For Linux\UNIX platforms you can install the Metadirectory Server as root or a nonroot user. You install Identity Manager as a nonroot user to increase the security on the server. eDirectory must be installed by a nonroot user for the nonroot installation to work. The installation procedure is different if you are using the nonroot installation. See Section 7.2.1, Nonroot Installation of the Metadirectory Server for the installation instructions.
This procedure covers the installation of the Metadirectory server, web components, and utilities for the different platforms that Identity Manager supports.
Verify that you have met the system requirement list in Section 6.0, System Requirements.
(Linux\UNIX only) To verify that the environment variables for eDirectory are exported before starting the installation on Linux/UNIX, go to a command prompt and enter:
set | grep PATH
The environment variables set the path for the eDirectory installation. The eDirectory installation path is listed if the environment variables are set. If the environment variables are not set, the installation of Identity Manager fails.
To set the environment variables for your current shell:
. /opt/novell/eDirectory/bin/ndspath
You must have the space between the . and the / for the command to work. For more information, see “Using the nds-install Utility to Install eDirectory Components”.
Start the installation, using the correct program for your platform.
Windows: IDM3.6.1_Win:windows\setup\idm_install.exe
Linux - GUI Install: IDM3_6_1_Lin/linux/setup/idm_linux.bin [-i gui]
Linux - Command Line Install: IDM3_6_1_Lin/linux/setup/idm_linux.bin -i console
Solaris - GUI Install: IDM3_6_1_Solaris/solaris/setup/idm_solaris.bin [-i gui]
Solaris - Command Line Install: IDM3_6_1_Solaris/solaris/setup/idm_solaris.bin -i console
AIX - GUI Install: IDM3_6_1_AIX/aix/setup/idm_aix.bin [-i gui]
AIX - Command Line Install: IDM3_6_1_AIX/aix/setup/idm_aix.bin -i console
To execute the binary files on Linux\Solaris\AIX, enter ./install.bin [-i {gui | console}].
Use the following information to complete the installation:
Select Components: Select the Metadirectory server, iManager plug-ins, and utilities to install the Metadirectory server.
Novell Identity Manager Metadirectory Server: This option requires the Identity Vault to be installed on this server. It extends the schema for Identity Manager, installs the Metadirectory engine, the Identity Manager drivers, and the Novell Audit Agent.
Novell Identity Manager Connected System Server: This option does not require the Identity Vault to be installed on this server. Select this option only if you are installing the Remote Loader. For more information, see Section 7.3, Installing the Remote Loader.
None: Select this option if you want to install the iManager plug-ins or the utilities without installing the Metadirectory server or the connected system server on this server.
Novell Identity Manager Web-based Administration Server: Select this option if you have iManager installed on this server. It installs the iManager plug-ins for Identity Manager.
Utilities: Installs utilities used to help configure the drivers for the connected systems. Not all drivers have utilities. If you are not sure if you need this, select it. It does not use much disk space.
Customize the selected components: This option enables you to customize the components that you have selected to install. Therefore, before selecting this option, you should select the relevant components to install.
Authentication: Specify a user and password that has sufficient rights in eDirectory to extend the schema. Specify the username in the LDAP format. For example, cn=idmadmin,o=company.
Activate Identity Manager. For more information, see Section 8.0, Activating Novell Identity Manager Products.
Create and configure your driver objects. This information is contained in each driver guide. For more information, see Identity Manager Drivers documentation.
You can install Identity Manager as a nonroot user to enhance the security of your UNIX/Linux server. You cannot install Identity Manager as a nonroot user if eDirectory is installed by root.
The nonroot installation does not install the following items:
Remote Loader: Use the Java Remote Loader if you need to install the Remote Loader as a nonroot user. For more information, see Section 7.3.5, Installing the Java Remote Loader on UNIX, Linux, or AIX.
UNIX/Linux Account Driver: Requires root privileges to function.
Novell Sentinel Platform Agent: Install Novell Sentinel Platform Agent by root. Create Dirxml.properties in the /etc/opt/novell/sentinelpa/conf directory. The location where the event log file gets generated (/var/opt/novell/sentinelpa/data/AuditEvents.log is the default location) should have the write permission for a non root user.
Use the following procedure to run the nonroot installation of the Metadirectory server:
Install eDirectory 8.8.5 or later as a nonroot user. For more information, see “Nonroot User Installing eDirectory 8.8”.
Log in as the nonroot user used to install eDirectory.
You should install Identity Manager as the same user you used to install the nonroot version of eDirectory. The user that installs Identity Manager must have write access to the directories and files of the nonroot eDirectory installation.
Execute the installation program for your platform.
Linux: IDM3.6.1_Lin/linux/setup/idm-nonroot-install
AIX: IDM3.6.1_Unix/aix/setup/idm-nonroot-install
IMPORTANT:The only supported AIX maintenance level is 5300-09. Newer or older maintenance levels are not supported.
Solaris: IDM3.6.1_solaris/setup/idm-nonroot-install
To execute the script files, enter ./idm-nonroot-install
Use the following information to complete the installation:
Base Directory for the nonroot eDirectory Installation: Specify the directory where the nonroot eDirectory installation is. For example, /home/user/install/eDirectory.
Extend eDirectory Schema: If this is the first Identity Manager server installed into this instance of eDirectory, enter Y to extend the schema. If the schema is not extended, Identity Manager cannot function.
You are prompted to extend the schema for each instance of eDirectory owned by the nonroot user that is hosted by the nonroot eDirectory installation.
If you do select to extend the schema, specify the full distinguished name (DN) of the eDirectory user that has rights to extend the schema. The user must have the Supervisor right to the entire tree to extend the schema. For more information about extending the schema as a nonroot user, see the schema.log file that is placed in the data directory for each instance of eDirectory.
Run the /opt/novell/eDirectory/idm-install-schema program to extend the schema on additional eDirectory instances after the installation is complete.
Utilities: (Optional) If you need an Identity Manager driver utility, you must copy the utilities from the Identity Manager installation media to the Identity Manager server. All utilities are found under the IDM3.6.1_platform/setup/utilities directory.
Activate Identity Manager. For more information, see Section 8.0, Activating Novell Identity Manager Products.
Create and configure the driver objects. This information is contained in each driver guide. For more information, see the Identity Manager Drivers documentation.
Start the silent installation by using the correct program for your platform:
Linux: IDM3_6_1_Lin/linux/setup/idm_linux.bin -i silent -f <filename>.properties
Solaris: IDM3_6_1_Solaris/solaris/setup/idm_solaris.bin -i silent -f <filename>.properties
AIX: IDM3_6_1_AIX/aix/setup/idm_aix.bin -i silent -f <filename>.properties
Create a property file <filename>.properties with the following attributes, in the location from where you run the Identity Manger installer:
For default installed locations, see /tmp/idmInstall.log.
NOTE:If you have installed iManager, and later you want to install iManager plug-ins, then you must set the WEB_ADMIN_SELECTED value to true.
NOTE:If you want to install (silent installation) Identity Manager on multiple instances, then you must make sure that the <filename>.properties file has the following: