Hi. We are looking to start migrating our system from eDirectory v8.8sp6/8 to v9.1. We are building new systems most likely and are considering doing a non-root install so we can hand off to non-admin types. We have done non-root in the past for eDirectory so are familiar with that mostly. However looking at a non-root install for idm, it seems you have to manually assign a dirxml password policy package to each driver. Or something line that. We are still using the old idm v3.6x polices with our system. We have not converted to packages all tbis time. So how much trouble is a non-root install going to be for us?? Thanks,,,
Which flavour of non-root are you looking at? Root install binaries and running instance(s) as non-root? Or non-root tarball install and run as non-root?
I don't see any need to assign password policies to drivers just because you're running as non-root. Got a link to that in the documentation?
Policies still work fine, with or without packages. You should, of course, upgrade to packages, but if you don't it all still works just like it always has.
We are looking at the non-root tarball option. Which we have some eDirectory servers already like that. Just want to do the engine now.
Here is the document. On page 149
Completing a Non-root Installation
When you install the Identity Manager engine and plug-ins as a non-root user, the process performs all intended installation activities. This section guides you through the manual process required to complete the installation.
“Assigning the Password Policy Object to Driver Sets” on page 149
“Creating the Default Notification Collection Object in the Identity Vault” on page 151 “Adding Support for Graphics in Email Notifications” on page 152
Oh, that. Yeah, you can go ahead and just do that. It's a password policy, nothing to do with drivers or packages.
There have been some comments in the eDir forum about getting a non-root tarball install running with systemd at startup. Might see that thread too.
Not sure how to assign that policy, the docs talk about applying th package in designer. We are still using the legacy v3.61 polices😀
As for systemd, yes always fun times.
Somebody needs to update that documentation page. It's ... wrong. They're talking about NMAS password policies. Create in Security container, assign to driver set, and etc.. Then they switch over to talking about a Designer package...?
You might comment on the page, that'll generate an SR for somebody on the documentation team to go look at it.