5.2 Installing Identity Manager on One Node in Each Peer Cluster

On one node in each peer cluster, install iManager and Identity Manager. This node will be referred to as the IDM node throughout the guide.

Each IDM node must be online in its peer cluster and Identity Manager must be running properly whenever you attempt to modify the BCC configuration or manage the BCC-enabled cluster resources.

5.2.1 Installing and Configuring the Identity Manager Components Used by BCC

The procedure in this section installs and configures only the Identity Manager components used by BCC.

Install Identity Manager on the same node in each peer cluster where you installed iManager:

  1. Log in to the node as the root user, then open a terminal console.

  2. Securely copy the Identity Manager ISO file (Identity_Manager_4.8_Linux.iso) to the first node in the peer cluster.

  3. Mount the Identity_Manager_4.8_Linux.iso.

  4. From the root directory of the.iso file, run the following command.

    ./install.sh

  5. Read through the license agreement and enter y to accept the license agreement

  6. Decide the Identity Manager server edition you want to install. Enter y for Advanced Edition and n for Standard Edition.

  7. From the list of components available for installation, select Identity Manager Engine component to install engine.

    The message “Once the installer has detected an existing Identity Vault, it is recommended that the Identity Vault configuration is validated prior to proceeding with the install of Identity Manager Engine” appears.

  8. Apply the latest released IDM patch (IDM 4.8.7) on the IDM node in each peer cluster and then proceed with configuration (running configure.sh script).

  9. Navigate to the location where you mounted the Identity_Manager_4.8_Linux.iso file.

  10. Specify the following command at the command line to run the configure.sh script:

    ./configure.sh

    1. Decide whether you want to perform a typical configuration or a custom configuration. Enter '2' to continue with the custom configuration. Again, press 'Enter' to confirm.

    2. Specify the component you want to configure. Enter '1' to continue with the Identity Manager Engine configuration. Again, press 'Enter' to confirm.

    3. It prompts for Do you want to set a common password (y/n)?, enter 'y' to continue.

    4. Enter a common password and then re-enter the same password to confirm.

    5. Enter the Identity Vault hostname/IP address [127.0.0.1]:

    6. Specify the component you want to install. Enter '3' to continue with the Add to an Identity Vault existing on local machine configuration mode. Again, press 'Enter' to confirm.

    7. It prompts for Enter Identity Vault Tree Name, press 'Enter' to continue with the default tree name or enter tree name.

    8. It prompts for Enter Identity Vault Administrator name, press 'Enter' to continue with the default administrator name (cn=admin,ou=sa,o=system) or enter the administrator name.

    9. It prompts for Enter Identity Vault Administrator password, enter password.

    10. It prompts for Enter LDAP SSL port, press 'Enter' to continue with the default port (636) or enter the port number.

    11. It prompts for Do you want to install a new driverset (y/n), enter 'y' to continue.

    12. It prompts for Enter Identity Vault driver set name, press 'Enter' to continue with the default driver set name (driverset1) or enter the driver set name.

    13. It prompts for Enter Identity Vault driver set deploy context, press 'Enter' to continue with the default context (o=system) or enter the driver set deploy context.

    14. It prompts for Enter custom driverset ldif file path, press 'Enter' to continue with the default file path (/opt/sample-driverset.ldif) or enter the file path of the sample driver set available at IDM/LDIF/sample-driverset.ldif.

    For more information on configuring your component, see Understanding the Configuration Parameters in the NetIQ Identity Manager Setup Guide for Linux.

    The sample Identity Manager configuration is as follows:

    # ./configure.sh
    Verifying installed components...
    
    ###############################################################
                      Identity Manager Configuration
                       Wed Jun  6 10:38:00 IST 2018
    ###############################################################
    
    Select the configuration mode. Typical configuration is for new installation and demo setup. Custom configuration is for advanced users.
    
      1 ) Typical Configuration
      2 ) Custom Configuration
    
    Choose ONLY ONE option. To continue, press Enter:2
    =============================================================================
           The selected component(s) are highlighted below. To confirm, press Enter. To deselect a component, type the value of the component that you want to deselect.
    =============================================================================
      1 ) Typical Configuration
      2+) Custom Configuration
    
    Choose ONLY ONE option. To continue, press Enter:
    
    The following Identity Manager components are available for configuration :
    
      1 ) Identity Manager Engine
    
    Specify the component(s) that you want to configure. To configure multiple components, specify the values as a comma-separated list [For example, 1, 2, 3]. To confirm, press Enter: 1
    
    ==============================================================================
           The selected component(s) are highlighted below. To confirm, press Enter. To deselect a component, type the value of the component that you want to deselect.
    =============================================================================
    
      1+) Identity Manager Engine
    
    Specify the component(s) that you want to configure. To configure multiple components, specify the values as a comma-separated list [For example, 1, 2, 3]. To confirm, press Enter:
    
    Do you want to set a common password (y/n)? [y]:
       
    Enter a common password:
    Confirm Password:
    
    Enter the Identity Vault hostname/IP address [127.0.0.1]:
    
    Select the configuration mode :
      1 ) Create a new Identity Vault
      2 ) Add to an Identity Vault existing on remote machine
      3 ) Add to an Identity Vault existing on local machine
    
    Specify the component(s) that you want to install. To install multiple components, specify the values as a comma-separated list [For example, 1, 2, 3]. To confirm, press Enter: 3
    
    =============================================================================
           The selected component(s) are highlighted below. To confirm, press Enter. To deselect a component, type the value of the component that you want to deselect. =============================================================================
      1 ) Create a new Identity Vault
    
      2 ) Add to an Identity Vault existing on remote machine
    
      3+) Add to an Identity Vault existing on local machine
    
    Specify the component(s) that you want to install. To install multiple components, specify the values as a comma-separated list [For example, 1, 2, 3]. To confirm, press Enter:
    
    Enter Identity Vault Tree Name [OES_Server_tree]:IDM_PATCH_OES
    
    Enter Identity Vault Administrator name [cn=admin,ou=sa,o=system]:cn=admin,o=acme
    
    Enter Identity Vault Administrator password:
    
    Enter LDAP SSL port [636]:
    
    Do you want to install a new driverset (y/n) [y]:
    
    Enter Identity Vault driver set name [driverset1]:
    
    Enter Identity Vault driver set deploy context [o=system]:o=acme
    
    Enter custom driverset ldif file path [/opt/sample-driverset.ldif]:/tmp/sample-driverset.ldif
    
    Refer log for more information at /var/opt/netiq/idm/log/idmconfigure.log
  11. Repeat this procedure on the IDM node in each peer cluster in turn.

  12. When Identity Manager is running on one node in every peer cluster, continue with Section 5.2.2, Installing the Identity Manager Plug-in for iManager.

5.2.2 Installing the Identity Manager Plug-in for iManager

On the IDM node in each peer cluster, ensure that the Identity Manager plug-ins are installed:

  1. In a Web browser, access iManager running on the IDM node in the peer cluster, then log in to iManager as an administrator user.

  2. Verify that the Identity Manager plug-in has been added to iManager (an icon appears in the toolbar, or iManager opens by default to the Identity Manager page):

    • If Identity Manager is present, you are done with this task on this node. Repeat this procedure on the IDM node in each peer cluster in turn.

    • If the Identity Manager plug-in is not present, continue with the next steps to install it.

  3. In iManager, click the Configure icon in the toolbar.

  4. Click Plug-In Installation > Available Novell Plug-In Modules.

  5. Select NetIQ Identity Manager Plug-Ins for IDM 4.8.7, then click Install.

    If this option is not in the list, click Add, browse to select the Identity Manager .npm file, then click OK.

  6. Read the License Agreement, select I Agree, then click OK.

  7. After the installation is complete, click Close twice.

  8. Log out of iManager and close the browser.

  9. Restart Tomcat. Enter

    rcnovell-tomcat restart

    Or

    systemctl restart novell-tomcat.service
  10. Repeat this procedure on the IDM node in each peer cluster in turn.

  11. After the iManager plug-in is installed for the iManager instance running on the IDM node in each peer cluster.