3.2 Installing Identity Server on Linux

3.2.1 Points to Consider for Installing Identity Server on Linux

  • Ensure that you have read and implemented prerequisites specified in Prerequisites for Installing Identity Server.

  • If you have custom partitioned your hard disk as follows, ensure that the free disk space mentioned against each partition is available:

    Partition

    Disk Space

    /opt/novell

    1 GB

    /opt/volera

    5 MB

    /var/opt/novell

    1 GB

    /var

    512 MB

    /usr

    25 MB

    /etc

    1 MB

    /tmp/novell_access_manager

    10 MB

    /tmp

    10 MB

    /

    512 MB

    NOTE:These are the minimum free disk spaces that must be available before installation or upgrade. However, it is recommended to maintain more than the specified free disk space based on the requirement of your production environment.

  • (Conditional) For SUSE Linux Enterprise Server (SLES), ensure that the following packages are installed

    • rsyslog-module-gtls

    • rsyslog

    • binutils

    • glibc-32bit

  • (Conditional) For installing the RHEL packages manually, see Installing Packages and Dependent RPMs on RHEL for Access Manager.

    NOTE:You can select to install these RPMs automatically along with Access Manager installation. While installing Access Manager, specify N when you get the following prompt:

    Enter the local mount directory if you have the OS ISO mounted locally. This will be used as the local catalog for the additional rpms.
    Do you have a locally mounted ISO (y/n)?

    The Access Manager installer checks the online catalog and then installs the required RPMs automatically.

  • gettext

  • python (interpreter)

IMPORTANT:

  • No LDAP software, such as eDirectory or OpenLDAP, can be installed. (A default installation of SLES installs and enables OpenLDAP).

  • If the OpenLDAP server is installed, uninstall it. If you do not want to uninstall it, ensure that it does not use the port 636 or does not bind the port 389 to localhost.

  • Because of library update conflicts, you cannot install Access Manager on a Linux User Management (LUM) machine.

For information about browser support, see Browser Support in the NetIQ Access Manager System Requirements guide.

For information about network requirements, see Section 1.3, Network Requirements.

3.2.2 Installation Procedure

Installation time: about 10 minutes.

What you need to know to install Identity Server

  • Username and password of the administrator.

  • (Conditional) IP address of Administration Console if it is installed on a separate machine.

  1. Open a terminal window.

  2. Log in as a root user.

  3. Access the install script.

    1. Ensure that you have downloaded the software.

      For software download instructions, see the release-specific Readme.

    2. If you downloaded the tar.gz file, unzip the file by using the following command:

      tar -xzvf <filename>

    3. Change to the novell-access-manager directory.

  4. At the command prompt, run the following install script:

    ./install.sh
  5. When you are prompted to install a product, specify 2, Install Identity Server, then press Enter.

    This selection is also used for installing additional Identity Servers for clustering behind an L4 switch. You need to run this install for each Identity Server you add to the cluster.

    NOTE:Administration Console is accessible on ports 2080 (HTTP) and 2443 (HTTPs) if Identity Server is installed on the same machine.

    The following warning is displayed:

    Warning: If NAT is present between this machine and Administration Console, configure NAT in Administration Console.
    Exit this installation if NAT is not configured in Administration Console.
    Would you like to continue (y/n)? 

    For information about configuring NAT, see Configuring Administration Console Behind NAT.

  6. Specify Y to proceed.

  7. Review and accept the License Agreement.

  8. Verify that the required rpms are of the latest versions. Specify Y to proceed.

  9. Specify the IP address, user ID, and password for of the primary Administration Console.

  10. Specify the IP address of the Novell Access Manager Server Communications Local Listener. Specify the local NAT IP address if local NAT is available for Identity Server.

    If the installation program rejects the credentials and IP address, ensure that the correct ports are open on both Administration Console and Identity Server, as described in Section 3.1, Prerequisites for Installing Identity Server.

  11. The following components are installed:

    Component

    Description

    Access Manager Server Communication

    Enables network communications, including identifying devices, finding services, moving data packets, and maintaining data integrity.

    Identity Server

    Provides authentication and identity services for the other Access Manager components and third-party service providers.

    Identity Server Configuration

    Allows Identity Server to be securely configured by Administration Console.

    If the installation process terminates at this step, the probable cause is a failure to communicate with Administration Console. Ensure that you specified the correct IP address.

    Access Manager Server Communications Configuration

    Enables Identity Server to auto-import itself into Administration Console.

  12. Continue with one of the following actions:

    NOTE:After installing Identity Server, you must create a cluster configuration. See Configuring Identity Servers Clusters in the Access Manager 4.5 Administration Guide.