17.1 Using the Wizard to Install the Components

The installation program guides you through the configuration settings for the Identity Manager engine. You can run the installation in the console or in the GUI. On UNIX and Windows computers, the installation program automatically defaults to wizard mode.

To prepare for the installation, see Checklist for Installing the Identity Manager Engine, Drivers, and Plug-ins. Also see the Release Notes accompanying the release. To perform an unattended installation, see Performing a Silent Installation.

NOTE:Your choice of performing the installation as a root or a non-root user should match the method that you used for installing the Identity Vault.

17.1.1 Installing as a Root or Administrative User

This section describes the guided process for using the installation wizard or console to install the Identity Manager engine as a root user or as an administrator on a Windows computer. Use the following installation program for your platform:

  • Linux: /products/IDM/install.bin

  • Windows: \products\IDM\windows\setup\idm_install.exe

NOTE:On a Linux platform, when you install the Identity Manager engine as a root user, the installation files are located under the /tmp directory. If the /tmp directory does not exist, the install program will create it. The installation files are not required to run Identity Manager. You can delete the files after installation.

To install the Identity Manager engine as a root or administrative user:

  1. Log in as root or administrator on the computer where you want to install the Identity Manager engine.

  2. From the directory that contains the installation files, complete one of the following actions:

    • Linux (console): Enter ./install.bin -i console

    • Linux (GUI): Enter ./install.bin

    • Windows: Run idm_install.exe

  3. Accept the license agreement, and then click Next.

  4. In the Select Components window, specify the components that you want to install.

    For more information about the options, see Understanding the Installation Program.

  5. (Optional) To select specific drivers for the individual components, complete the following steps:

    1. Click Customize the selected components, and then click Next.

    2. Expand Drivers under the component that you want to install.

    3. Select the drivers that you want to install.

  6. Click Next.

  7. In the Activation Notice window, click OK. For more information, see Activating Identity Manager.

  8. For Authentication, specify a user account and its password with sufficient rights in eDirectory to extend the schema. Specify the user name in the LDAP format. For example, cn=admin,o=company.

  9. For Pre-Installation Summary, verify the settings.

  10. Click Install.

  11. Activate Identity Manager. For more information, see Activating Identity Manager.

  12. To create and configure your driver objects, consult the specific guide for that driver. For more information, see Identity Manager Drivers documentation website.

  13. (Optional) For the default installation locations, see /tmp/idmInstall.log.

17.1.2 Installing as a Non-root User

You can install Identity Manager as a non-root user to enhance the security of your UNIX or Linux server. You cannot install Identity Manager as a non-root user if you installed the Identity Vault as root.

When you use this method, you cannot install the following components:

  • Remote Loader: To install the Remote Loader as a non-root user, use the Java Remote Loader. For more information, see Installing Java Remote Loader on Linux.

  • NetIQ Sentinel Platform Agent: Install the Novell Audit Platform Agent package from NetIQ Sentinel Plug-ins download page after installing the engine as a non-root user.

  • UNIX/Linux Account Driver: Requires root privileges to function.

NOTE:On a Linux platform, when you install the Identity Manager engine as a non-root user, the installation files are located under the non-root users directory (Example: /home/user; where user is non-root). The installation files are not required to run Identity Manager. You can delete the files after installation.

To install the Identity Manager engine as a non-root user:

  1. Log in as the non-root user that you used to install the Identity Vault.

    • Create a sudo user and a directory.

    • The user account must have administrator rights to the directories and files of the non-root Identity Vault (eDirectory) installation. To provide administrator rights, run the following command:

      chown <non-root user name>/home/<non-root directory> –R

      For example, chown test/home/mkdir/home/test –R

    • Provide sudo password for the newly created user.

  2. Install NICI as root user. For more information, see Installing NICI as a Non-root User.

  3. Log in as non-root user using the >systemctl start user@< non-root user >.service command. Copy the Identity Vault file to the non-root home directory, using the do gunzip command.

  4. Perform the steps (step 2 to step 6) mentioned in Installing the Identity Vault as a Non-root User.

  5. Execute the installation program:

    IDMversion_Lin/products/IDM/linux/setup/idm-nonroot-install

  6. Use the following information to complete the installation:

    Base Directory for the non-root eDirectory Installation

    Specify the directory where the non-root eDirectory installation is. For example, /home/user/install/eDirectory.

    Extend eDirectory Schema

    If this is the first Identity Manager server installed in this instance of eDirectory, enter Y to extend the schema. If the schema is not extended, Identity Manager cannot function.

    You are prompted to extend the schema for each instance of eDirectory owned by the non-root user that is hosted by the non-root eDirectory installation.

    If you select to extend the schema, specify the full distinguished name (DN) of the eDirectory user who has rights to extend the schema. The user must have the Supervisor right to the entire tree to extend the schema. For more information about extending the schema as a non-root user, see the schema.log file that is placed in the data directory for each instance of eDirectory.

    Run the /etc/opt/novell/eDirectory/conf/idm-install-schema program to extend the schema on additional eDirectory instances after the installation is complete.

    Utilities

    (Optional) If you need an Identity Manager driver utility for a Windows server, copy the utilities from the Identity Manager installation media to the Identity Manager server. All utilities are found in the IDMversion_platform/product/IDM/platform/setup/utilities directory.

  7. To support auditing, install the latest software update for Novell Audit Platform Agent from NetIQ Sentinel Plug-ins download page.

  8. To complete the installation process, continue to Completing a Non-root Installation.

  9. Activate Identity Manager. For more information, see Activating Identity Manager.

  10. To create and configure your driver objects, consult the specific guide for that driver. For more information, see Identity Manager Drivers documentation website.