After you have created the User Application driver, you install the Identity Manager User Application.
The Novell Identity Manager User Application is a Java Web Application Archive (WAR) file that is deployed to the JBoss application server. It uses a database (MySQL by default) to store configuration information. Depending on the type of installation you choose, the User Application installation program does the following also:
Installs JBoss or lets you specify an existing version of JBoss
Installs MySQL or lets you specify an existing version of MySQL, Oracle or Microsoft SQL Server 2000.
Configures the JRE’s certificates file so that the User Application (running on JBoss) can securely communicate with the Identity Vault and the User Application Driver.
Configures and deploys the WAR file to the JBoss application server.
Enables Novell Audit logging.
To install the Novell Identity Manager User Application, you need the following files:
HINT:Make sure to stop any other versions of MySQL on the install machine. If you have other versions running during the install, the installer will not start a new MySQL server and will not create a new database.
To launch the installer:
Obtain the appropriate installation files described in Installation Scripts and Executables.
Launch the program for your platform as described below:
Read the license agreement, then click
.Click
in the Introduction page of the install wizard.Choose your install set, then click
.Follow the instructions for your installation type:
Installation Type |
Action |
---|---|
Default install |
Go to: |
Custom:JBoss |
Go to: |
Custom: MySQL |
Go to: |
Custom: IDM User Application |
Go to: |
Complete selections on the following page:
NOTE:On Linux, if you see /root anywhere in the path, cancel the installation and log in again as a non-root user.
Click
.If you chose:
Default: Go to Section 5.4.3, Specifying MySQL Details.
Custom: IDM User Application: Go to Section 5.4.9, Choosing a Database Platform.
Complete selections in the following page:
Click Next to access the page for Section 5.4.4, Specifying the Database Host and Port.
Complete selections on the following page:
Click
.If you chose:
Custom: MySQL install: You’ll see the Pre-Install Summary. If everything is satisfactory, click Install.
Custom: IDM User Application: Go to Section 5.4.10, Specifying the Database Name and Privileged User.
Other install sets: Go to Section 5.4.5, Specifying the JBoss Server Settings.
Complete selections on the following page:
Click Next. If you chose:
Custom: JBoss install: You’ll see the Pre-Install Summary. If everything is satisfactory, click Install.
Other install sets—Go to Section 5.4.6, Selecting the JBoss Server Configuration Type.
Complete selections on the following page:
Click
. If you chose:Custom: JBoss install: You’ll see the Pre-Install Summary. If everything is satisfactory, click .
Other install sets: Go to Section 5.4.7, Enabling Novell Audit Logging.
To enable Novell Audit logging for the User Application:
Complete selections on the following page:
There are two pages for this configuration. One page lets you provide basic configuration information; the other is for advanced users and lets you configure additional parameters.
Complete selections on the following page:
Field |
Description |
---|---|
LDAP Host |
Required. Specify the host name or IP address for your LDAP server and it’s secure port. For example: myLDAPhost:636 |
LDAP Administrator and password |
Required. Specify the credentials for the LDAP administrator. This user must already exist. The User Application uses this account to make an administrative connection to the Identity Vault. |
Root Container DN |
Required. Specify the LDAP distinguished name of the root container. This is used as the default entity definition search root when no search root is specified in the directory abstraction layer. |
Provisioning Driver DN |
Required. Specify the distinguished name of the User Application Driver that you created earlier in the section on Section 5.3, Creating the User Application Driver. For example, if your driver is UserApplicationDriver and your driver set is called myDriverSet, and the driver set is in a context of o=myCompany, you would enter a value of: cn=UserApplicationDriver,cn=myDriverSet,o=myCompany |
User Application Administrator |
Required. An existing user in the Identity Vault that has the authority to perform any administrative task in the Identity Vault. This user can:
|
User Container DN |
Required. Specify the LDAP distinguished name (DN) or fully qualified LDAP name of the user container. This defines the search scope for users and groups. Users in this container (and under) are allowed to log in to the User Application. IMPORTANT:Be sure the User Application Administrator specified during User Application Driver setup exists in this container if you want that user to be able to execute workflows. |
Group Container DN |
Required. Specify the LDAP distinguished name (DN) or fully qualified LDAP name of the group container. Used by entity definitions within the directory abstraction layer. |
Keystore Path |
Required. Specify the full path to your keystore (cacerts) file of the JRE that the JBoss application server is using to run or else click the small browser button and navigate to (and select) your cacerts file in the /idm/jre/lib/security/ path). The utility must have permission to write to this file. |
Keystore Password/Confirm Keystore Password |
Required. Specify the cacerts password. The default is . |
Email Notify Host |
Specify the JBoss server hosting the Identity Manager User Application. For example: myJBossServer This value replaces the $HOST$ token in e-mail templates. The URL that gets constructed is the link to provisioning request tasks and approval notifications. |
Email Notify Port |
Used to replace the $PORT$ token in e-mail templates used in provisioning request tasks and approval notifications. |
Email Notify Secure Port |
Used to replace the $SECURE_PORT$ token in e-mail templates used in provisioning request tasks and approval notifications. |
(Optional) Click Complete selections on the following page:
.NOTE:To modify these values after completing the install, run the configupdate.sh script (on Linux) or the configupdate.bat file (on Windows). These files are located in your installation subdirectory. The update utility can connect to eDirectory using SSL if you use the -use_ssl parameter at startup. Otherwise, it connects to eDirectory in non-SSL mode.
Click
.Review the Pre-Installation Summary page. If everything is correct, click
to proceed with the installation.Click
when the installation completes.Open the Readme file in the install directory.
Complete selections on the following page:
Select the database platform. Depending on your choice, follow the configuration steps in the table below:
Database |
Description and Configuration Details |
---|---|
MySQL |
For a remote MySQL environment, create a database of the name you specified in the Section 5.4.3, Specifying MySQL Details. HINT:The installer creates the JBoss data source file for you with the name of the User Application WAR file. |
Oracle |
To use Oracle databases with the User Application:
HINT:The installer creates the JBoss data source file for you with the name of the User Application WAR file. |
MS SQL |
To use MS SQL databases with the User Application:
HINT:The installer creates the JBoss data source file for you with the name of the User Application WAR file. |
Complete selections on the following page:
The Forgot Password and Workflow e-mail notifications capabilities require that you do the following post-installation tasks:
In iManager, select the
Role.Under
, select .Provide your SMTP server name in the
field.In the
field, specify an e-mail address (for example, noreply@novell.com), then click .To verify that the installation went correctly, complete the remaining steps outlined in the Section 5.2, Installation and Configuration. If the Identity Manager User Application page does not appear in your browser after completing these steps, check the terminal console for error messages relating to MySQL, JBoss, and the User Application, and see Section 5.5, Troubleshooting.