# Connectors via RPM

All the connectors which are part of the RPM distribution can be found in the `/usr/local/openiam/connectors/bin/` directory. If the connector you are looking for was not part of the distribution, download it from the [OpenIAM website](https://www.openiam.com/connector-library) and copy it to the above directory. Ensure that the connector files are owned by OpenIAM. To do that, use the command below.

```bash
chown openiam:openiam [file name]
```

To start the connector, use the following command:

```bash
systemctl start openiam-connector@[connector_name]
```

## Deploying the remote connector

A remote connector is a connector deployed outside the OpenIAM environment.

For instance, all Microsoft application connectors are remote connectors. However, `.java` (`.jar`) connectors can be deployed on a remote server.

Download the Java connector to the remote box and place it in <kbd>/opt/openiam/connectors/bin/</kbd> (create the directories if you do not have them). To allow remote connectors to connect to RabbitMQ and Vault, you should allow access to ports **5672** and **8200**. For example, on CentOS 7 you can open ports with the following commands:

```bash
firewall-cmd --add-port=5672/tcp --permanent
firewall-cmd --add-port=8200/tcp --permanent
```

Next, run the following command:

```bash
firewall-cmd --reload
```

Also, make sure other network configurations do not block these ports. Before starting the connector, you can test the connection with the following telnet commands.

```bash
telnet 10.98.0.1 5672
telnet 10.98.0.1 8200
```

where **10.98.0.1** is the IP address of the host where RabbitMQ and Vault are installed.

For Java connectors, install Java 11. Copy the Vault certificate <kbd>vault.crt</kbd> and import it. You can then remove this file from the box.

{% code overflow="wrap" %}

```bash
keytool -noprompt -import -v -trustcacerts -alias vault_$(pwgen -s 13 1) -file vault.crt -keystore /usr/lib/jvm/java-11-openjdk-11.0.11.0.9-1.el7_9.x86_64/lib/security/cacerts -keypass changeit -storepass changeit
```

{% endcode %}

If you do not want to expose the Vault port for some reason, it is also possible to disable Vault by adding a <kbd>-Dorg.openiam.vault.disabled</kbd> property to the start file of the connector. Then do not forget to provide the RabbitMQ username and password in the properties file because the application will not fetch these from Vault. On the connector server, create a directory <kbd>/opt/openiam/connectors/conf/properties/</kbd> and put <kbd>rabbitmq.properties</kbd> and <kbd>vault.properties</kbd> in it (if you use Vault). Also create an <kbd>/opt/openiam/connectors/conf/vault/client</kbd> directory and put <kbd>vault.jks</kbd> in it (you have to grab it from the OpenIAM box).

`rabbitmq.properties`

```properties
spring.rabbitmq.host=10.98.0.1
spring.rabbitmq.port=5672
org.openiam.rabbitmq.hosts=${spring.rabbitmq.host}:${spring.rabbitmq.port}

spring.rabbitmq.username=openiam

org.openiam.rabbitmq.concurrent.consumers=20
org.openiam.rabbitmq.max.concurrent.consumers=50
org.openiam.rabbitmq.prefetch.count=2

org.openiam.rabbitmq.channelTransacted=true
org.openiam.rabbitmq.channelCacheSize=10

org.openiam.mq.broker.encryption.key=ff808181670838e0016708610547001b
```

`vault.properties`

```properties
vault.uri=https://10.98.0.1:8200
vault.authentication=CERT
vault.ssl.key-store=file://path_to_/vault.jks
vault.ssl.key-store-password=passwd00
```

Create executable shell script file named start.sh with the following content:

{% code overflow="wrap" %}

```bash
export VAULT_CERTS="/opt/openiam/connectors/conf/vault/certs/"
export JAVA_HOME="/usr/lib/jvm/java-11-openjdk-11.0.11.0.9-1.el7_9.x86_64/"

$JAVA_HOME/bin/java -Dlogging.level.root=ERROR -Dlogging.level.org.openiam=INFO -Dconfpath=/opt/openiam/connectors/ -jar bin/$1 > $HOME_DIR/logs/$1.log
```

{% endcode %}

Start connector:

```bash
./start.sh connector-file-name
```

(Attention: don't use the <kbd>.jar</kbd> extension in the argument — e.g. `./start.sh jdbc-connector-rabbitmq`.)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs-beta.openiam.com/application-onboarding/connectors/connectors-via-rpm.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.