Identity Console can be launched on Windows as workstation, and requires the REST services running. Therefore, when it is launched, an eDirAPI process runs in the edirapi.exe cmd prompt. If you close edirapi.exe terminal, Identity Console will no longer function.
The following procedure describes how to run Identity Console on Windows.
Log in to the Software License and Download portal and navigate to the Software Downloads page.
Select the following:
Product: eDirectory
Product Name: eDirectory per User Sub SW E-LTU
Version: 9.2
Download and extract the IdentityConsole_<version>_workstation_win_x86_64.zip.
Navigate to the extracted folder, install NICI_w32 or NICI_wx64 depending on your system configuration.
(Conditional) If you already have the keys.pfx and SSCert.pem files that you want to use, then copy the files manually into cert folder located in C:\IdentityConsole_<version>\IdentityConsole_<version>_workstation_win_x86_64\eDirAPI\cert.
Then proceed to step 9.
(Conditional) If you want to generate the CA certificate, navigate to the eDirAPI folder, run the get_cacert.exe binary in command prompt, located in C:\IdentityConsole_<version>\IdentityConsole_<version>_workstation_win_x86_64\eDirAPI, and provide the eDirectory IP address and LDAPS port number.
For example,
get_cacert.exe 10.10.10.125:636
A SSCert.pem file is generated.
(Conditional) If you want to generate the Server Certificate, run get_servercert.exe binary through command prompt along with the following details:
eDirectory/Identity Vault server Domain name/IP address with LDAPS port number.
eDirectory/Identity Vault user name.
eDirectory/Identity Vault password.
Server certificate name.
Server certificate password.
Trusted-root certificate path with certificate name.
For example,
get_servercert.exe 10.10.10.125:636 cn=admin,o=novell novell keys novell SSCert.pem
A keys.pfx file is generated.
Copy the files keys.pfx and SSCert.pem (that are generated in step: 6 and step: 7) manually into cert folder.
Navigate to the extracted folder, double-click the configure.bat file and enter the server certificate (keys.pfx) password in the command prompt.
NOTE:If the server certificate is changed, then re-run the configure.bat file with the password of the new certificate.
Navigate to the extracted folder and double-click the run.bat file.
The eDirAPI process terminal (edirapi.exe) starts running, and the Identity Console login page appears.
NOTE:
For subsequent logins to the Identity Console application, double click the run.bat. The login page will appear.
If the eDirAPI process terminal (edirapi.exe) is already running, then run identityconsole.exe from the build extracted folder.
Users can find the following logs in: \IdentityConsole_172_workstation_win_x86_64\eDirAPI\log
edirapi.log - This is used for logging different events in edirapi and debugging issues.
edirapi_audit.log - This is used for logging audit events of edirapi. The logs follow CEF auditing format.
OSP based logins are not supported in workstation mode.
Identity Console Workstation is listening on port 9000. Do not modify the edirapi_win.conf file.
You have the option to obtain CA Certificates and Server Certificates for other eDirectory Trees using the following utilities.
Download and extract the latest Identity Console build.
Navigate to the directory where you extracted the Identity Console build. Example: C:\IdentityConsole_<version>\IdentityConsole_<version>_workstation_win_x86_64\eDirAPI
Run the following binary through command prompt.
get_cacert.exe
Provide the eDirectory IP address and LDAPS port number.
Example: get_cacert.exe 10.10.10.125:636
A SSCert.pem file is generated. Copy SSCert.pem manually into cert folder.
Navigate to the folder where you have extracted the Identity Console build.
Example: IdentityConsole_<version>_win
Run get_servercert.exe help for more help options through command prompt.
eDirectory/Identity Vault server Domain name/IP address with LDAPS port number.
eDirectory/Identity Vault user name.
eDirectory/Identity Vault password.
Server certificate name.
Server certificate password.
Trusted-root certificate path with certificate name.
To generate the Server Certificate, run the following command through command prompt:
Example:
get_servercert.exe 10.10.10.125:636 cn=admin,o=novell novell keys novell SSCert.pem
A keys.pfx file is generated. Copy keys.pfx manually into cert folder.
Identity Console allows user to connect to multiple trees by obtaining individual CA certificate of the tree.
Close the Identity Console workstation and eDirAPI terminal.
Copy the CA certificates SSCert.pem into the location: IdentityConsole_<version>_workstation_win_x86_64\eDirAPI\cert.
For example, if you want to connect to three eDirectory trees, copy the CA certificates as SSCert1.pem, SSCert2.pem and SSCert3.pem respectively.
Navigate to the folder where the build is extracted and double click the run.bat file (Windows batch file).
To close the application and the process:
Close the Identity Console desktop windows application.
Stop the eDirAPI process by closing the eDirAPI process terminal.
To relaunch Identity Console Workstation, navigate to the folder where the build is extracted and double click the run.bat file (Windows batch file).
NOTE:If the eDirAPI process terminal is already running, then run identityconsole.exe from the build extracted folder to relaunch Identity Console Workstation.