Setting Up an IOM Bridge Server

Starting the Spawner on Windows

To start the spawner on a Windows host:

1. Define the user rights for the administrator. The user who invokes the spawner, in addition to being an administrator, must have the following user rights:

   • act as part of the operating system
   • increase quotas
   • replace the process level token.

   To set the administrator's user rights on Windows NT:

   1. Select Start Programs Administrative Tools User Manager. The User Manager window is displayed.
   2. From the Policies pull-down menu, select User Rights. The User Rights Policy window is displayed.
   3. Click the Show Advanced User Rights check box.
   4. Add rights using the Right: drop-down menu.

   To set the administrator's user rights on Windows 2000:

   1. Select Start Settings Control Panel Administrative Tools Local Security Policy.
   2. Select Security Settings Local Policies User Rights Assignment.
   3. Add rights by double-clicking on each right and assigning the appropriate users.
   4. Log off and log back on to apply the new user rights.

2. Define the user rights for each client that connects to the spawner. Similar to the administrator, each client that connects to the spawner must have the following user right: log on as batch job.

3. Clients that connect to the spawner must include their domain name (DOMAIN\userid) when it differs from the sasDomainName that is specified in the sasServer definition.

4. Start the spawner program (called objspawn.exe) using a command that specifies the appropriate options. The spawner program is installed in the inttech\sasexe folder that is found in your installed SAS folder. Refer to the Spawner Invocation Options for a complete list of valid options for the command.

   In the following examples, c:\sasv8 is the installed SAS folder.

   Note: Some of the example commands are broken into more than one line for presentation purpose. However, the command must be entered as a continuous text stream on the command line.

   • The following command launches the spawner on a nonsecure LDAP server with a default port of 389. The -ldapBase tells the spawner where in the tree to start searching for the server, spawner, and login definitions. This command assumes that there is only one spawner definition in the ldap server. (If there are multiple spawner definitions, the user should specify the -sasSpawnercn option. If the -sasSpawnercn option is not specified, the spawner uses the first spawner definition that it finds in the server.)

      c:\sasv8> objspawn -ldapHost machine.abc.sas.com             
        -ldapBase "sasComponent=sasServer,cn=SAS,o=ABC Inc,c=US""
     

   • The following command launches the spawner on a nonsecure LDAP server with a default port of 389. The -ldapBase tells the spawner where in the tree to start searching for the server, spawner, and login definitions. The -sasSpawnercn option tells the spawner which spawner definition to use.

     c:\sasv8> objspawn -ldapHost machine.abc.sas.com  
       -ldapBase "sasComponent=sasServer,cn=SAS,o=ABC Inc,c=US"  
       -sasSpawnercn mySpawner
     

   • The following command launches a spawner that connects to a nonsecure LDAP server listening on port 12345. The -sasSpawnercn option tells the spawner to use the spawner definiton WNTSpawner. The -ldapBase tells the spawner where in the tree to start searching for the server, spawner, and login definitions.

     c:\sasv8> objspawn -ldaphost machine.abc.sas.com -ldapport 12345 
       -sasspawnercn "WNTSpawner" 
       -ldapbase "sasComponent=sasServer,cn=SAS,o=ABC Inc,c=US"  
     

   • The following command start an Active Directory spawner that is set up as secure. The -sasSpawnercn option tells the spawner to use the sasSpawner definition of WNTSpawner. The -ldapBase tells the spawner where in the tree to start searching for the server, spawner, and login definitions. This -ldapbinddn option tells the spawner to bind to the LDAP server with the username and password found in the login definition CN=John Doe,CN=Users,DC=dtd-dom,DC=sas,DC=com.

     c:\sasv8> objspawn -ldaphost machine.abc.sas.com -ldapport 389 
       -sasspawnercn "WNTSpawner" 
       -ldapbase "cn=AdHoc,cn=Applications,dc=dtd-dom,dc=sas,dc=com" 
       -ldap_binddn "CN=John Doe,CN=Users,DC=dtd-dom,DC=sas,DC=com" -lpw mypassword
     

   • The following command start a spawner that connects to a secure LDAP server with a default port of 389. The -sasSpawnercn option tells the spawner to use the sasSpawner definition of IOMSpawner. The -ldapBase tells the spawner where in the tree to start searching for the server, spawner, and login definitions. This -ldapbinddn option tells the spawner to bind to the LDAP server with the user "uid=sasiom1,ou=People,o=ABC Inc,c=US"

     c:\sasv8> objspawn -ldapHost machine.abc.sas.com -ldapPort 389 
       -ldapBase "sasComponent=sasServer,cn=SAS,o=ABC Inc,c=US" 
       -sasSpawnercn IOMSpawner -ldapbinddn "uid=johndoe,ou=People,o=ABC Inc,c=US"
       -ldapPw mypassword -sasLogFile objspawnldap.log -sasverbose
     

   • The following command launches a spawner with an LDIF configuration file:

     c:\sasv8> objspawn -configFile c:\sasv8\spawner2.cfg
     

   • The following command installs the spawner as an NT service and updates the registry to hold the options that are specified (in this case -configFile):

     c:\sasv8> objspawn -configFile c:\sasv8\objspawn.cfg -install
     

     When the spawner is started as an NT service, it will self configure utilizing the options that are placed in the registry at install time.

   • The following command deinstalls the spawner as an NT service:

     c:\sasv8> objspawn -deinstall

   • The following command launches a spawner with an XML configuration file that contains information for accessing the LDAP server:

     c:\sasv8> objspawn -omrconfigFile c:\sasv8\spawner2.cfg
     

Setting Up an IOM Bridge Server