Article

(View Disclaimer)

The Novell Identity Manager 3.6 (IDM36) installer is an Acresso InstallAnywhere (IA) installer that supports installing the Metadirectory Server or Connected System Server, drivers, iManager plug-ins, and related utilities. There are separate IDM36 installers for installing onto Linux, AIX, Solaris, and Windows.

The information below is intended to assist in troubleshooting IDM36 installation problems.

Contents

• Install Locations

• Installing Files

  • Installing Packages on Linux, AIX and Solaris

  • Installing Files on Windows

• Installation Log Files

  • Installation Log: Identity_Manager_InstallLog.log

  • Debug Log: idmInstall.log

  • Running in Debug Mode

    • Running in Debug Mode on Linux, AIX, and Solaris

    • Running in Debug Mode on Windows

• Checking Dependencies

• Starting and Stopping eDirectory

• Extending Schema in eDirectory

  • Extending Schema on Linux, AIX, and Solaris

  • Extending Schema on Windows

• Installing NMAS Login Methods

• Installing iManager Plug-ins

• Installing the Roles Service Driver

Install Locations

The Identity Manager installers can be launched from the CD images as follows:

Platform	Path
Linux:	install.bin [-i {gui|console}] linux/setup/idm_linux.bin [-i {gui|console}]
AIX:	install.bin [-i {gui|console}] aix/setup/idm_aix.bin [-i {gui|console}]
Solaris:	install.bin [-i {gui|console}] solaris/setup/idm_solaris.bin [-i {gui|console}]
Windows:	autorun.inf windows\setup\idm_install.exe

The default install locations for the major components of Identity Manager are:

What	Platform	Path
Metadirectory Engine	Linux, AIX, Solaris:	/opt/novell/eDirectory
	Windows:	C:\Novell\NDS
Remote Loader	Linux, AIX, Solaris:	/opt/novell/dirxml
	Windows:	C:\Novell\RemoteLoader
Driver Shims	Linux, AIX, Solaris:	/opt/novell/eDirectory/lib/dirxml/classes
	Windows:	C:\Novell\NDS\lib C:\Novell\RemoteLoader\lib
iManager Plug-ins	Linux, Solaris:	/var/opt/novell/tomcat5/webapps/nps
	Windows:	C:\Program Files\Novell\Tomcat\webapps\nps
Driver Configuration Files	Linux, Solaris:	/var/opt/novell/tomcat5/webapps/nps/DirXML.Drivers
	Windows:	C:\Program Files\Novell\Tomcat\webapps\nps\DirXML.Drivers
Utilities	Linux, AIX, Solaris:	Query the driver's native package, for example: rpm -qlp linux/setup/packages/novell-DXMLnxdrv-3.6-0.i386.rpm
	Windows:	C:\Novell\NDS\DirXMLUtilities
Uninstaller	Linux, AIX, Solaris:	$HOME/Uninstall_Identity_Manager/Uninstall_Identity_Manager
	Windows:	C:\Program Files\Novell\Identity Manager\Uninstall_Identity_Manager\Uninstall Identity Manager.exe

Installing Files

For each platform, the IDM36 CD image contains subdirectories under the setup directory that contain the files to be installed. On Linux, AIX, and Solaris the installer uses native packages under setup/packages (see Installing Packages on Linux, AIX and Solaris). On Windows, the installer copies files directly from various subdirectories under setup (see Installing Files On Windows).

Installing Packages on Linux, AIX and Solaris

The following table lists which install packages the IDM36 installer installs for various components. For Linux and AIX these are RPM packages located under linux/setup/packages and aix/setup/packages, respectively, and generally named novell-package. For Solaris they are PKG packages located under solaris/setup/packages, and generally named package.

Metadirectory Engine

Package Name	Description
DXMLsch	Schema Files
DXMLdev	Driver Development Kit
DXMLmtask	Manual Task Service Driver
DXMLtlmnt	Entitlement Service Driver
DXMLcmpsr	Composer Service Driver
NOVLjvml	JVM Loader
DXMLwkodr	Work Order Service Driver
DXMLidprv	ID Provider Service Driver
DXMLbase	Base Components
DXMLevent	Event Caching System
DXMLssop	Credential Provisioning
DXMLadeng	AD Driver Engine Components
DXMLpxjob	Password Expiration Job
DXMLengn	Core Engine
DXMLjdbcu	JDBC Utilities
AUDTplatformagent	Novell Audit Platform Agent (Linux only)
NOVLaudpa	Novell Audit Platform Agent (Solaris only)

Remote Loader Service

Package Name	Description
DXMLdev	Driver Development Kit
DXMLmtask	Manual Task Service Driver
DXMLtlmnt	Entitlement Service Driver
DXMLcmpsr	Composer Service Driver
NOVLjvml	JVM Loader
DXMLwkodr	Work Order Service Driver
DXMLidprv	ID Provider Service Driver
DXMLbase	Base Components
DXMLrdxml	Remote Loader Service
AUDTplatformagent	Novell Audit Platform Agent (Linux only)
NOVLaudpa	Novell Audit Platform Agent (Solaris only)

Drivers

Package Name	Description
DXMLavpbx	Avaya Driver
DXMLdelim	Delimited Text Driver
DXMLedir	eDirectory Driver
DXMLgw	Groupwise Driver (Linux only)
DXMLjdbc	JDBC Driver
DXMLjms	JMS Driver
DXMLldap	LDAP Driver
DXMLnxdrv	Linux/UNIX Bidirectional Driver
DXMLnxpam
DXMLnxset	Linux/UNIX Settings Driver
DXMLnotes	Lotus Notes Driver
DXMLpsoft	PeopleSoft Driver
DXMLracf	RACF Driver
DXMLremedy	Remedy Driver (Linux only)
DXMLremedy71
DXMLsaphr	SAP Driver
DXMLsapum
DXMLsoap	SOAP Driver
DXMLtss	Top Secret Driver

Web-based Administration Server

Package Name	Description
DXMLplgs	Identity Manager Plugins

Prior to installing each package, the installer attempts to uninstall any already installed version of the package as well as any packages it obsoletes. The installer determines which packages a specific package obsoletes using the following commands:

Linux, AIX:
rpm --query --obsoletes -ppath_to_package*
Solaris:
pkgparam -f /path_to_package* OBSOLETES

where path_to_package is the full path to the package in the CD image (without the version and extension), for example, the path to the DXMLengn package on Linux might be /media/cdrom/linux/setup/packages/novell-DXMLengn.

The installer uninstalls packages using the following commands:

Linux, AIX:
rpm -e --allmatches --nodeps package
Solaris:
pkgrm -n -a /var/sadm/install/admin/admin.idmpackage

where package is the package name, for example, novell-DXMLengn on Linux, and DXMLengnon Solaris.

The installer installs packages using the following commands:

Linux, AIX:
rpm -i --replacefiles --nodeps path_to_package*
Solaris:
pkgadd -n -r /var/sadm/install/admin/admin.idm -a /var/sadm/install/admin/admin.idm -d path_to_package*package

where path_to_package is the full path to the package on the CD (without the version and extension), for example, the path to the DXMLengn package on Linux might be, /media/cdrom/linux/setup/packages/novell-DXMLengn, and where package is the package name, for example, novell-DXMLengn on Linux, and DXMLengn on Solaris.

Installing Files on Windows

On Windows, the installer copies files directly from various subdirectories under setup. Prior to copying the files the installer generally attempts to make sure any existing files that might be overwritten are not marked read only (for example, attrib -R "C:\Novell\NDS\*.*" /S /D). The following table lists the files and subdirectories the IDM36 installer copies for various components.

Metadirectory Engine

From	To	Description
vcredist\vcredist_x86.exe or vcredist\vcredist_x64.exe	IDM installer runs these installers silently	Visual C++ 2005 SP1 Redistributable Packages
schema	C:\Novell\NDS	Schema Files
drivers\manualtask\lib	C:\Novell\NDS\lib	Manual Task Service Driver
drivers\manualtask\mt_files	C:\Novell\NDS
drivers\entitlement\lib	C:\Novell\NDS\lib	Entitlement Service Driver
drivers\composer\lib	C:\Novell\NDS\lib	Composer Service Driver
jre\x86\jre or jre\x64\jre	C:\Novell\NDS	JVM
drivers\workorder\lib	C:\Novell\NDS\lib	Work Order Service Driver
drivers\loopback\lib	C:\Novell\NDS\lib
drivers\loopback\loopback_files	C:\Novell\NDS\loopback_files
drivers\idprovider\lib	C:\Novell\NDS\lib	ID Provider Service Driver
engine\noarch	C:\Novell\NDS	Engine
engine\x86 or engine\x64	C:\Novell\NDS
engine\lib	C:\Novell\NDS\lib
remoteloader\lib	C:\Novell\NDS\lib
engine\jclient\x86\jclnt.dll or engine\jclient\x64\jclnt.dll	C:\Novell\NDS (if needed)
engine\jclient\lib\jclient.jar	C:\Novell\NDS (if needed) and C:\Novell\NDS\lib
drivers\jdbc\lib\JDBCUtil.jar	C:\Novell\NDS\lib
novell_audit\naudit_agent	C:\WINDOWS\system32	Novell Audit Platform Agent
PasswordSync\system32 or PasswordSync\system64	C:\WINDOWS\system32	Password Sync Agent
PasswordSync\system32_dlls	C:\Novell\IDM_PassSync\w32
PasswordSync\system64_dlls	C:\Novell\IDM_PassSync\w64

Remote Loader Service

The user can specify the install location. The default install location is C:\Novell\RemoteLoader.

From	To	Description
vcredist\vcredist_x86.exe or vcredist\vcredist_x64.exe	IDM installer runs these installers silently	Visual C++ 2005 SP1 Redistributable Packages
drivers\manualtask\lib	C:\Novell\RemoteLoader\lib	Manual Task Service Driver
drivers\manualtask\mt_files	C:\Novell\RemoteLoader
drivers\entitlement\lib	C:\Novell\RemoteLoader\lib	Entitlement Service Driver
drivers\composer\lib	C:\Novell\RemoteLoader\lib	Composer Service Driver
jre\x86\jre or jre\x64\jre	C:\Novell\RemoteLoader	JVM
drivers\workorder\lib	C:\Novell\RemoteLoader\lib	Work Order Service Driver
drivers\loopback\lib	C:\Novell\RemoteLoader\lib
drivers\loopback\loopback_files	C:\Novell\RemoteLoader\loopback_files
drivers\idprovider\lib	C:\Novell\RemoteLoader\lib	ID Provider Service Driver
engine\noarch	C:\Novell\RemoteLoader	Remote Loader Service
engine\x86 or engine\x64	C:\Novell\RemoteLoader
engine\lib	C:\Novell\RemoteLoader\lib
remoteloader\x86 or remoteloader\x64	C:\Novell\RemoteLoader
remoteloader\help	C:\Novell\RemoteLoader
remoteloader\lib	C:\Novell\RemoteLoader\lib
novell_audit\naudit_agent	C:\WINDOWS\system32	Novell Audit Platform Agent
PasswordSync\system32 or PasswordSync\system64	C:\WINDOWS\system32	Password Sync Agent
PasswordSync\system32_dlls	C:\Novell\IDM_PassSync\w32
PasswordSync\system64_dlls	C:\Novell\IDM_PassSync\w64

Drivers

The destinations shown are for when the drivers are installed into the Metadirectory Engine. If the drivers are installed into the Remote Loader Service, replace C:\Novell\NDS with C:\Novell\RemoteLoader in the destination paths.

From	To	Description
drivers\ad\noarch	C:\Novell\NDS	AD Driver
drivers\ad\x86 or drivers\ad\x64	C:\Novell\NDS
drivers\avaya\lib	C:\Novell\NDS\lib	Avaya Driver
drivers\delimitedtext\lib	C:\Novell\NDS\lib	Delimited Text Driver
drivers\delimitedtext\samples	C:\Novell\NDS\drivers\delimitedtext\samples
drivers\edirectory\lib	C:\Novell\NDS\lib	eDirectory Driver
drivers\groupwise\x86 or drivers\groupwise\x64	C:\Novell\NDS	Groupwise Driver
drivers\groupwise\lib	C:\Novell\NDS\lib
drivers\jdbc\lib	C:\Novell\NDS\lib	JDBC Driver
drivers\jms\lib	C:\Novell\NDS\lib	JMS Driver
drivers\jms\lib\jms.jar	C:\Novell\NDS\jre\lib\ext
drivers\ldap\lib	C:\Novell\NDS\lib	LDAP Driver
drivers\nxsettings\lib	C:\Novell\NDS\lib	Linux/UNIX Settings Driver
drivers\lotusNotes\x86 or drivers\lotusNotes\x64	C:\Novell\NDS	Lotus Notes Driver
drivers\lotusNotes\lib	C:\Novell\NDS\lib
drivers\peoplesoft\lib	C:\Novell\NDS\lib	PeopleSoft Driver
drivers\racf\lib	C:\Novell\NDS\lib	RACF Driver
drivers\remedy\lib	C:\Novell\NDS\lib	Remedy Driver
drivers\sap\lib	C:\Novell\NDS\lib	SAP Driver
drivers\soap\lib	C:\Novell\NDS\lib	SOAP Driver
drivers\topsecret\lib	C:\Novell\NDS\lib	Top Secret Driver

Utilities

The user can specify the install location. The default install location is C:\Novell\NDS\DirXMLUtilities.

From	To	Description
utilities\cred_prov	C:\Novell\NDS\DirXMLUtilities\cred_prov	Credential Provisioning Sample Policies
drivers\jdbc\tools	C:\Novell\NDS\DirXMLUtilities\jdbc	SQL scripts for JDBC driver
drivers\jms\tools\jms	C:\Novell\NDS\DirXMLUtilities\jms	JMS Components
drivers\peoplesoft\tools	C:\Novell\NDS\DirXMLUtilities\peoplesoft	PeopleSoft Components
utilities\idm_lat	C:\Novell\NDS\DirXMLUtilities\idm_lat	License Auditing Tool
utilities\ad_disc\x86	C:\Novell\NDS\DirXMLUtilities\ad_disc	Active Directory Discovery Tool
utilities\notes_disc\x86	C:\Novell\NDS\DirXMLUtilities\notes_disc	Lotus Notes Discovery Tool
drivers\sap\tools	C:\Novell\NDS\DirXMLUtilities\sap	SAP Utilities
drivers\scripting\x86 or drivers\scripting\x64	C:\Novell\NDS\DirXMLUtilities\ScriptDriver	Scripting Driver Installer and Configuration Tool
..\cle	C:\Novell\NDS\DirXMLUtilities\cle	Client Login Extension for Novell Identity Manager

Installation Log Files

The installer creates two log files, an installation log and a debug log. These log files are useful for troubleshooting installation problems. It can also be useful to run the installer in debug mode.

When reporting a problem with the installer, please send a clear description of the problem and attach both the installation log and the debug log. If the problem is reproducible, please run the installer in debug mode and also send the debug output. Most common installation issues can be easily diagnosed in this way.

Installation Log: Identity_Manager_InstallLog.log

What	Platform	Path
Installation log	Linux, AIX, Solaris:	$HOME/idm/Identity_Manager_InstallLog.log
	Windows:	C:\Program Files\Novell\Identity Manager\Identity_Manager_InstallLog.log

This is the standard InstallAnywhere log file that logs installer actions. It reports any warnings or errors, and may also provide suggestions on how to resolve them. It is written (or overwritten) after the installer exits.

Debug Log: idmInstall.log

What	Platform	Path
Debug log	Linux, AIX:	/tmp/idmInstall.log
	Solaris:	/var/tmp/idmInstall.log
	Windows:	%TEMP%\idmInstall.log

The debug log is created by the installer to aid troubleshooting custom code in the installer. It contains added detail on installer actions and results. For example, it the installer runs a shell command the debug log shows the exact command that was executed, the exit code, and any messages written to standard output or standard error. It also shows the values of various variables used by the installer. The debug log is created (or overwritten) near the beginning of the installation and is updated as the installation proceeds.

Running in Debug Mode

You can get additional debug output by running the installer in debug mode. The additional debug output is intermixed with the normal output from the installer.

Running in Debug Mode on Linux, AIX, and Solaris

On Linux, AIX, and Solaris debug mode is enabled by setting the following environment variable prior to running the installer:

# export LAX_DEBUG=true

If you would like to redirect output to a file, set LAX_DEBUG=file. Then, run your installer. Once the install is complete a file labeled jx.log will be generated in the same directory as your installer. This file will contain the entire debug output generated by the install.

If you would like to see the debug messages that are written to standard output and standard error as well as capture them to a file, try a command similar to the following:

# LAX_DEBUG=true ./install.bin 2>&1 | tee /tmp/console.txt

Running in Debug Mode on Windows

On Windows, to view or capture the debug output from an installer, you need to hold down the <CTRL> key immediately after launching the installer and until a console window appears. Before you exit the installer, copy the console output to a text file.

If you have problems capturing the console output, you will need to try a slightly more convoluted method. First launch the installer and allow it to extract the necessary files. Once it reaches the "Preparing to Install..." window where it gives you the opportunity to choose a language, go to your windows %TEMP% directory. Here you will find a temporary folder named with several numeric digits. To make sure you have the most recent directory, sort the directories by "last modified". Open the directory, you should see a file called sea_loc, delete it. Now go back to the installer, hit OK, and at the first opportunity, Exit.

Now go back to the directory inside the %TEMP% directory, where you deleted the sea_loc file. You should find another directory called Windows; open it. Here you should find an .exe file (most likely install.exe). You should then find another file with the same name except it will have a .lax extension. Open it with a plain text editor and edit the lines:

lax.stderr.redirect=
lax.stdout.redirect=

to be:

lax.stderr.redirect=output.txt
lax.stdout.redirect=output.txt

After you have made these changes, save the file and launch the .exe. When the installation is complete you should end up with an output.txt file in the same directory as the .lax file. The output.txt file should contain the same information as that generated in the console.

Checking Dependencies

The IDM36 installer runs various checks to verify that that all required dependencies are met. This section lists various error messages you may see that indicate a failed dependency check. For each error message, a brief explanation is given of what exactly the installer is checking to verify the dependency.

Unsupported OS Architecture This version of the Identity Manager is not supported on 32-bit Windows 2008.

Windows 2008:
The installer checks the value of the following registry key:
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
Value Name: PROCESSOR_ARCHITECTURE

Unsupported OS Architecture This version of the Identity Manager is not supported on 32-bit Solaris.

Solaris:
The installer runs the following command to get the instruction set architecture:
# /usr/bin/isainfo -kv

The installer expects 64-bit to be in the output.

Insufficient Rights The user must be root to install $PRODUCT_NAME$. Please login as the root user and run the install again.

Linux, AIX, Solaris:
The installer runs the following command to get the user id:
# id | awk '{print $1}' | awk -F"=" '{print $2}' | awk -F"(" '{print $1}'

The installer expects the user id to be 0, indicating the root user.

Insufficient Rights The Windows user must have administrative privileges to install Novell Identity Manager. Please logon to Windows with a user that has administrative privileges and run the install again.

Windows:
The installer invokes the hasWindowsAdministratorPrivileges() method in the native library CheckForAdminRights? .dll. The native code calls OpenSCManager( NULL, NULL, SC_MANAGER_LOCK ) and checks for ERROR_ACCESS_DENIED.

Unsupported OS Architecture This version of the Identity Manager Metadirectory Server is not supported on 64-bit Windows.

Windows:
The installer checks the value of the following registry key:
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
Value Name: PROCESSOR_ARCHITECTURE

Unsupported OS Architecture This version of the Identity Manager Metadirectory Server is not supported on 32-bit AIX.

AIX:
The installer runs the following command to check the OS architecture:
# file /unix

The installer expects 64-bit to be in the output.

eDirectory not found eDirectory 8.8.3 or later must be installed on this system in order to install one or more of the selected components.

If the user selects to install one or more components that require eDirectory, such as the Metadirectory Server, the installer checks that a valid version of eDirectory is installed.

Linux:
# rpm -qi novell-NDSserv | grep "Version" | awk '{print $3}'

AIX:
# lslpp -L | grep NDSserv | awk '{print $2}'

Solaris:
# pkgparam -v NDSserv | grep -w "VERSION" | awk -F"=" '{print $2}'

Windows:
The installer first gets the eDirectory install path:
Registry Key: HKLM\SYSTEM\CurrentControlSet\Services\NDS Server0
Value Name: ImagePath
The installer then invokes the getWin32ProductVersionString() method in the native library JWin32FileVersion?.dll and passes in the path to the eDirectory service executable (ndsserv.exe). The native code calls GetFileVersionInfo() and VerQueryValue() to get the "ProductVersion".

The installer parses out the major and minor versions from the output. If eDirectory 8.8.3 or greater is not installed, the installer outputs the above error.

Unsupported eDirectory Architecture This version of the Identity Manager Metadirectory Engine is not supported on 64-bit eDirectory.

Linux, Windows:
If the user selects to install the Metadirectory Engine and 64-bit eDirectory is installed, the installer outputs the above error.

Prerequisite libraries not found The compat-libstdc++ library needs to be installed in order to run Identity Manager. You may proceed to install Identity Manager, but you will need to install this library prior to running Identity Manager. Do you want to proceed?

Linux:
On Linux, the installer checks for the existence of /usr/lib/libstdc++*. If not found, the installer outputs the above error.

iManager not found Novell iManager 2.7 or later must be installed on this system in order to install the Identity Manager Plug-ins. Please install iManager 2.7 or later and try again.

If the user selects to install the iManager plug-ins the installer checks that a valid version of iManager is installed.

Linux, AIX, Solaris:
# grep -w IMANAGER_VERSION /etc/eMFrameInstall.properties | awk -F"=" '{print $2}'

Windows:
Registry Key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Novell iManager
Value Name: DisplayVersion

The installer parses out the major and minor versions from the output. If iManager 2.7 or greater is not installed, the installer outputs the above error.

NMAS not found Novell Modular Authentication Service (NMAS) was not found installed on the system. Please install NMAS 3.1.3 or later (Security Services 2.0.4 or later) then try again.

Valid version of NMAS not found Novell Modular Authentication Service (NMAS) version x.x.x was found installed on the system. NMAS 3.1.3 or later (Security Services 2.0.4 or later) should be installed for Identity Manager to run properly. You may proceed to install Identity Manager, but you will need to upgrade NMAS prior to running Identity Manager. Do you want to proceed?

Linux:
# rpm -qi novell-nmas | grep "Version" | awk '{print $3}'

AIX:
# lslpp -L | grep NOVLnmas | awk '{print $2}'

Solaris:
# pkgparam -v NOVLnmas | grep -w "VERSION" | awk -F"=" '{print $2}'

Windows:
The installer invokes the getWin32FileVersion() method in the native library JWin32FileVersion? .dll and passes in the path to nmasLDAP.dll. The native code calls GetFileVersionInfo() and VerQueryValue() to get the "FileVersion".

The installer parses out the major and minor versions from the output. If NMAS is not installed, the installer outputs the first error. If NMAS is installed but the version is less than NMAS 3.1.3, the installer outputs the second error.

Identity Manager Activation Notice! Identity Manager components require activation and must be activated within 90 days of installation, otherwise they will time out. Purchasing a component authorizes you to request and receive activation credentials which are required to activate the product.

The installer displays this dialog if the Metadirectory Engine, Remote Loader Service, or any drivers are selected to be installed.

Remote Loader Is Running The Remote Loader is running. Please shut down the Remote Loader then select Continue to proceed with the install. Select Exit to exit the installer.

Windows:
On Windows, if the user selects to install the Remote Loader Service the installer checks to see if either the rlconsole_<LOCALE>.exe or rlconsole.exe process is running.

User Credentials Not Valid Please verify the user name, context, and password you supplied are correct. If you are installing the Metadirectory Server, please make sure eDirectory is running on this system and that LDAP is functioning properly.

The installer starts eDirectory then uses the JClient library to validate the user credentials by attempting to use them to authenticate to eDirectory. The installer installs the JClient library (and any dependent libraries) into /tmp/lib (\tmp\lib on Windows). The installer JVM is launched with -Djava.library.path=/tmp/lib so it will find libraries in this directory. In the Linux, AIX, and Solaris installers, /tmp/lib is included in the LD_LIBRARY_PATH environment variable so the system will also correctly find the dependent libraries in this directory.

If the user name or password is null, or the user name does not contain a comma, or the installer is unable to login to eDirectory with the provided credentials, the installer outputs the above error.

Starting and Stopping eDirectory

During the installation, the installer starts and stops eDirectory for the following reasons:

Stop	Start	When
	X	If the user selects to install the Metadirectory Engine, or to Register the Novell Audit System Components for Identity Manager, the installer will prompt the user for the credentials of an eDirectory user with administrative rights and start eDirectory to validate the user credentials.
X		If the user selects to install the Metadirectory Engine, or any driver, the installer shuts down eDirectory prior to installing them. On Windows, the installer will also shut down eDirectory if the user selects to install the Remote Loader Service. The installer shuts down eDirectory to avoid issues with overwriting files that are in use, or that might require a restart of eDirectory.
	X	If the installer stopped eDirectory, it restarts it after installing files and prior to extending schema, installing NMAS login methods, or registering audit components. On Windows, the installer delays starting eDirectory until after the schema has been extended.

On Linux, AIX, and Solaris the installer starts and stops eDirectory using the following commands:

bash -c 'LD_LIBRARY_PATH=; source /opt/novell/eDirectory/bin/ndspath; ndsmanage start --config-file configFile'
bash -c 'LD_LIBRARY_PATH=; source /opt/novell/eDirectory/bin/ndspath; ndsmanage stop --config-file configFile'

where configFile is the full path to the configuration file for the target instance, for example, /etc/opt/novell/eDirectory/conf/nds.conf.

On Windows, the installer starts and stops eDirectory by starting and stopping the NDS Server0 service.

Extending Schema in eDirectory

When installing the Metadirectory Engine, the installer extends the eDirectory schema as needed for Identity Manager. It extends the schema for any driver that requires a schema extension, even if the driver is not selected to be installed. The installer extends the eDirectory schema using the following schema files:

Schema File	Contains Schema Definitions for:
vrschema.sch	Identity Manager
drv_ext.sch
AvayaDvr.sch.sch	Avaya Driver
sap.sch	SAP Driver
sapuser.sch
nsimAux.sch	Password Policy
WkOdrDvr.sch	Work Order Driver
nxdrv.sch	Linux/UNIX Bidirectional Driver
i5os.sch	Midrange Driver
racf.sch	RACF Driver
tss.sch	Top Secret Driver
fanout.sch	Fan Out Driver

Extending Schema on Linux, AIX, and Solaris

On Linux, AIX, and Solaris the installer first extracts the schema files from the DXMLsch install package into into the /opt/novell/eDirectory/lib/nds-schema directory. (see [[#InstallingPackages][Installing Packages]).

The installer extends the schema using the following command:

ndssch -h hostname:port -t treename -p password admin-FDN schemafile

where hostname is the name or IP address of the server on which the schema is to be extended, port is the server port, treename is the name of the tree on which the schema is to be extended, password is the password for admin-FDN, admin-FDN is the name with the full context of the eDirectory administrator with rights to the [Root] of the tree, and schemafile is the full path to the file that contains the schema definitions. For example:

ndssch -h MyHost:524 -t MyTree -p password .admin.novell.T=MyTree. /opt/novell/eDirectory/lib/nds-schema/vrschema.sch

If this command fails, check /tmp/idmInstall.log for details (see Installation Log Files).

Extending Schema on Windows

On Windows, the installer first installs the schema files from setup\schema in the CD image into the eDirectory install location (C:\Novell\NDS). It also copies the following two additional files:

File	Description
schemaStart.bat	Script to perform schema extensions
sch_nt.cfg	Contains the list of schema files to apply

The installer extends the schema using the following command:

edirLocation\schemaStart.bat edirLocation yes "admin" "password" yes 6 " " "schemaFile" "serverName" dibPath

For example,

C:\Novell\NDS\schemaStart.bat C:\Novell\NDS yes ".admin.novell.T=MyTree." "password" yes 6 " " "C:\Novell\NDS\sch_nt.cfg" ".CN=MyServer-NDS.O=novell.T=MyTree." C:\Novell\NDS\DIBFiles

By using sch_nt.cfg, all of the Identity Manager schema files are extended by a single call to schemaStart.bat.

The schemaStart.bat script sets the following environment variables and then invokes dhost.exe with the install command to extend the schema:

Environment Variable	Value	Example
NDSI_INSTALL_PATH	edirLocation	C:\Novell\NDS
DSI_NEW_TREE	yes	yes
DSI_USER_NAME	admin	.admin.novell.T=MyTree.
DSI_USER_PASSWORD	password	password
DSI_MAKE_SERVICE	yes	yes
DSI_APPLICATION	6 (DSI_EXTEND_SCHEMA)	6
DSI_SCHEMA	schemaFile	C:\Novell\NDS\sch_nt.cfg
DSI_SERVER_NAME	serverName	.CN=MyServer-NDS.O=novell.T=MyTree.
DSI_DIB_PATH	dibPath	C:\Novell\NDS\DIBFiles
DSI_ADD_REPLICA	(set to null)
DSI_AUTO_UNLOAD	Yes	Yes
DSI_GET_USER_INPUT	No	No
DSI_IPX_ONLY	No	No

The command is of the format:

START /b /DedirLocation edirLocation\dhost /DataDir=edirLocation\DIBFiles install

For example,

START /b /DC:\Novell\NDS C:\Novell\NDS\dhost /DataDir=C:\Novell\NDS\DIBFiles install

The environment variable values and the actual command used to invoke dhost.exe, along with any error messages, are logged to the file edirLocation\SchemaExtend.log, for example, C:\Novell\NDS\SchemaExtend.log.

Installing NMAS Login Methods

When installing the Metadirectory Engine, the installer installs the NMAS Challenge Response login method. This login method is normally installed as part of eDirectory, but it is optional in the eDirectory installer and is required for Identity Manager. The IDM installer will not overwrite a newer login method.

The installer first extracts the Challenge Response files into the installer's temporary directory.

Linux, AIX, Solaris:
The installer extracts the NMAS install library libnmasinst_sa.so into the /tmp/lib directory and loads it.

Windows:
The installer extracts the libraries NMASInst.dll, dclient.dll, and sal.dll into the /tmp/lib directory and loads NMASInst.dll.

On all platforms, after the NMAS install library is loaded the installer calls the JNI entry point createNMASMethodCheckVersion to install the Challenge Response method. The parameters include the admin user name and password, the tree name, and the full path to ChallengeResponse/config.txt.

If this action fails check idmInstall.log, or run the installer in debug mode for additional details (see Installation Log Files).

Installing iManager Plug-ins

If the user selects to install the Web-based Administration Server the installer installs the iManager plug-ins for Identity Manager. The IDM36 iManager plug-ins can only be installed onto a machine on which iManager 2.7 is already installed.

Please note that these plug-ins require the eDirectory schema extensions from the Metadirectory Engine feature. The Metadirectory Engine must have already been installed somewhere in the eDirectory tree. Alternatively, the Metadirectory Engine and Identity Manager Plugins features can be installed in the same install.

The iManager plug-ins for Identity Manager are combined into a single Novell Plug-in Module (NPM) named IDMPlugins_IMAN_2_7_IDM_3_6.npm.

Linux, AIX, Solaris:
The installer installs the DXMLplgs package which installs IDMPlugins_IMAN_2_7_IDM_3_6.npm into /usr/nps/packages. (see Installing Packages).

Windows:
The installer accesses IDMPlugins_IMAN_2_7_IDM_3_6.npm from setup\imanplugins\27 in the CD image.

The Identity Manager 3.6 Plug-in for iManager 2.7 is also available from download.novell.com.

The IDMPlugins_IMAN_2_7_IDM_3_6.npm super NPM contains the following NPMs:

ApprovalFlow.npm	Novell Identity Manager - Provisioning and Workflow

RBS Module: Provisioning and Workflow Plug-ins (10.6.20080719.1)
Roles and Tasks:

• Workflow Administration

  • Workflows

  • Email Templates

  • Email Server Options

• Provisioning Configuration

  • Provisioning Requests

  • Provisioning Teams

CredProv.npm	Novell Identity Manager - Credential Provisioning

RBS Module: Credential Provisioning Plugins (10.6.20080719.1)
Roles and Tasks:

• Credential Provisioning

  • Configuration

DirXMLCommon.npm	Novell Identity Manager - Common Utilities

RBS Module: none
Roles and Tasks: none

DirXMLFilter.npm	Novell Identity Manager - Filter Management

RBS Module: none
Roles and Tasks: none

DirXMLInfo.npm	Novell Identity Manager - Versioning Information

RBS Module: Identity Manager Plugins (10.6.20080719.1)
Roles and Tasks:

• Identity Manager Utilities

  • Versions Discovery

DirXMLOverview.npm	Novell Identity Manager - Configuration

RBS Module: Identity Manager Plugins (10.6.20080719.1)
Roles and Tasks:

• Identity Manager

  • Identity Manager Overview

DirXMLPermit.npm	Novell Identity Manager - Activation

RBS Module: Identity Manager Plugins (10.6.20080719.1)
Roles and Tasks: none

• Identity Manager Utilities

  • Deletes: Request Activation

  • Deletes: Install Activation

DirXMLRules.npm	Novell Identity Manager - Schema Mapping

RBS Module: Identity Manager Plugins (10.6.20080719.1)
Roles and Tasks:

• Identity Manager Utilities

  • Deletes: New Policy

DirXMLScript.npm	Novell Identity Manager - Policy Builder

RBS Module: none
Roles and Tasks: none

dsp.npm	Novell Identity Manager - Driver Specific Support

RBS Module: DSP Plug-ins (10.6.20080719.1)
Roles and Tasks:

• PBX

  • PBX Audix Subscribers

  • PBX Extensions

  • PBX Sites

  • PBX Work Orders

DWiz.npm	Novell Identity Manager - Application Driver Configuration

RBS Module: Identity Manager Plugins (10.6.20080719.1)
Roles and Tasks:

• Identity Manager Utilities

  • Import Drivers

  • Export Driver

  • New Driver

  • Deletes: Load Sample Objects

  • NDS-to-NDS Driver Certificates

entitlement.npm	Novell Identity Manager - Role-Based Entitlements

RBS Module: Role-Based Entitlements (10.6.20080719.1)
Roles and Tasks:

• Identity Manager Utilities

  • Upgrade Entitlements

  • Entitlement Recipients

  • ID-Provider Policies

• Role-Based Entitlements

  • Reevaluate Membership

  • Role-Based Entitlements

eProvConsole.npm	Novell Identity Manager - Dataflow

RBS Module: Identity Manager Plugins (10.6.20080719.1)
Roles and Tasks:

• Identity Manager Utilities

  • Dataflow

  • Dataflow (Table view)

  • Deletes: Design Dataflow

FanOutWeb.npm	Novell Identity Manager - Fan-Out Driver Plug-in

RBS Module: FanOutWeb (3.60.20080530)
Roles and Tasks:

• Fan-Out Driver Configuration

  • Configure Core Drivers

  • Configure iManager Plug-In

  • Configure Logs

  • Configure Platforms

  • Configure Platform Sets

  • Configure Provisioning

  • Configure Search Objects

  • Configure UID/GID Sets

• Fan-Out Driver Utilities

  • Component Status

  • Documentation

  • Log Viewer

  • Provisioning Details

  • Review Naming Exceptions

  • Review Platform Errors

  • Trawl

IDMJob.npm	Novell Identity Manager - Jobs

RBS Module: none
Roles and Tasks: none

Inspector.npm	Novell Identity Manager - Inspector

RBS Module: none
Roles and Tasks: none

notfconfig.npm	Novell Identity Manager - eMail Notification Configuration

RBS Module: Notification Module (10.6.20080719.1)
Roles and Tasks:

• Passwords

  • Email Server Options

  • Email Templates

pki.npm	Novell Certificate Server Plug-ins for iManager

RBS Module: Novell Certificate Server Plugin (3.300.20070917)
Roles and Tasks:

• Novell Certificate Access

  • SAS Service Object

  • Server Certificates

  • User Certificates

• Novell Certificate Server

  • Configure Certificat Authority

  • Create CRL Object

  • Create Default Certificates

  • Create SAS Service Object

  • Create Server Certificate

  • Create Trusted Root

  • Create Trusted Root Container

  • Create User Certificate

  • Issue Certificate

  • Repair Default Certificates

PlatformAdministration.npm	Platform Administration Module

RBS Module: none
Roles and Tasks: none

pwdpolicy.npm	Novell Identity Manager - Password Management

RBS Module: Password Policies Modules (10.6.20080719.1)
Roles and Tasks:

• Passwords

  • Challenge Sets

  • Password Policies

  • View Policy Assignments

  • Set Universal Password

pwsyncconfig.npm	Novell Identity Manager - Password Sync

RBS Module: Password Synchronization Module (10.6.20080719.1)
Roles and Tasks:

• Passwords

  • Check Password Status

  • Password Synchronization

SharedContentV1.npm	Novell iManager Content - Shared Content

RBS Module: none
Roles and Tasks: none

StatusLog.npm	Novell Identity Manager - Report and Notification Service Configuration

RBS Module: eDirectory Report and Notification Service (10.6.20080719.1)
Roles and Tasks:

• eDirectory Maintenance

  • New Report and Notification Service

  • Disconnect Report and Notification Service

UserProfile.npm	Novell Identity Manager - User Profile Property Pages

RBS Module: none
Roles and Tasks: none

The installer displays a message at the end of the install telling the user to restart the Application server (Tomcat).

Linux:
The following command will restart Tomcat:
# /etc/init.d/novell-tomcat5 restart

Solaris:
The following command will restart Tomcat:
# /etc/init.d/imgr stop; /etc/init.d/imgr start

Windows:
Restart the Tomcat5 service.

When you login to iManager, if you see the message "Notice: Some of the roles and tasks are not available.", click on View Details for more information. Two common reasons for this are:

1. You have not restarted Tomcat (new jar files are not seen).

2. You have not installed the Metadirectory Engine in the tree (eDirectory schema has not been extended).

If you see the message "Notice: New iManager modules are available to install.", click on the install link and install the available plug-in modules.

You can verify the installation of the NPMs as follows:

1. Login to iManager and navigate to Configure > Plug-in Installation > Installed Novell Plug-in Modules. You should see the Identity Manager modules in the table above included in the list of Installed Novell Plug-in Modules. If so, they have been correctly installed and you can skip the remaining steps.

2. If the Identity Manager modules are not included in the list of Installed Novell Plug-in Modules, and you have not restarted Tomcat since installing them, restart Tomcat as described above then repeat step #1. Otherwise, proceed to step #3.

3. Click on Available Novell Plug-in Modules. If the modules are listed here, click the top-most check box (to select all) then click Install (just above the top-most check box) to install them then repeat step #1. Otherwise, proceed to step #4.

4. You can find information you need to troubleshoot the problem in the following locations:
   idmInstall.log

   (see Installation Log Files)

   
   .../iManager/nps/packages - The individual NPMs are extracted from the "super" NPM into this directory.
   .../iManager/nps/WEB-INF/logs/install - Each plug-in is installed using a Zero G InstallAnywhere installer. The install log for each install is located here. The names of the log files correspond to the names of the NPM files. For example, the log file for UserProfile.npm is UserProfile_InstallLog.log.

The installer installs the IDM iManager modules (NPMs) into iManager, but it does not install the associated RBS modules. By design, RBS roles and tasks should be manually configured by the RBS administrator.

You can install the RBS roles and tasks as follows:

1. Login to iManager and navigate to Configure > Role Based Services > RBS Configuration.

2. If you have not previously configured iManager for Role Based Services you will see a message telling you to Configure iManager. Click on the link to start the iManager Configuration Wizard and follow instructions.

3. Navigate to Configure > Role Based Services > RBS Configuration > iManager 2.x Collections.

4. If you just ran the iManager Configuration Wizard in step #2, the number of Not-Installed modules should be 0. If you click on the number of Installed modules, you should see the Identity Manager RBS modules in the list.

5. If you ran the iManager Configuration Wizard prior to installing the Identity Manager plug-ins, the Identity Manager RBS modules should be in the list of Not-Installed modules. To install them, click on the number of Not-Installed modules, click the top-most check box (to select all), then click Install (just above the top-most check box).

Once the Identity Manager RBS modules appear in the list of Installed modules, the Identity Manager roles and tasks should be available in the iManager Roles and Tasks view.

Installing the Roles Service Driver

The IDM36 installers silently invoke the Roles Service Driver installers. They are located on the CD images as follows:

Platform	Path
Linux:	linux/setup/roles_driver_install_linux.bin
AIX:	aix/setup/roles_driver_install_aix.bin
Solaris:	solaris/setup/roles_driver_install_solaris.bin
Windows:	windows\setup\drivers\roles\roles_driver_install.exe

They are invoked using the -i silent and -f <temp-properties> options, where <temp-properties> is a temporary file the IDM36 installer creates to pass needed information to the Roles Service Driver installer.

The Roles Service Driver installation log files may be helpful when troubleshooting problems with installing the Roles Service Driver:

What	Platform	Path
Installation log	Linux, AIX, Solaris:	$HOME/idm/Roles_Service_Driver_for_Novell_Identity_Manager_ InstallLog.log
	Windows:	C:\Program Files\Novell\Identity Manager\Roles_Service_Driver_for_Novell_Identity_Manager_ InstallLog.log
Debug log	Linux, AIX:	/tmp/roles_driver_install.log
	Solaris:	/var/tmp/roles_driver_install.log
	Windows:	%TEMP%\roles_driver_install.log

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.