For the Bidirectional eDirectory driver to work, you must install the Change-Log module on the remote eDirectory server. The Change-Log enables the driver to recognize the changes that require publication from the remote eDirectory to the Identity Vault. The Change-Log module is supported on the following eDirectory versions:
9.0.x
8.8.8.x
NOTE:
If the driver is running on an engine prior to Identity Manager 4.5.4, the driver will connect to Suite B enabled LDAP service on the connected eDirectory only if you enable Always Accept Server Certificate under the driver settings. For more information see, Driver Settings.
When you configure eDirectory modules in a Suite B mode, they include support for ECDSA certificates and enforce the use of TLS 1.2 and Suite B ciphers as specified in RFC 6460. For more information on configuring eDirectory in Suite B modes, see NetIQ eDirectory Administration Guide.
When you upgrade to driver version 4.0.2 or later, ensure that there are no encrypted attribute events in the change cache.
The Change-Log module is provided on the Identity Manager media for 64-bit platforms. Copy the Change-Log module from the /products/IDM/Dirxml-Changelog directory of your installation folder and install it on the connected eDirectory server.
The following sections provide instructions to install the Change-Log module on Linux and Windows platforms:
Before installing or upgrading to Change-Log or driver version 4.0.2 or later, you need to manually extend the connected remote eDirectory schema to introduce a new attribute DirXMLServerKeys. You must perform an eDirectory heath check to ensure that the tree is ready to accept the new schema.
To extend the clschema.sch schema file, use the ice utility or ndssch.
Example using ice utility:
ice -S SCH -f clschema.sch -D LDAP -s <remote eDirectory server> -d <Admin DN> -w <password>
Example using ndssch:
ndssch -h <hostname[:port]> -t <tree_name> admin.<context> <directory_path>/clsschema.sch
IMPORTANT:On SUSE Linux Enterprise Server (SLES) 12.x and Red Hat Enterprise Linux (RHEL) 7.x platforms, Identity Manager supports Change-Log module version 4.0.2 or later.
Your choice of performing the Change-Log module installation as a root or a non-root user should match the method used for installing eDirectory.
Extend the schema.
Download the latest bidirectional eDirectory patch, unzip the folder, navigate to the directory containing the remote eDirectory schema file (clschema.sch), and extend the schema. For more information, see Extending the Remote eDirectory Schema.
Stop eDirectory.
Install the Change-Log module.
Navigate to the directory containing the Change-Log RPM and run the following command:
rpm -ivh <rpm name>.rpm
For example: rpm -ivh ./novell-DXMLChlgx.rpm
Run the following command on OES 2018 for any Changelog version prior to 4.0.5 (4.0.2, 4.0.3, and 4.0.4)
rpm -Uvh <rpm name>.rpm --force
For example: rpm -Uvh /home/novell-DXMLChlgx*.rpm --force
Start eDirectory.
If eDirectory is installed as a non-root user, you must install the Change-Log module as a non-root user. The Change-Log files are included in the driver RPM. To install the Change-Log module, install the driver RPM.
Set the root directory to non-root eDirectory location by entering the following command in the command prompt:
ROOTDIR=<non-root eDirectory location>
This will set the environmental variables to the directory where eDirectory is installed as a non-root user.
For example, ROOTDIR="/local/home/bshidm/base/bshappl/edir.
Note that this location is specified in the example script in Step 2.
Alternatively, set the root directory by directly editing the script in a text editor before running the script in Step 2.
Install the Change-Log module by running the following script in a command prompt:
***************************************************************
#!/bin/sh
#set -x
#© 2017 NetIQ Corporation and its affiliates. All Rights Reserved
clear
echo "======================================================================"
echo " Installing packages... "
echo "======================================================================"
if [ "$1" == "" ] ; then
exit
fi
pkgfile=$1
ROOTDIR="/local/home/bshidm/base/bshappl/edir"
RPMDB=$ROOTDIR/rpm
if [ ! -d "$RPMDB" ] ; then
mkdir $RPMDB
fi
# create rpm database if it doesn't exist
if [ ! -f $RPMDB/__db.000 ]
then
# mkdir -p $RPMDB
rpm --dbpath "$RPMDB" --initdb
fi
RPM_FLAGS="--dbpath $RPMDB -Uvh --relocate=/etc=$ROOTDIR/etc --relocate=/opt=$ROOTDIR/opt --relocate=/opt/novell/eDirectory/lib64=$ROOTDIR/opt/novell/eDirectory/lib64 --relocate=/var=$ROOTDIR/var --badreloc --nodeps --replacefiles --force"
rpm $RPM_FLAGS $pkgfileExtend the schema.
Download the latest bidirectional eDirectory patch, unzip the folder, navigate to the directory containing the remote eDirectory schema file (clschema.sch), and extend the schema. For more information, see Extending the Remote eDirectory Schema.
Shutdown the eDirectory service.
Navigate to the 64-bit folder containing the following DLLs and copy them to the eDirectory installation location. The default install location is C:\Novell\NDS.
dirxmllib.dll
dxevent.dll
xclldap.dll
Start the eDirectory service.
For information about upgrading Change-Log, see Upgrading the Driver.