14.11.2.4 Parameters

[–ORBid {BEA_IIOP | BEA_TOBJ}]

The value BEA_IIOP explicitly specifies that the ORB be configured to support either a client or a server environment that communicates over the IIOP or IIOP-SSL protocol.

The value BEA_TOBJ explicitly specifies that the ORB be configured to support the native client environment that can only communicate over the TGIOP protocol within an Oracle Tuxedo domain.

If not specified, the ORB will detect the environment in which it is deployed and configure itself for use in that environment.

[–ORBInitRef ObjectId=ObjectURL]

The ORB initial reference argument, -ORBInitRef, allows specification of an arbitrary object reference for an initial service.

ObjectID represents the well-known object ID for a service that is defined in the CORBA specification. This mechanism allows an ORB to be configured with new initial service Object IDs that were not defined when the ORB was installed.

ObjectURL can be any of the URL schemes supported by the CORBA::ORB::string_to_object operation as defined in CORBA specification. If a URL is syntactically malformed or can be determined to be invalid in an implementation-defined manner, CORBA::ORB_init will raise the CORBA::BAD_PARAM standard exception listed in the following table.

Table 14-2 Minor Codes for CORBA::BAD_PARAM Standard Exception

Minor Code	Description
BadSchemeSpecificPart	The specified scheme is recognized by the ORB implementation. Only the schemes IOR, corbaloc, corbalocs, and corbaname are supported.
BadAddress	The format of the address is not recognized by the ORB implementation. Host names must be specified according to DNS or as class C IP addresses in dot-separated form.
BadSchemeSpecificPart	The format of the address is not recognized by the ORB implementation. Host names must be specified according to DNS or as class C IP addresses in dot-separated form.
BadSchemeSpecificPart	The scheme specific part of the URL is improperly formatted for the specified scheme.

[–ORBDefaultInitRef <ObjectURL>]

The ORB default initial reference argument, -ORBDefaultInitRef, assists in the resolution of initial references not explicitly specified with -ORBInitRef. This argument provides functionality similar to that of the list of IIOP Listeners address that is provided to the current Tobj_Bootstrap object.

Unlike the –ORBInitRef argument, -ORBDefaultInitRef requires a URL that, after appending a slash ‘/’ character and a stringified object key, forms a new URL to identify an initial object reference. For example, if the following was specified as the default initial reference argument:

-ORBDefaultInitRef corbaloc:555objs.com

A call to ORB::resolve_initial_references(“NotificationService”) to obtain the initial reference for the service would result in the new URL:

corbaloc:555objs.com/NotificationService

The implementation of the ORB::resolve_initial_references operation would take the newly constructed URL and call CORBA::ORB::string_to_object to obtain the initial reference for the service.

The URL specified as the value of the -ORBDefaultInitRef argument can contain more than a single location. This is the similar to the functionality provided for the list of locations to be used by the Tobj_Bootstrap object. In this situation, the ORB will process the locations in the URL based on the syntax rules for the URL. For example, if the following was specified as the default initial reference argument:

-ORBDefaultInitRef corbaloc:555objs.com,555Backup.com

A call to ORB::resolve_initial_references(“NameService”) to obtain the initial reference for the service would result in one of the following new URLs:

corbaloc:555objs.com/NameService or corbaloc:555Backup.com/NameService

The resulting URL would then be passed to CORBA::ORB::string_to_object in order to obtain the initial reference for the service.

[–ORBminCrypto [0 | 40 | 56 | 128]]

When establishing a network link, this is the minimum level of encryption required. Zero (0) means no encryption, while 40, 56, and 128 specify the length (in bits) of the encryption key. If this minimum level of encryption cannot be met, link establishment will fail.

The default is 0.

[–ORBmaxCrypto [0 | 40 | 56 | 128]]

When establishing a network link, this is the maximum level of encryption allowed. Zero (0) means no encryption, while 40, 56, and 128 specify the length (in bits) of the encryption key. The default is whatever capability is specified by the license. The –ORBmaxCrypto or –ORBmaxCrypto options are available only if either the International or U.S_Canada Oracle Tuxedo Security Add-on Package is installed.

[–ORBmutualAuth]

Specifies that certificate-based authentication must be enabled when accepting an SSL connection from a remote application.

The –ORBmutualAuth option is available only if either the International or U.S_Canada Oracle Tuxedo Security Add-on Package is installed.

[–ORBpeerValidate {detect | warn | none}]

Determines how the Oracle Tuxedo CORBA ORB will behave when a digital certificate for a peer of an outbound connection initiated by the Oracle Tuxedo ORB is received as part of the Secure Socket Layer (SSL) protocol handshake. The validation is only performed by the initiator of a secure connection and confirms that the peer server is actually located at the same network address specified by the domain name in the server’s digital certificate. This validation is not technically part of the SSL protocol, but is similar to the same check done in web browsers.

A value of detect causes an Oracle Tuxedo CORBA ORB to verify that the host specified in the object reference used to make the connection matches the domain name specified in the peer’s digital certificate. If the comparison fails, the ORB refuses to authenticate the peer and drops the connection. This check protects against man-in-the-middle attacks.

A value of warn causes an Oracle Tuxedo CORBA ORB to verify that the host specified in the object reference used to make the connection matches the domain name specified in the peer’s digital certificate. If the comparison fails, the ORB logs a message to the user log, but continues processing the connection.

A value of none causes an Oracle Tuxedo CORBA ORB not to perform the peer validation and will continue the processing of the connection.

The –ORBpeerValidate option is available only if either the International or U.S_Canada Oracle Tuxedo Security Add-on Package is installed.

If not specified, the default is detect.

[–ORBport port-number]

Specifies the network address to be used by the ORB to accept connections from remote CORBA clients. Typically, a system administrator assigns the port number for the client from the "user" range of port numbers rather from the dynamic range. This keeps the joint client/servers from using conflicting ports.

This parameter is required in order for the Oracle Tuxedo CORBA ORB to create persistent object references. Persistent objects references must be served on the same port after that is contained in the object reference, even if the ORB has been restarted. For transient object references, any port is sufficient and can be obtained by the ORB dynamically.

The port-number is the TCP port number at which the Oracle Tuxedo CORBA ORB process listens for incoming requests. The port-number can be a number between 0 and 65535.

[–ORBsecurePort port-number]

Specifies the port number that the IIOP Listener/Handler must use to listen for secure connections using the Secure Socket Layer protocol. If the command-line option is specified without a port number, then the OMG assigned port number 684 will be used for SSL connections.

The port-number is the TCP port number at which the Oracle Tuxedo CORBA ORB process listens for incoming requests. The port-number can be a number between 0 and 65535.

An administrator can configure to only allow secure connections into the Oracle Tuxedo CORBA ORB by setting port numbers specified by the –ORBport and –ORBsecurePort to the same value.

The –ORBsecurePort option is available only if either the International or U.S_Canada Oracle Tuxedo Security Add-on Package is installed.