This will make kdump act in a manner similar to the older netdump mechanism: the capture environment will go up to runlevel 3 (where network connectivity is enabled) and will use the secure copy command scp to transfer the kernel core dump to a separate system.
2. for SLES11
add the network device to be used to the variable: KDUMP_NETCONFIG in /etc/sysconfig/kdump.
In order to automatically set up a network device, pass the option “auto”. This is also the default.
For a custom setup, pass a string that contains the network device and the mode (dhcp,static), separated by
a colon, for example: “eth0:static” or “eth1:dhcp”.
If you use “static”, you have to set the IP address with ip=ipspec. ipspec is <client>:<server>:<gateway>:<netmask>:<hostname>:<device>:<proto>
as boot parameter. See mkinitrd(8) for details.
Pass the dumping method and the destination directory to the parameter: KDUMP_SAVEDIR in /etc/sysconfig/kdump
Supported methods are:
FTP, for example “ftp://user:password@host/var/log/dump”
SSH, for example “ssh://user:password@host/var/log/dump”
NFS, for example “nfs://server/export/var/log/dump”
CIFS (SMB) , for example “cifs://user:password@host/share/var/log/dump”
See also: kdump(5) which contains an exact specification for the URL format.
The existing Windows Firewall configuration prevents the remote loader from receiving any password changes as captured by the PWFilter.dll on other Domain Controllers within the domain. To solve this problem, do the following:
On the Windows Server firewall, (required only on the server which hosts the Active Directory Remote Loader) add the following rules:
— Inbound Rules —
Name Group Profile Enabled Action Override Program Local Address Remote Address Protocol Local Port Remote Port Allowed Users Allowed Computers.
dirxml port 8090 IN Domain Yes Allow No Any Any Any TCP 8090 Any Any Any
dirxml process dirxml_remote.exe IN Domain Yes Allow No %SystemDrive%NovellRemoteLoaderdirxml_remote.exe Any Any Any Any Any Any Any
NOTE: The port number should be the port number specified on the Remote Loader configuration. So instead of 8090, it will be whatever you specified in the configuration.
No specific Outbound Rules are needed.
The rules can be given any name.
They rules must be assigned to at least the Domain profile.
If using the 64 bit remote loader, the path differs: %SystemDrive%NovellRemoteLoader64bitdirxml_remote.exe
The rules can be also added from the command line using the following commands, modifying the port and path as applicable:
netsh advfirewall netsh advfirewall firewall add rule name="dirxml port 8090" dir=in action=allow enable=yes profile=domain protocol=TCP localport=80
netsh advfirewall firewall add rule name="dirxml process dirxml_remote.exe" dir=in action=allow program="%SystemDrive%NovellRemoteLoaderdirxml_remote.exe" enable=yes profile=domain
1. Will Micro Focus release updates for Oracle JDK 8 or JDK 11 for Identity Manager?
Answer: No, Identity Manager will be distributing the Azul Open JDK moving forward. Any improvements, fixes and security concerns will be addressed based on the Azul Open JDK.
2. What if you are using an older version of Java (release prior to January 2019) in Identity Manager? Will you be responsible for any additional license fees?
Answer: No. Only newer updates specific to Oracles JDK that are post January 2019 require and licensing. Further, the vendor that redistributes the Oracle JDK is responsible for the licensing. If you are using a version of Oracle JDK prior to January 2019, no additional licensing is required
The parameter to configure the SSL between the Remote Loader andthe Engine is then added to the end of this as follows:
hostname=ipAddressOrDNSNameOfServerport=8090 kmo=’Certificate Short Name’
In this example the name of the certificate (an object of class’NDSPKI:Key Material’) associated with the server hosting the IDM(Identity Manager) engine is ‘Certificate Short Name’ and must be wrapped accordinglyin single quotation marks. The full name of the certificateas shown in iManager or ConsoleOne would look something like thefollowing:
Certificate Short Name -serverName
Via LDAP it may have looked like the following:
cn=Certificate Short Name -serverName,dc=servername,dc=server,dc=system
Keep in mind that only the short name of the certificate is used inthe Key Material Object (KMO) parameter within the driver configuration. On theRemote Loader side the exported trusted root certificate from thiscertificate or the self-signed certificate from the tree CA shouldbe imported per the Novell Identity Manager documentation.