A few questions about OpenIam and connectors

Installation
1

Hi all,

I am currently testing CE version of OpenIAM with the RPM installation.

  1. Where can I download the connectors the following connectors?:
    AD Powershell CONNECTOR
    MSSQL PowerShell Connector
    Generic PowerShell Connector
    JDBC Connector
    PostgreSQL Connector
    WinLocal PowerShell Connector
    Linux CONNECTOR

  2. What is the main difference between the Generic PowerShell Connector and the WinLocal PowerShell Connector? I have the feeling that the Generic Powershell can do the same as the winlocal (Unfunded feelings :slight_smile: )

  3. Can I use the linux powershell with the linux connector?

  4. When I try to access the Kibani dashboard and the RabbitMQ admin portal in both cases I get a 404 error. With the openiam-cli init I used the default values. Did I mess something up with the configuration?

Thanks you for your reply.

With kind regards,

Martin

2

Hello Martin,

I’d be happy to help. For questions #1 and #4, could you let me know which version of OpenIAM you are currently using? I can then provide the direct links to the connectors and help you troubleshoot the 404 error. I will also have answers for your other questions shortly.

Thanks.

3

Hi Ameet,

Thank you for your reply. I think one of my problems was that I used almalinux 9.5 which gave some compatibility issues. One of the things was that that the rabbitmq port was not active on the server.
I’m now installing centos 9.

I tried both the
https://download.openiam.com/release/enterprise/4.2.1.16/rpm/openiam-4.2.1.16.noarch.x86_64.rpm --output openiam-4.2.X.noarch.x86_64.rpm
and the

https://download.openiam.com/release/enterprise/4.2.1.15/rpm/openiam-4.2.1.16.noarch.x86_64.rpm --output openiam-4.2.X.noarch.x86_64.rpm

I will use the version you recommend.

As far as my setup / intentions with OpenIAM.
I will use a source AD which is connected OpenIAM and based on the chooses it will replicate to 1 or more different ADs and later also replicate users / groups to applications like sftp and Nextcloud

With kind regards,

Martin

4

Hello Martin,

Generic PowerShell vs WinLocal PowerShell Connector:

The WinLocal PowerShell Connector is a pre-built, out-of-the-box connector designed specifically for managing local users and groups on Windows servers that are not domain-joined. It comes with predefined functionality and requires minimal configuration.

The Generic PowerShell Connector is a configurable connector template where custom PowerShell scripts can be implemented based on specific requirements. OpenIAM handles the underlying connector operations such as communication, task execution, and logging, while the actual provisioning logic is defined through scripts.

While it is technically possible to achieve similar functionality as WinLocal using the Generic PowerShell Connector, this would require custom scripting and ongoing maintenance.

Recommendation:

Use WinLocal Connector for standard Windows local account management (simpler and faster to implement)

Use the Generic PowerShell Connector when a pre-built connector is not available or when custom provisioning logic is required.

The Linux connector is a standard OpenIAM connector that runs as part of the connector framework and executes provisioning using SSH and bash scripts on the target Linux system.

The Linux connector does not natively execute PowerShell scripts.

I have added the connector links below:

AD Powershell: https://download.openiam.com/release/enterprise/4.2.1.16/connectors/connector_AD_v5.exe

MS SQL: https://download.openiam.com/release/enterprise/4.2.1.16/connectors/connector_MSSQL_v5.exe

Generic: https://download.openiam.com/release/enterprise/4.2.1.16/connectors/connector_Generic_v5.exe

JDBC: https://download.openiam.com/release/enterprise/4.2.1.16/connectors/jdbc-connector-rabbitmq.jar

PostgreSQL: https://download.openiam.com/release/enterprise/4.2.1.16/connectors/postgresql-connector-rabbitmq.jar

WinLocal: https://download.openiam.com/release/enterprise/4.2.1.16/connectors/connector_WinLocal_v5.exe

Linux: https://download.openiam.com/release/enterprise/4.2.1.16/connectors/linux-connector-rabbitmq.jar

Please let us know if you have any other questions.

Thanks,

Ameet

5

Hi Ameet,

Thank you for your reponse, I do have one question.
With the default installation of openIAM RabbitMQ only listens on ipv6 and not ipv4 as shown in the output below
[root@openiam ~]# lsof -n -i4TCP:5672 | grep LISTEN
[root@openiam ~]# lsof -n -i6TCP:5672 | grep LISTEN
beam.smp 1194 rabbitmq 85u IPv6 23061 0t0 TCP *:amqp (LISTEN)
[root@openiam ~]#

How can I make RabbitMQ listen on ipv4 so I can connect my connectos?

Gr Martin

6

Hello Martin,

To enable IPv4 listening, RabbitMQ needs to be explicitly configured to bind to an IPv4 interface. Please follow the steps below:

  1. Update the RabbitMQ configuration file:

    /etc/rabbitmq/rabbitmq.conf

  2. Add the following line:

    listeners.tcp.1 = 0.0.0.0:5672

    This will allow RabbitMQ to listen on all IPv4 interfaces.

  3. Restart RabbitMQ:

    systemctl restart rabbitmq-server

  4. Verify the change:

    ss -tlnp | grep 5672

    You should now see RabbitMQ listening on:

    0.0.0.0:5672 (LISTEN)

Thanks,

Ameet