
-Start CMD under system admid. Then go to connector-server root directory.  Setup connector-server key and install windows service(connector_server). 
- 
-<code> 
-cd C:\connid-connector-server 
-bin\ConnectorServer.bat /setkey 
-bin\ConnectorServer.bat /install connector_server 
-</code> 
- 
-Then start service in "services.msc". 
-If connector_server service started correctly set this service to automatic start. 
- 
- 
- 
-===== How to set up a remote connector server? ===== 
-On the system tab we will create a new system. In the detail of this system, check option **"Use remote connector server"** and fill everything form field that system needed to connect to the remote system. For connection it is necessary to fill the host and port on which the connector is available on remote server. If server is secured by password you will need fill the password for connect to remote connector server. Password for connect will be stored in local confidential storage. 
- 
- 
-After saving all the necessary information to the remote connector of the server, we will go to the **"Configurations"** tab. From now will be available only connectors on the remote connector server. 
-The functionality of the remote connector server can be verified as well as the functionality of the local connector - using the **"Test connector"**. 
  • by urbanl