Installation Procedure

Install the eDirectoryTM server components in the order they are presented in this section. Each section lists the product to install and which CD the product is on.


NICI 2.6.8

CD: NCL Server Components - CD 1
Location: \nici

  1. Run wcniciu0.exe.

  2. Follow the installation wizard to completion.


Novell Client 4.9.1 SP1

CD: NCL Server Components - CD 1
Location: \novellclient\winnt\i386

  1. Run setupnw.exe.

  2. Select Typical Installation.

  3. Follow the installation wizard to completion.

  4. Reboot the computer when prompted.

  5. At the Novell® ClientTM login screen, select Workstation Only and log in as the local Administrator.

NOTE:  On a Windows 2003 server, after you install the Novell Client, the network load balancing service will report a failure on startup. This is not a problem. See TID 10086698 and MSKB 833375 for information about turning this service startup failure message off.


eDirectory 8.7.3

CD: eDirectory 8.7.3 - CD 3
Location: \nt


eDirectory License Installation

  1. Copy the \license directory on CD 1 to a local drive.

    You will point to this \license directory later in the eDirectory installation.

  2. Insert the eDirectory 8.7.3 CD (CD 3) into the CD-ROM drive.

    The eDirectory installation should auto-launch. If it does not, run setup.exe in the \nt directory. The following screen should appear:


    eDirectory First Screen

  3. Select Install eDirectory, then click Install.

    Do not install Novell Client.

  4. Accept the license agreement.

  5. Install the licenses from a file.

    1. Browse to the local copy of the \license directory that you created in Step 1.

    2. Select the license file (.nfk file).

    After the licenses are installed, the eDirectory installation continues.


eDirectory Installation

  1. Accept the license agreement.

  2. Accept the default installation path (c:\novell\nds).

  3. Create a new eDirectory Tree.

  4. Fill in values for Tree name, Server object context, Admin name, Admin context, and password.

    Example values:

    Tree Name:

    NCL-TREE

    Server Object Context:

    NCL-eDir.ncl

    Admin Name:

    Admin

    Admin Context:

    ncl

    Password:

    ncl-test

    NOTE:  The server object context and the admin context should normally be the same. The above example uses ncl.

    You should write down these values so you can reference them later.

  5. Accept the defaults for the HTTP stack ports.

  6. Accept the defaults for the LDAP ports.

    If the eDirectory server is being installed on a Windows 2000 AD Domain Controller, you must change the ports to avoid a conflict with the AD LDAP server. We recommend changing the ports to 390 for clear text and 637 for SSL/TLS.

  7. Clear all the NMASTM methods.

    The Novell Enhanced Smart Card Method (NESCM) will be installed in a separate step.

  8. Click Finish to complete the installation.


iManager 2.5 Maintenance Release 2

CD: NCL Server Components - CD 1
Location: \imanager\installs\win


Installing iManager 2.5

  1. Run imanagerinstall.exe.

  2. Accept the license agreement.

  3. Configure iManager to use the following:

    Web Server:

    Apache

    Servlet Container:

    Tomcat

    JVM:

    Sun* JRE

    Apache Tomcat

  4. Accept the default installation folder.

  5. Enter the Tree name and Admin username.

    Previous example values:

    Tree Name:

    NCL-TREE

    Admin Name:

    admin.ncl

  6. Complete the installation.

NOTE:  When logging in to iManager, use the fully distinguished Admin user DN (for example, admin.ncl). If the tree can't be located, use the IP address or DNS name of the eDirectory server.


Installing Maintenance Release 2

To install the iManager 2.5 Maintenance Release 2, do the following:

  1. Log in to iManager.

  2. Click the Configure tab.

  3. Click Module Installation > Available Novell Plug-in Modules.

  4. Click New, browse to the iman25_2.npm file located on the NCL Server Components - CD 1 in the imanager\installs\win\packages directory, then click OK.

  5. Verify that the module is iman25_2.npm.

    The description should read Maintenance Update 2 for iManager 2.5.

  6. Select the checkbox next to the maintenance update file iman25_2.npm, then click Install.

    This install takes a few minutes.

  7. Restart the Tomcat service.

NOTE:  Tomcat sometimes requires several minutes to fully initialize. Wait a few minutes before trying to log into iManager after restarting Tomcat.


Identity Manager 2.0.2 Server

CD: Novell Nsure Identity Manager Pro 2.0.2 - CD 4
Location: \nt for Windows

  1. To begin the installation on Windows, insert CD 4 into the CD-ROM drive and close the drive.

    (Conditional) If the installation does not auto-launch, run install.exe located in the \nt directory on CD 4.

  2. Accept the license agreement.

  3. Review the Overview pages about the various systems and components.


    eDir Requirements
    iManager Requirements

  4. Click Next to begin the installation.

  5. Select the following three DirXML components, then click Next:


    IDM Components

    • DirXML Server: Installs the DirXML® engine and service drivers, DirXML drivers, NMAS components, and Nsure Audit agent, and also extends the eDirectory schema.

      Select the DirXML engine and the Active Directory driver.

    • DirXML Web Components: Installs the DirXML plug-ins, DirXML driver configurations, and Novell eGuide.

    • Utilities: Installs the application utilities you select (Windows only).

  6. Select the following drivers for the engine installation, deselect all other drivers, then click Next:

    • DirXML engine
    • Active Directory driver (Windows only)

  7. Click OK on any informational messages.

  8. In the Schema Extension page, specify the following:


    LDAP format

    • User Name: Username (in LDAP format) of a user who has rights to extend the schema

    • User Password: The user's password

    Previous example values:

    Tree Name:

    NCL-TREE

    User Name:

    cn=admin,o=ncl

    Password:

    ncl-test

  9. Accept the default Web components:

    • iManager plug-ins
    • Driver configurations

  10. Accept the default utilities:

    • Application Components

  11. Accept the default installation location for the utilities.

  12. Select Active Directory Discovery Tool and deselect all other utilities (Windows only).

    NOTE:  SQL Scripts for JDBC Drivers is selected by default. Make sure to deselect this.

  13. Click Finish to complete the installation program.

    With the Identity Manager server installed, you need to follow the configuration steps listed in Identity Manager Configuration - eDirectory Server in order to use Identity Manager.

    NOTE:  If you are prompted to overwrite certain files, select Do NOT overwrite newer files.

NOTE:  You need to activate Identity Manager within 90 days of purchase. For instructions on how to activate Identity Manager, see Activating Identity Manager .


SecretStore 3.3.5.4

CD: NCL Server Components - CD 1
Location: For Windows: \secretstore\server\windows

  1. Run secretstoreserverinstall.exe.

  2. Install Novell SecretStore® in the same location as eDirectory.

    The default location is c:\novell\sss\server.

  3. Accept the license agreement.

  4. Accept the default destination folder (c:\novell\nds).

  5. Enter the eDirectory Admin username and password.

    Previous example values:

    User DN:

    admin.ncl

    Password:

    ncl-test


eDirectory IR7 Patch


General eDirectory Patch

CD: NCL Server Components - CD 1
Location: \edirectory\interimreleases

  1. Run edir8737_win32.exe.

  2. Accept the default installation path (c:\novell\nds)


Security Updates

CD: NCL Server Components - CD 1
Location: \edirectory\securityupdate

  1. Copy the entire \securityupdate folder to a local drive.

  2. From the local \securityupdate folder, run .\secupd\nt\install.bat.

    Ignore messages about ConsoleOne® not being detected.

  3. From the local \securityupdate folder, run .\nmsrv239\nmaswin\install.bat.

NOTE:  The local copy of the \securityupdate folder is not needed after installation.


Novell Enhanced Smart Card Method (NESCM) - Server Component

CD: NCL Server Components - CD 1
Location: \nmasmethods

  1. Run methodinstaller.exe.

  2. Select the Enhanced Smart Card method.

  3. Enter the eDirectory login information.

    Previous example values:

    User Name:

    Admin

    Password:

    ncl-test

    Context:

    ncl

    Server:

    127.0.0.1 Port 636

  4. Accept the SSL certificate information.

  5. Accept the license agreement.

  6. Accept the NESCM details.

  7. Accept the default NMAS sequence name.

  8. Accept the default iManager plug-in location.


Nsure Audit 1.0.3

CD: NCL Server Components - CD 1
Location: \nsureaudit\windows


Installing to Windows

  1. Run naudit_win32.exe.

  2. Accept the license agreement.

  3. Accept the defaults for the username and company information.

  4. Accept the default destination folder.

  5. Select the full installation.

  6. Accept the default loop back address for the logging server.

  7. Enter the eDirectory Admin information when prompted.

    Previous example values:

    User Name:

    admin.ncl

    Password:

    ncl-test

  8. Accept the default log server name.

  9. Reboot the computer when prompted.

    HINT:  If you try to log in immediately following the reboot, you might receive an error message. If this happens, log out, wait 10 seconds, then log back in.

  10. After installing Nsure Audit, import the schemata if you want to use the advanced query and reporting options.

    You'll get an error if you try to access the advanced options before importing the schemata.

    1. Click Start > Programs > Nsure Audit Reporting Application.

    2. From the main menu, select File > Import > Application Schemata.

    3. Specify the IP address of the eDirectory server and the preferred language, then click OK.

    The license takes effect the next time the application is started.


Password Generation Service

CD: NCL Server Components - CD 1
Location: \passwordgenerationservice

The Password Generation Service uses Novell Client and NICI. If you install the Password Generation Service on another machine, you will need to install Novell Client and NICI first. For this solution, NICI is already installed on the eDirectory server.


Prerequisite Procedure

Before installing the Password Generation Service, you must first extend the eDirectory schema by doing the following:

  1. Copy the passwordgenerationservice.sch file located on CD 1 in the \passwordgenerationservice\schema directory to a location on your hard drive.

  2. Click Start > Settings > Control Panel.

  3. Double-click Novell eDirectory Services.

  4. Verify that you are on the Services page.

    This is the default tab.

  5. Select Install.dlm.

  6. Click Start.

    HINT:  The Novell eDirectory Install utility will come up behind the Novell eDirectory Services window.

  7. Under the DS Install and Uninstall section, select Install Additional Schema Files (selected by default) and then click Next.

  8. When the Authentication window comes up, type your eDirectory Admin name, context and password. Then click OK.

    Previous example values:

    User Name:

    Admin

    Context:

    ncl

    Password:

    ncl-test

  9. Browse for and select the passwordgenerationservice.sch file that you copied to your local drive.

    If the Finish button is not active, copy the passwordgenerationservice.sch file to a different directory and repeat this step.

  10. Click Finish.

    The schema is now extended.


Installation Procedure

To install the Password Generation Service:

CD: NCL Server Components - CD 1
Location: \passwordgenerationservice

NOTE:  You need to be authenticated as an Active Directory Domain Administrator before running this install. When configuring the Password Generation Service, you must configure it to run as the same administrative user. If you change the Password Generation policy, ensure that you log in as the same administrative user.

  1. Run setup.exe.

  2. On the Welcome screen, click Next.

  3. When you receive a reminder message about manually extending the eDirectory schema. Click OK to close the message.

    You already extended the schema in the previous section.

  4. Specify the Password Generation Policy values.


    Password Generation Policy page

    Make sure the policy does not contain conflicting rules.

    A conflicting policy would be as follows:

    Min Password Length = 10
    Max Password Length = 5

    IMPORTANT:  Your Password Generation policy must match your Active Directory password policy or you will receive Active Directory errors when Password Generation attempts to set the password.

  5. Click OK > Finish.


Post-Install Procedure

After you have the Password Generation Service installed and running, you need to give the service rights to log on to the Active Directory Domain.

  1. Click Start > Settings > Control Panel > Administrative Tools > Services.

  2. Right-click PasswordGenerationService, then click Properties.

  3. Click the LogOn tab.

  4. Select This Account.

  5. Click the browse button and select your Active Directory Domain/Administrator user.

  6. Type the password, then retype the password where instructed to do so.

  7. Click Apply, then click OK.

  8. Restart the PasswordGenerationService.

    You have to restart the service before changes take effect.

  9. (Optional) Check the passwordgen.log file in the \system32 directory to make sure the service was started correctly.

For information on using the Password Generation Service plug-in and command line utilities, see Using the Password Generation Service.