Identity Manager Install and Installation Troubleshooting Tips

0 Likes
over 11 years ago
Author's Note: Although this information was created for IDM 3.6.1, it still applies to IDM 4.0 and later.

The Novell Identity Manager 3.6 (IDM36) installer is an Acresso InstallAnywhere (IA) installer that supports installing the Metadirectory Server or Connected System Server, drivers, iManager plug-ins, and related utilities. There are separate IDM36 installers for installing onto Linux, AIX, Solaris, and Windows.

The information below is intended to assist in troubleshooting IDM36 installation problems.

Contents



















Install Locations


The Identity Manager installers can be launched from the CD images as follows:



Platform

Path



Linux:

install.bin [-i {gui|console}]
linux/setup/idm_linux.bin [-i {gui|console}]



AIX:

install.bin [-i {gui|console}]
aix/setup/idm_aix.bin [-i {gui|console}]



Solaris:

install.bin [-i {gui|console}]
solaris/setup/idm_solaris.bin [-i {gui|console}]



Windows:

autorun.inf
windows\setup\idm_install.exe








 

The default install locations for the major components of Identity Manager are:



What

Platform

Path



Metadirectory Engine

Linux, AIX, Solaris:

/opt/novell/eDirectory



Windows:

C:\Novell\NDS



Remote Loader

Linux, AIX, Solaris:

/opt/novell/dirxml



Windows:

C:\Novell\RemoteLoader



Driver Shims

Linux, AIX, Solaris:

/opt/novell/eDirectory/lib/dirxml/classes



Windows:

C:\Novell\NDS\lib
C:\Novell\RemoteLoader\lib



iManager Plug-ins

Linux, Solaris:

/var/opt/novell/tomcat5/webapps/nps



Windows:

C:\Program Files\Novell\Tomcat\webapps\nps



Driver Configuration Files

Linux, Solaris:

/var/opt/novell/tomcat5/webapps/nps/DirXML.Drivers



Windows:

C:\Program
Files\Novell\Tomcat\webapps\nps\DirXML.Drivers



Utilities

Linux, AIX, Solaris:

Query the driver's native package, for example:
rpm -qlp linux/setup/packages/novell-DXMLnxdrv-3.6-0.i386.rpm



Windows:

C:\Novell\NDS\DirXMLUtilities



Uninstaller

Linux, AIX, Solaris:

$HOME/Uninstall_Identity_Manager/Uninstall_Identity_Manager



Windows:

C:\Program Files\Novell\Identity
Manager\Uninstall_Identity_Manager\Uninstall Identity
Manager.exe








 

Installing Files


For each platform, the IDM36 CD image contains subdirectories under the setup directory that contain the files to be installed. On Linux, AIX, and Solaris the installer uses native packages under setup/packages (see Installing Packages on Linux, AIX and Solaris). On Windows, the installer copies files directly from various subdirectories under setup (see Installing Files On Windows).

Installing Packages on Linux, AIX and Solaris


The following table lists which install packages the IDM36 installer installs for various components. For Linux and AIX these are RPM packages located under linux/setup/packages
and aix/setup/packages, respectively, and generally named novell-package. For Solaris they are PKG packages located under solaris/setup/packages, and generally named package.

 

Metadirectory Engine



Package Name

Description



DXMLsch

Schema Files



DXMLdev

Driver Development Kit



DXMLmtask

Manual Task Service Driver



DXMLtlmnt

Entitlement Service Driver



DXMLcmpsr

Composer Service Driver



NOVLjvml

JVM Loader



DXMLwkodr

Work Order Service Driver



DXMLidprv

ID Provider Service Driver



DXMLbase

Base Components



DXMLevent

Event Caching System



DXMLssop

Credential Provisioning



DXMLadeng

AD Driver Engine Components



DXMLpxjob

Password Expiration Job



DXMLengn

Core Engine



DXMLjdbcu

JDBC Utilities



AUDTplatformagent

Novell Audit Platform Agent (Linux only)



NOVLaudpa

Novell Audit Platform Agent (Solaris only)








 

Remote Loader Service



Package Name

Description



DXMLdev

Driver Development Kit



DXMLmtask

Manual Task Service Driver



DXMLtlmnt

Entitlement Service Driver



DXMLcmpsr

Composer Service Driver



NOVLjvml

JVM Loader



DXMLwkodr

Work Order Service Driver



DXMLidprv

ID Provider Service Driver



DXMLbase

Base Components



DXMLrdxml

Remote Loader Service



AUDTplatformagent

Novell Audit Platform Agent (Linux only)



NOVLaudpa

Novell Audit Platform Agent (Solaris only)








 

Drivers



Package
Name

Description



DXMLavpbx

Avaya Driver



DXMLdelim

Delimited Text Driver



DXMLedir

eDirectory Driver



DXMLgw

Groupwise Driver (Linux only)



DXMLjdbc

JDBC Driver



DXMLjms

JMS Driver



DXMLldap

LDAP Driver



DXMLnxdrv

Linux/UNIX Bidirectional Driver



DXMLnxpam



DXMLnxset

Linux/UNIX Settings Driver



DXMLnotes

Lotus Notes Driver



DXMLpsoft

PeopleSoft Driver



DXMLracf

RACF Driver



DXMLremedy

Remedy Driver (Linux only)



DXMLremedy71



DXMLsaphr

SAP Driver



DXMLsapum



DXMLsoap

SOAP Driver



DXMLtss

Top Secret Driver








 

Web-based Administration Server



Package Name

Description



DXMLplgs

Identity Manager Plugins








 

Prior to installing each package, the installer attempts to uninstall any already installed version of the package as well as any packages it obsoletes. The installer determines which packages a specific package obsoletes using the following commands:

Linux, AIX:

rpm --query --obsoletes -ppath_to_package*

Solaris:

pkgparam -f /path_to_package* OBSOLETES

where path_to_package is the full path to the package in the CD image (without the version and extension), for example, the path to the DXMLengn package on Linux might be /media/cdrom/linux/setup/packages/novell-DXMLengn.

The installer uninstalls packages using the following commands:

Linux, AIX:

rpm -e --allmatches --nodeps package

Solaris:

pkgrm -n -a /var/sadm/install/admin/admin.idmpackage

where package is the package name, for example, novell-DXMLengn on Linux, and DXMLengnon Solaris.

The installer installs packages using the following commands:

Linux, AIX:

rpm -i --replacefiles --nodeps path_to_package*

Solaris:
pkgadd -n -r /var/sadm/install/admin/admin.idm -a
/var/sadm/install/admin/admin.idm -d
path_to_package*package

where path_to_package is the full path to the package on the CD (without the version and extension), for example, the path to the DXMLengn package on Linux might be,
/media/cdrom/linux/setup/packages/novell-DXMLengn, and where package is the package name, for example, novell-DXMLengn on Linux, and DXMLengn on Solaris.

Installing Files on Windows


On Windows, the installer copies files directly from various subdirectories under setup. Prior to copying the files the installer generally attempts to make sure any existing files that might be overwritten are not marked read only (for example, attrib -R "C:\Novell\NDS\*.*" /S /D). The following table lists the files and subdirectories the IDM36 installer copies for various components.

Metadirectory Engine



From

To

Description



vcredist\vcredist_x86.exe
or
vcredist\vcredist_x64.exe

IDM installer runs these installers silently

Visual C 2005 SP1 Redistributable Packages



schema

C:\Novell\NDS

Schema Files



drivers\manualtask\lib

C:\Novell\NDS\lib

Manual Task Service Driver



drivers\manualtask\mt_files

C:\Novell\NDS



drivers\entitlement\lib

C:\Novell\NDS\lib

Entitlement Service Driver



drivers\composer\lib

C:\Novell\NDS\lib

Composer Service Driver



jre\x86\jre or
jre\x64\jre

C:\Novell\NDS

JVM



drivers\workorder\lib

C:\Novell\NDS\lib

Work Order Service Driver



drivers\loopback\lib

C:\Novell\NDS\lib



drivers\loopback\loopback_files

C:\Novell\NDS\loopback_files



drivers\idprovider\lib

C:\Novell\NDS\lib

ID Provider Service Driver



engine\noarch

C:\Novell\NDS

Engine



engine\x86 or
engine\x64

C:\Novell\NDS



engine\lib

C:\Novell\NDS\lib



remoteloader\lib

C:\Novell\NDS\lib



engine\jclient\x86\jclnt.dll
or
engine\jclient\x64\jclnt.dll

C:\Novell\NDS (if needed)



engine\jclient\lib\jclient.jar

C:\Novell\NDS (if needed) and
C:\Novell\NDS\lib



drivers\jdbc\lib\JDBCUtil.jar

C:\Novell\NDS\lib



novell_audit\naudit_agent

C:\WINDOWS\system32

Novell Audit Platform Agent



PasswordSync\system32 or
PasswordSync\system64

C:\WINDOWS\system32

Password Sync Agent



PasswordSync\system32_dlls

C:\Novell\IDM_PassSync\w32



PasswordSync\system64_dlls

C:\Novell\IDM_PassSync\w64








 

Remote Loader Service

The user can specify the install location. The default install location is C:\Novell\RemoteLoader.





From

To

Description



vcredist\vcredist_x86.exe
or
vcredist\vcredist_x64.exe

IDM installer runs these installers silently

Visual C 2005 SP1 Redistributable Packages



drivers\manualtask\lib

C:\Novell\RemoteLoader\lib

Manual Task Service Driver



drivers\manualtask\mt_files

C:\Novell\RemoteLoader



drivers\entitlement\lib

C:\Novell\RemoteLoader\lib

Entitlement Service Driver



drivers\composer\lib

C:\Novell\RemoteLoader\lib

Composer Service Driver



jre\x86\jre or
jre\x64\jre

C:\Novell\RemoteLoader

JVM



drivers\workorder\lib

C:\Novell\RemoteLoader\lib

Work Order Service Driver



drivers\loopback\lib

C:\Novell\RemoteLoader\lib



drivers\loopback\loopback_files

C:\Novell\RemoteLoader\loopback_files



drivers\idprovider\lib

C:\Novell\RemoteLoader\lib

ID Provider Service Driver



engine\noarch

C:\Novell\RemoteLoader

Remote Loader Service



engine\x86 or
engine\x64

C:\Novell\RemoteLoader



engine\lib

C:\Novell\RemoteLoader\lib



remoteloader\x86 or
remoteloader\x64

C:\Novell\RemoteLoader



remoteloader\help

C:\Novell\RemoteLoader



remoteloader\lib

C:\Novell\RemoteLoader\lib



novell_audit\naudit_agent

C:\WINDOWS\system32

Novell Audit Platform Agent



PasswordSync\system32 or
PasswordSync\system64

C:\WINDOWS\system32

Password Sync Agent



PasswordSync\system32_dlls

C:\Novell\IDM_PassSync\w32



PasswordSync\system64_dlls

C:\Novell\IDM_PassSync\w64








 

Drivers

The destinations shown are for when the drivers are installed into the Metadirectory Engine. If the drivers are installed into the Remote Loader Service, replace C:\Novell\NDS with C:\Novell\RemoteLoader in the destination paths.





From

To

Description



drivers\ad\noarch

C:\Novell\NDS

AD Driver



drivers\ad\x86 or
drivers\ad\x64

C:\Novell\NDS



drivers\avaya\lib

C:\Novell\NDS\lib

Avaya Driver



drivers\delimitedtext\lib

C:\Novell\NDS\lib

Delimited Text Driver



drivers\delimitedtext\samples

C:\Novell\NDS\drivers\delimitedtext\samples



drivers\edirectory\lib

C:\Novell\NDS\lib

eDirectory Driver



drivers\groupwise\x86 or
drivers\groupwise\x64

C:\Novell\NDS

Groupwise Driver



drivers\groupwise\lib

C:\Novell\NDS\lib



drivers\jdbc\lib

C:\Novell\NDS\lib

JDBC Driver



drivers\jms\lib

C:\Novell\NDS\lib

JMS Driver



drivers\jms\lib\jms.jar

C:\Novell\NDS\jre\lib\ext



drivers\ldap\lib

C:\Novell\NDS\lib

LDAP Driver



drivers\nxsettings\lib

C:\Novell\NDS\lib

Linux/UNIX Settings Driver



drivers\lotusNotes\x86 or
drivers\lotusNotes\x64

C:\Novell\NDS

Lotus Notes Driver



drivers\lotusNotes\lib

C:\Novell\NDS\lib



drivers\peoplesoft\lib

C:\Novell\NDS\lib

PeopleSoft Driver



drivers\racf\lib

C:\Novell\NDS\lib

RACF Driver



drivers\remedy\lib

C:\Novell\NDS\lib

Remedy Driver



drivers\sap\lib

C:\Novell\NDS\lib

SAP Driver



drivers\soap\lib

C:\Novell\NDS\lib

SOAP Driver



drivers\topsecret\lib

C:\Novell\NDS\lib

Top Secret Driver









 

Utilities

The user can specify the install location. The default install location is C:\Novell\NDS\DirXMLUtilities.



From

To

Description



utilities\cred_prov

C:\Novell\NDS\DirXMLUtilities\cred_prov

Credential Provisioning Sample Policies



drivers\jdbc\tools

C:\Novell\NDS\DirXMLUtilities\jdbc

SQL scripts for JDBC driver



drivers\jms\tools\jms

C:\Novell\NDS\DirXMLUtilities\jms

JMS Components



drivers\peoplesoft\tools

C:\Novell\NDS\DirXMLUtilities\peoplesoft

PeopleSoft Components



utilities\idm_lat

C:\Novell\NDS\DirXMLUtilities\idm_lat

License Auditing Tool



utilities\ad_disc\x86

C:\Novell\NDS\DirXMLUtilities\ad_disc

Active Directory Discovery Tool



utilities\notes_disc\x86

C:\Novell\NDS\DirXMLUtilities\notes_disc

Lotus Notes Discovery Tool



drivers\sap\tools

C:\Novell\NDS\DirXMLUtilities\sap

SAP Utilities



drivers\scripting\x86 or
drivers\scripting\x64

C:\Novell\NDS\DirXMLUtilities\ScriptDriver

Scripting Driver Installer and Configuration Tool



..\cle

C:\Novell\NDS\DirXMLUtilities\cle

Client Login Extension for Novell Identity Manager









 

Installation Log Files


The installer creates two log files, an installation log and a debug log. These log files are useful for troubleshooting installation problems. It can also be useful to run the installer in debug mode.

When reporting a problem with the installer, please send a clear description of the problem and attach both the installation log and the debug log. If the problem is reproducible, please run the installer in debug mode and also send the debug output. Most common installation issues can be
easily diagnosed in this way.

Installation Log: Identity_Manager_InstallLog.log





What

Platform

Path



Installation log

Linux, AIX, Solaris:

$HOME/idm/Identity_Manager_InstallLog.log



Windows:

C:\Program Files\Novell\Identity
Manager\Identity_Manager_InstallLog.log








 

This is the standard InstallAnywhere log file that logs installer actions. It reports any warnings or errors, and may also provide suggestions on how to resolve them. It is written (or overwritten) after the installer exits.

Debug Log: idmInstall.log





What

Platform

Path



Debug log

Linux, AIX:

/tmp/idmInstall.log



Solaris:

/var/tmp/idmInstall.log



Windows:

%TEMP%\idmInstall.log








 

The debug log is created by the installer to aid troubleshooting custom code in the installer. It contains added detail on installer actions and results. For example, it the installer runs a shell command the debug log shows the exact command that was executed, the exit code, and any messages written to standard output or standard error. It also shows the values of various variables used by the installer. The debug log is created (or overwritten) near the beginning of the installation and is updated as the installation proceeds.

Running in Debug Mode


You can get additional debug output by running the installer in debug mode. The additional debug output is intermixed with the normal output from the installer.



Running in Debug Mode on Linux, AIX, and Solaris

On Linux, AIX, and Solaris debug mode is enabled by setting the following environment variable prior to running the installer:

# export LAX_DEBUG=true

If you would like to redirect output to a file, set LAX_DEBUG=file. Then, run your installer. Once the install is complete a file labeled jx.log will be generated in the same directory as your installer. This file will contain the entire debug output generated by the install.

If you would like to see the debug messages that are written to standard output and standard error as well as capture them to a file, try a command similar to the following:

# LAX_DEBUG=true ./install.bin 2>&1 | tee /tmp/console.txt

Running in Debug Mode on Windows

On Windows, to view or capture the debug output from an installer, you need to hold down the <CTRL> key immediately after launching the installer and until a console window appears. Before you exit the installer, copy the console output to a text file.

If you have problems capturing the console output, you will need to try a slightly more convoluted method. First launch the installer and allow it to extract the necessary files. Once it reaches the "Preparing to Install..." window where it gives you the opportunity to choose a language, go to your windows %TEMP% directory. Here you will find a temporary folder named with several numeric digits. To make sure you have the most recent directory, sort the directories by "last modified". Open the directory, you should see a file called sea_loc, delete it. Now go back to the installer, hit OK, and at the first opportunity, Exit.

Now go back to the directory inside the %TEMP% directory, where you deleted the sea_loc file. You should find another directory called Windows; open it. Here you should find an .exe file (most likely install.exe). You should then find another file with the same name except it will have a .lax extension. Open it with a plain text editor and edit the lines:

lax.stderr.redirect=
lax.stdout.redirect=

to be:

lax.stderr.redirect=output.txt

lax.stdout.redirect=output.txt

After you have made these changes, save the file and launch the .exe. When the installation is complete you should end up with an output.txt file in the same directory as the .lax file. The output.txt file should contain the same information as that generated in the console.

Checking Dependencies


The IDM36 installer runs various checks to verify that that all required dependencies are met. This section lists various error messages you may see that indicate a failed dependency check. For each error message, a brief explanation is given of what exactly the installer is checking to verify
the dependency.






Unsupported OS ArchitectureThis version of the Identity Manager is not supported on 32-bit Windows 2008.







Windows 2008:
The installer checks the value of the following registry key:
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
Value Name: PROCESSOR_ARCHITECTURE






Unsupported OS ArchitectureThis version of the Identity Manager is not supported on 32-bit Solaris.







Solaris:
The installer runs the following command to get the instruction set architecture:
# /usr/bin/isainfo -kv

The installer expects 64-bit to be in the output.






Insufficient Rights
The user must be root to install $PRODUCT_NAME$. Please login as the root user and run the install again.







Linux, AIX, Solaris:
The installer runs the following command to get the user id:
# id | awk '{print $1}' | awk -F"=" '{print $2}' | awk -F"(" '{print $1}'

The installer expects the user id to be 0, indicating the root user.






Insufficient RightsThe Windows user must have administrative privileges to install Novell Identity Manager. Please logon to Windows with a user that has administrative privileges and run the install again.







Windows:
The installer invokes the hasWindowsAdministratorPrivileges() method in the native library CheckForAdminRights? .dll. The native code calls OpenSCManager( NULL, NULL, SC_MANAGER_LOCK ) and checks for ERROR_ACCESS_DENIED.






Unsupported OS Architecture
This version of the Identity Manager Metadirectory Server is not supported on 64-bit Windows.







Windows:

The installer checks the value of the following registry key:
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
Value Name: PROCESSOR_ARCHITECTURE






Unsupported OS Architecture
This version of the Identity Manager Metadirectory Server is not supported on 32-bit AIX.







AIX:
The installer runs the following command to check the OS architecture:
# file /unix

The installer expects 64-bit to be in the output.






eDirectory not foundeDirectory 8.8.3 or later must be installed on this system in order to install one or more of the selected components.







If the user selects to install one or more components that require eDirectory, such as the Metadirectory Server, the installer checks that a valid version of eDirectory is installed.

Linux:
# rpm -qi novell-NDSserv | grep "Version" | awk '{print $3}'

AIX:
# lslpp -L | grep NDSserv | awk '{print $2}'

Solaris:
# pkgparam -v NDSserv | grep -w "VERSION" | awk -F"=" '{print $2}'

Windows:
The installer first gets the eDirectory install path:
Registry Key: HKLM\SYSTEM\CurrentControlSet\Services\NDS Server0
Value Name: ImagePath
The installer then invokes the getWin32ProductVersionString() method in the native library JWin32FileVersion?.dll and passes in the path to the eDirectory service executable (ndsserv.exe). The native code calls GetFileVersionInfo() and VerQueryValue() to get the "ProductVersion".

The installer parses out the major and minor versions from the output. If eDirectory 8.8.3 or greater is not installed, the installer outputs the above error.






Unsupported eDirectory Architecture
This version of the Identity Manager Metadirectory Engine is not supported on 64-bit eDirectory.







Linux, Windows:
If the user selects to install the Metadirectory Engine and 64-bit eDirectory is installed, the installer outputs the above error.






Prerequisite libraries not found
The compat-libstdc library needs to be installed in order to run Identity Manager. You may proceed to install Identity Manager, but you will need to install this library prior to running Identity Manager. Do you want to proceed?







Linux:
On Linux, the installer checks for the existence of /usr/lib/libstdc *. If not found, the installer outputs the above error.






iManager not found
Novell iManager 2.7 or later must be installed on this system in order to install the Identity Manager Plug-ins. Please install iManager 2.7 or later and try again.







If the user selects to install the iManager plug-ins the installer checks that a valid version of iManager is installed.

Linux, AIX, Solaris:
# grep -w IMANAGER_VERSION /etc/eMFrameInstall.properties | awk -F"=" '{print $2}'

Windows:
Registry Key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Novell iManager
Value Name: DisplayVersion

The installer parses out the major and minor versions from the output. If iManager 2.7 or greater is not installed, the installer outputs the above error.






NMAS not found
Novell Modular Authentication Service (NMAS) was not found installed on the system. Please install NMAS 3.1.3 or later (Security Services 2.0.4 or later) then try again.







 






Valid version of NMAS not found
Novell Modular Authentication Service (NMAS) version x.x.x was found installed on the system. NMAS 3.1.3 or later (Security Services 2.0.4 or later) should be installed for Identity Manager to run properly. You may proceed to install Identity Manager, but you will need to upgrade NMAS prior to running Identity Manager. Do you want to proceed?







Linux:
# rpm -qi novell-nmas | grep "Version" | awk '{print $3}'

AIX:
# lslpp -L | grep NOVLnmas | awk '{print $2}'

Solaris:
# pkgparam -v NOVLnmas | grep -w "VERSION" | awk -F"=" '{print $2}'

Windows:
The installer invokes the getWin32FileVersion() method in the native library JWin32FileVersion? .dll and passes in the path to nmasLDAP.dll. The native code calls GetFileVersionInfo() and VerQueryValue() to get the "FileVersion".

The installer parses out the major and minor versions from the output. If NMAS is not installed, the installer outputs the first error. If NMAS is installed but the version is less than NMAS 3.1.3, the installer outputs the second error.

 






Identity Manager Activation Notice!Identity Manager components require activation and must be activated within 90 days of installation, otherwise they will time out. Purchasing a component authorizes you to request and receive activation credentials which are required to activate the product.







 

The installer displays this dialog if the Metadirectory Engine, Remote Loader Service, or any drivers are selected to be installed.

 






Remote Loader Is RunningThe Remote Loader is running. Please shut down the Remote Loader then select Continue to proceed with the install. Select Exit to exit the installer.







 

Windows:
On Windows, if the user selects to install the Remote Loader Service the installer checks to see if either the rlconsole_<LOCALE>.exe or rlconsole.exe process is running.

 






User Credentials Not Valid
Please verify the user name, context, and password you supplied are correct.If you are installing the Metadirectory Server, please make sure eDirectory is running on this system and that LDAP is functioning properly.







 

The installer starts eDirectory then uses the JClient library to validate the user credentials by attempting to use them to authenticate to eDirectory. The installer installs the JClient library (and any dependent libraries) into /tmp/lib (\tmp\lib on Windows). The installer JVM is launched with -Djava.library.path=/tmp/lib so it will find libraries in this directory. In the Linux, AIX, and Solaris installers, /tmp/lib is included in the LD_LIBRARY_PATH environment variable so the system will also correctly find the dependent libraries in this directory.

If the user name or password is null, or the user name does not contain a comma, or the installer is unable to login to eDirectory with the provided credentials, the installer outputs the above error.

Starting and Stopping eDirectory


During the installation, the installer starts and stops eDirectory for the following reasons:



Stop

Start

When





X



If the user selects to install the Metadirectory Engine, or to Register the Novell Audit System Components for Identity Manager, the installer will prompt the user for the credentials of an eDirectory user with administrative rights and start eDirectory to validate the user credentials.




X




If the user selects to install the Metadirectory Engine, or any driver, the installer shuts down eDirectory prior to installing them. On Windows, the installer will also shut down eDirectory if the user selects to install the Remote Loader Service. The installer shuts down eDirectory to avoid issues with overwriting files that are in use, or that might require a restart of eDirectory.





X



If the installer stopped eDirectory, it restarts it after installing files and prior to extending schema, installing NMAS login methods, or registering audit components. On Windows, the installer delays starting eDirectory until after the schema has been extended.









On Linux, AIX, and Solaris the installer starts and stops eDirectory using the following commands:

bash -c 'LD_LIBRARY_PATH=; source /opt/novell/eDirectory/bin/ndspath; ndsmanage start --config-file configFile'
bash -c 'LD_LIBRARY_PATH=; source /opt/novell/eDirectory/bin/ndspath; ndsmanage stop --config-file configFile'

where configFile is the full path to the configuration file for the target instance, for example, /etc/opt/novell/eDirectory/conf/nds.conf.

On Windows, the installer starts and stops eDirectory by starting and stopping the NDS Server0 service.

Extending Schema in eDirectory


When installing the Metadirectory Engine, the installer extends the eDirectory schema as needed for Identity Manager. It extends the schema for any driver that requires a schema extension, even if the driver is not selected to be installed. The installer extends the eDirectory schema using the following schema files:



Schema
File

Contains
Schema Definitions for:



vrschema.sch

Identity Manager



drv_ext.sch



AvayaDvr.sch.sch

Avaya Driver



sap.sch

SAP Driver



sapuser.sch



nsimAux.sch

Password Policy



WkOdrDvr.sch

Work Order Driver



nxdrv.sch

Linux/UNIX Bidirectional Driver



i5os.sch

Midrange Driver



racf.sch

RACF Driver



tss.sch

Top Secret Driver



fanout.sch

Fan Out Driver








Extending Schema on Linux, AIX, and Solaris


On Linux, AIX, and Solaris the installer first extracts the schema files from the DXMLsch install package into into the /opt/novell/eDirectory/lib/nds-schema directory. (see [[#InstallingPackages][Installing Packages]).

The installer extends the schema using the following command:

ndssch -h hostname:port -t treename -p password admin-FDN schemafile

where hostname is the name or IP address of the server on which the schema is to be extended, port is the server port, treename is the name of the tree on which the schema is to be extended, password is the password for admin-FDN, admin-FDN is the name with the full context of the eDirectory administrator with rights to the [Root] of the tree, and schemafile is the full path to the file that contains the schema definitions. For
example:

ndssch -h MyHost:524 -t MyTree -p password .admin.novell.T=MyTree. /opt/novell/eDirectory/lib/nds-schema/vrschema.sch

If this command fails, check /tmp/idmInstall.log for details (see Installation Log Files).

Extending Schema on Windows


On Windows, the installer first installs the schema files from setup\schema in the CD image into the eDirectory install location (C:\Novell\NDS). It also copies the following two additional files:



File

Description



schemaStart.bat

Script to perform schema extensions



sch_nt.cfg

Contains the list of schema files to apply








The installer extends the schema using the following command:

edirLocation\schemaStart.bat edirLocation yes "admin" "password" yes 6 " " "schemaFile" "serverName" dibPath

For example,

C:\Novell\NDS\schemaStart.bat C:\Novell\NDS yes ".admin.novell.T=MyTree." "password" yes 6 " " "C:\Novell\NDS\sch_nt.cfg" ".CN=MyServer-NDS.O=novell.T=MyTree." C:\Novell\NDS\DIBFiles

By using sch_nt.cfg, all of the Identity Manager schema files are extended by a single call to schemaStart.bat.

The schemaStart.bat script sets the following environment variables and then invokes dhost.exe with the install command to extend the schema:



Environment
Variable

Value

Example



NDSI_INSTALL_PATH

edirLocation

C:\Novell\NDS



DSI_NEW_TREE

yes

yes



DSI_USER_NAME

admin

.admin.novell.T=MyTree.



DSI_USER_PASSWORD

password

password



DSI_MAKE_SERVICE

yes

yes



DSI_APPLICATION

6 (DSI_EXTEND_SCHEMA)

6



DSI_SCHEMA

schemaFile

C:\Novell\NDS\sch_nt.cfg



DSI_SERVER_NAME

serverName

.CN=MyServer-NDS.O=novell.T=MyTree.



DSI_DIB_PATH

dibPath

C:\Novell\NDS\DIBFiles



DSI_ADD_REPLICA

(set to null)




DSI_AUTO_UNLOAD

Yes

Yes



DSI_GET_USER_INPUT

No

No



DSI_IPX_ONLY

No

No









 

The command is of the format:

START /b /DedirLocation edirLocation\dhost /DataDir=edirLocation\DIBFiles install

For example,

START /b /DC:\Novell\NDS C:\Novell\NDS\dhost /DataDir=C:\Novell\NDS\DIBFiles install

The environment variable values and the actual command used to invoke dhost.exe, along with any error messages, are logged to the file edirLocation\SchemaExtend.log, for example, C:\Novell\NDS\SchemaExtend.log.

Installing NMAS Login Methods


When installing the Metadirectory Engine, the installer installs the NMAS Challenge Response login method. This login method is normally installed as part of eDirectory, but it is optional in the eDirectory installer and is required for Identity Manager. The IDM installer will not overwrite a newer login method.

The installer first extracts the Challenge Response files into the installer's temporary directory.

Linux, AIX, Solaris:
The installer extracts the NMAS install library libnmasinst_sa.so into the /tmp/lib directory and loads it.

Windows:
The installer extracts the libraries NMASInst.dll, dclient.dll, and sal.dll into the /tmp/lib directory and loads NMASInst.dll.

On all platforms, after the NMAS install library is loaded the installer calls the JNI entry point createNMASMethodCheckVersion to install the Challenge Response method. The parameters include the admin user name and password, the tree name, and the full path to ChallengeResponse/config.txt.

If this action fails check idmInstall.log, or run the installer in debug mode for additional details (see Installation Log Files).

Installing iManager Plug-ins


If the user selects to install the Web-based Administration Server the installer installs the iManager plug-ins for Identity Manager. The IDM36 iManager plug-ins can only be installed onto a machine on which iManager 2.7 is already installed.

Please note that these plug-ins require the eDirectory schema extensions from the Metadirectory Engine feature. The Metadirectory Engine must have already been installed somewhere in the eDirectory tree. Alternatively, the Metadirectory Engine and Identity Manager Plugins features can be installed in the same install.

The iManager plug-ins for Identity Manager are combined into a single Novell Plug-in Module (NPM) named IDMPlugins_IMAN_2_7_IDM_3_6.npm.

Linux, AIX, Solaris:
The installer installs the DXMLplgs package which installs IDMPlugins_IMAN_2_7_IDM_3_6.npm into /usr/nps/packages. (see Installing Packages).

Windows:
The installer accesses IDMPlugins_IMAN_2_7_IDM_3_6.npm from setup\imanplugins\27 in the CD image.

The Identity Manager 3.6 Plug-in for iManager 2.7 is also available from download.novell.com.

The IDMPlugins_IMAN_2_7_IDM_3_6.npm super NPM contains the following NPMs:



ApprovalFlow.npm

Novell Identity Manager - Provisioning and Workflow




 

RBS Module: Provisioning and Workflow Plug-ins (10.6.20080719.1)
Roles and Tasks:


  • Workflow Administration





    • Workflows




  • Email Templates




  • Email Server Options






  • Provisioning Configuration





    • Provisioning Requests



  • Provisioning Teams







CredProv.npm

Novell Identity Manager - Credential Provisioning




RBS Module: Credential Provisioning Plugins (10.6.20080719.1)
Roles and Tasks:


  • Credential Provisioning




    • Configuration







DirXMLCommon.npm

Novell Identity Manager - Common Utilities




RBS Module: none
Roles and Tasks: none



DirXMLFilter.npm

Novell Identity Manager - Filter Management




RBS Module: none
Roles and Tasks: none



DirXMLInfo.npm

Novell Identity Manager - Versioning Information




RBS Module: Identity Manager Plugins (10.6.20080719.1)
Roles and Tasks:


  • Identity Manager Utilities




    • Versions Discovery







DirXMLOverview.npm

Novell Identity Manager - Configuration




RBS Module: Identity Manager Plugins (10.6.20080719.1)

Roles and Tasks:


  • Identity Manager




    • Identity Manager Overview







DirXMLPermit.npm

Novell Identity Manager - Activation




RBS Module: Identity Manager Plugins (10.6.20080719.1)
Roles and Tasks: none


  • Identity Manager Utilities





    • Deletes: Request Activation



  • Deletes: Install Activation







DirXMLRules.npm

Novell Identity Manager - Schema Mapping




RBS Module: Identity Manager Plugins (10.6.20080719.1)
Roles and Tasks:


  • Identity Manager Utilities




    • Deletes: New Policy







DirXMLScript.npm

Novell Identity Manager - Policy Builder




RBS Module: none
Roles and Tasks: none



dsp.npm

Novell Identity Manager - Driver Specific Support




RBS Module: DSP Plug-ins (10.6.20080719.1)
Roles and Tasks:


  • PBX





    • PBX Audix Subscribers




  • PBX Extensions




  • PBX Sites



  • PBX Work Orders







DWiz.npm

Novell Identity Manager - Application Driver Configuration




RBS Module: Identity Manager Plugins (10.6.20080719.1)
Roles and Tasks:


  • Identity Manager Utilities





    • Import Drivers




  • Export Driver




  • New Driver




  • Deletes: Load Sample Objects



  • NDS-to-NDS Driver Certificates







entitlement.npm

Novell Identity Manager - Role-Based Entitlements




RBS Module: Role-Based Entitlements (10.6.20080719.1)
Roles and Tasks:


  • Identity Manager Utilities





    • Upgrade Entitlements




  • Entitlement Recipients




  • ID-Provider Policies





  • Role-Based Entitlements


    • Reevaluate Membership



  • Role-Based Entitlements







eProvConsole.npm

Novell Identity Manager - Dataflow




RBS Module: Identity Manager Plugins (10.6.20080719.1)
Roles and Tasks:


  • Identity Manager Utilities





    • Dataflow




  • Dataflow (Table view)



  • Deletes: Design Dataflow







FanOutWeb.npm

Novell Identity Manager - Fan-Out Driver Plug-in




RBS Module: FanOutWeb (3.60.20080530)
Roles and Tasks:


  • Fan-Out Driver Configuration





    • Configure Core Drivers




  • Configure iManager Plug-In




  • Configure Logs




  • Configure Platforms




  • Configure Platform Sets




  • Configure Provisioning




  • Configure Search Objects




  • Configure UID/GID Sets






  • Fan-Out Driver Utilities





    • Component Status




  • Documentation




  • Log Viewer




  • Provisioning Details




  • Review Naming Exceptions




  • Review Platform Errors



  • Trawl







IDMJob.npm

Novell Identity Manager - Jobs




RBS Module: none
Roles and Tasks: none



Inspector.npm

Novell Identity Manager - Inspector




RBS Module: none
Roles and Tasks: none



notfconfig.npm

Novell Identity Manager - eMail Notification Configuration




RBS Module: Notification Module (10.6.20080719.1)
Roles and Tasks:


  • Passwords





    • Email Server Options



  • Email Templates







pki.npm

Novell Certificate Server Plug-ins for iManager




RBS Module: Novell Certificate Server Plugin (3.300.20070917)
Roles and Tasks:


  • Novell Certificate Access





    • SAS Service Object




  • Server Certificates




  • User Certificates






  • Novell Certificate Server





    • Configure Certificat Authority




  • Create CRL Object




  • Create Default Certificates




  • Create SAS Service Object




  • Create Server Certificate




  • Create Trusted Root




  • Create Trusted Root Container




  • Create User Certificate




  • Issue Certificate



  • Repair Default Certificates







PlatformAdministration.npm

Platform Administration Module




RBS Module: none
Roles and Tasks: none



pwdpolicy.npm

Novell Identity Manager - Password Management




RBS Module: Password Policies Modules (10.6.20080719.1)
Roles and Tasks:


  • Passwords





    • Challenge Sets




  • Password Policies




  • View Policy Assignments



  • Set Universal Password







pwsyncconfig.npm

Novell Identity Manager - Password Sync




RBS Module: Password Synchronization Module (10.6.20080719.1)
Roles and Tasks:


  • Passwords





    • Check Password Status



  • Password Synchronization







SharedContentV1.npm

Novell iManager Content - Shared Content




RBS Module: none
Roles and Tasks: none



StatusLog.npm

Novell Identity Manager - Report and Notification Service Configuration




RBS Module: eDirectory Report and Notification Service (10.6.20080719.1)
Roles and Tasks:


  • eDirectory Maintenance





    • New Report and Notification Service



  • Disconnect Report and Notification Service







UserProfile.npm

Novell Identity Manager - User Profile Property Pages




RBS Module: none
Roles and Tasks: none

The installer displays a message at the end of the install telling the user to restart the Application server (Tomcat).

Linux:
The following command will restart Tomcat:
# /etc/init.d/novell-tomcat5 restart

Solaris:
The following command will restart Tomcat:
# /etc/init.d/imgr stop; /etc/init.d/imgr start

Windows:
Restart the Tomcat5 service.

When you login to iManager, if you see the message "Notice: Some of the roles and tasks are not available.", click on View Details for more information. Two common reasons for this are:


  1. You have not restarted Tomcat (new jar files are not seen).



  • You have not installed the Metadirectory Engine in the tree (eDirectory schema has not been extended).


If you see the message "Notice: New iManager modules are available to install.", click on the install link and install the available plug-in modules.

You can verify the installation of the NPMs as follows:

 


  • Login to iManager and navigate to Configure > Plug-in Installation > Installed Novell Plug-in Modules. You should see the Identity Manager modules in the table above included in the list of Installed Novell Plug-in Modules. If so, they have been correctly installed and you can skip the remaining steps.




  • If the Identity Manager modules are not included in the list of Installed Novell Plug-in Modules, and you have not restarted Tomcat since installing them, restart Tomcat as described above then repeat step #1. Otherwise, proceed to step #3.




  • Click on Available Novell Plug-in Modules. If the modules are listed here, click the top-most check box (to select all) then click Install (just above the top-most
    check box) to install them then repeat step #1. Otherwise,
    proceed to step #4.



  • You can find information you need to troubleshoot the problem in the following locations:
    idmInstall.log(see Installation Log Files).../iManager/nps/packages
    - The individual NPMs are extracted from the "super" NPM into this directory..../iManager/nps/WEB-INF/logs/install - Each plug-in is installed using a Zero G InstallAnywhere installer. The install log for each install is located here. The names of the log files correspond to the names of the NPM files. For example, the log file for UserProfile.npm is UserProfile_InstallLog.log.

    The installer installs the IDM iManager modules (NPMs) into iManager, but it does not install the associated RBS modules. By design, RBS roles and tasks should be manually configured by the RBS administrator.

    You can install the RBS roles and tasks as follows:


    1. Login to iManager and navigate to Configure > Role Based Services > RBS Configuration.




  • If you have not previously configured iManager for Role Based Services you will see a message telling you to Configure iManager. Click on the link to start the iManager Configuration Wizard and follow instructions.




  • Navigate to Configure > Role Based Services > RBS Configuration > iManager 2.x Collections.




  • If you just ran the iManager Configuration Wizard in step #2, the number of Not-Installed modules should be 0. If you click on the number of Installed modules, you should see the Identity Manager RBS modules in the list.



  • If you ran the iManager Configuration Wizard prior to installing the Identity Manager plug-ins, the Identity Manager RBS modules should be in the list of Not-Installed modules. To install them, click on the number of Not-Installed modules, click the top-most check box (to select all), then click Install (just above the top-most check box).


Once the Identity Manager RBS modules appear in the list of Installed modules, the Identity Manager roles and tasks should be available in the iManager Roles and Tasks view.

Installing the Roles Service Driver


The IDM36 installers silently invoke the Roles Service Driver installers. They are located on the CD images as follows:



Platform

Path



Linux:

linux/setup/roles_driver_install_linux.bin



AIX:

aix/setup/roles_driver_install_aix.bin



Solaris:

solaris/setup/roles_driver_install_solaris.bin



Windows:

windows\setup\drivers\roles\roles_driver_install.exe








 

They are invoked using the -i silent and -f <temp-properties> options, where <temp-properties> is a temporary file the IDM36 installer creates to pass needed information to the Roles Service Driver installer.

The Roles Service Driver installation log files may be helpful when troubleshooting problems with installing the Roles Service Driver:



What

Platform

Path



Installation log

Linux, AIX, Solaris:

$HOME/idm/Roles_Service_Driver_for_Novell_Identity_Manager_ InstallLog.log



Windows:

C:\Program Files\Novell\Identity
Manager\Roles_Service_Driver_for_Novell_Identity_Manager_ InstallLog.log



Debug log

Linux, AIX:

/tmp/roles_driver_install.log



Solaris:

/var/tmp/roles_driver_install.log



Windows:

%TEMP%\roles_driver_install.log









Comment List
Anonymous
Related Discussions
Recommended