Pegasi Wiki

This wiki acts as a memo for our own work so why not share them? Feel free to browse and use out notes and leave a note while at it.

How to install NetIQ Identity Manager

Overview

There is an installation guide but it is not so straightforward and it is kind of hard to iterate the real practice of installing so I am writing down on how I do it in real world, simple step by step bullet style.

I am using CentOS 7 / RHEL 7 but procedure is similar to Suse Linux as well, just recheck the requirements.

Prequisites

  • check that your /etc/hosts contains all hosts you need.
  • check that firewalld is masked and install iptables-services.
  • check that your iptables:
    • allows at least ports 389,524,636 between eDirectory servers.
    • allows ports 22,389,524,636,8028,8030 from your admin IPs.
    • allows ports 389,524,636 from iManager server
  • and finally install required packets with command:
yum install ksh  glibc-*.i686 libgcc-*.i686 compat-libstdc++-33.x86_64 compat-libstdc++-33-*.i686 libXtst-*.i686 libXrender*.i686 libXi-*.i686 bc lsof net-tools

Install eDirectory and IDM

Download and unpack the latest eDirectory and Identity Manager install media and possible patches. Go to the install media setup folder where the install script nds-install is located.

If you are using CentOS 7 edit nds-install script and copy-paste line

"Red Hat Enterprise Linux Server") os=rhel;;

to line

"CentOS Linux") os=rhel;;

Then install eDirectory with command

./nds-install

Patch if necessary. Repeat for all servers.

Mount Identity Manager image and install with command

./install.sh

Patch if necessary. Repeat for all servers.

Set up eDirectory

Set up a new tree in the master server with command

ndsconfig new -t treename -n <server ou dn> -a cn=<admin dn>

AFTER new tree install add /etc/opt/novell/eDirectory/conf/hosts.nds with following content to all servers

TREENAME.             1.2.3.4
server1.TREENAME.     1.2.3.4
server2.TREENAME.     1.2.3.5
server3.TREENAME.     1.2.3.6

Make a symbolic links to /etc/hosts.nds

In slave servers join the tree with command:

ndsconfig add -t TREENAME -n <server ou dn> -a cn=<admin dn> -p <server1 ip address>

Configure Identity Manager

At the master server go to install image mount directory and execute

./configure.sh
  • custom configuration
  • configure identity manager engine
  • set common password
  • add to existing local machine identity vault
  • install new driverset

At the slave servers go to install image mount directory and execute

./configure.sh
  • custom configuration
  • configure identity manager engine
  • set common password
  • add to existing local machine identity vault
  • DO NOT install new driverset

You can ignore the following error message which is a feature:

rm: cannot remove '/tmp/idm_install/SSL CertificateDNS_server.ks': No such file or directory

Now log in to the tree with iManager and add all servers to the driver set.

Import to Designer

Now import the identity vault and driver set to Designer, add all the servers and start doing actual IDM work :)

Comments

All comments and corrections are welcome.

 stars  from 0 votes

Leave a comment

Enter your comment:
M H F᠎ P A
 

  //check if we are running within the DokuWiki environment if (!defined("DOKU_INC")){ die(); } //place the needed HTML source codes BELOW this line