The following procedure describes how to install Identity Reporting using an installation wizard, either in GUI format or from the console. To perform a silent, unattended installation, see Installing Identity Reporting Silently.
To prepare for the installation, review the prerequisites and system requirements listed in System Requirements for Identity Reporting. Also see the Release Notes accompanying the release.
Log in to the computer where you want to install Identity Reporting.
Stop Tomcat.
(Conditional) If you have the .iso image file for the Identity Manager installation package, navigate to the directory containing the installation files for Identity Reporting, located by default in the products/Reporting/ directory.
(Conditional) If you downloaded Identity Reporting installation files from the NetIQ Downloads website, complete the following steps:
Navigate to the .tgz file for the downloaded image.
Extract the contents of the file to a folder on the local computer.
From the directory that contains the installation files, complete one of the following actions:
Linux (console): Enter ./rpt-install-linux.bin -i console
Linux (GUI): Enter ./rpt-install-linux.bin
Windows: Run rpt-install.exe
In the installation program, specify the language that you want to use for installation, and then click OK.
Review the Introduction text and click Next.
Accept the license agreement and click Next.
Complete the guided process, using the following parameters:
Installation Folder
Specifies the path to a directory where the installation program creates the application files, including installation log files, helper scripts, and configuration scripts.
Reporting Setup
Represents the environment and its settings to which you want to add Identity Reporting. For Identity Manager, specify the following values:
Specifies the hostname to the eDirectory server.
Specifies the port you want to use to establish an LDAP connection to the eDirectory server over SSL. The default port is 636.
Specifies the Identity Manager provisioning home location. This can be the full application server URL or a relative path for the URL.
Application Server Details
Represents Tomcat that you want to run Identity Reporting. The application server must already be installed.
Specifies whether the current install is on a secondary node of a cluster.
Specifies a path to the Tomcat instance. For example, /opt/netiq/idm/apps/tomcat.
Specifies the Java JRE base folder location.
The path contains the config update utility file and is used to launch this utility after Identity Reporting is installed.
Application Address
Represents the settings for the server that hosts Identity Reporting.
Specifies whether you want to use http or https. To use SSL for communication, specify https.
Specifies the DNS name or IP address of Tomcat. Do not use localhost.
Specifies the port that you want Tomcat to use for communication with the Identity Reporting application.
Specifies whether a different instance of Tomcat hosts the authentication server (OSP). The authentication server contains the list of users who can log in to Identity Reporting.
If you select this setting, specify values for the authentication server’s Protocol, Host name, and Port.
Authentication Server Details
Specifies the password for the Identity Reporting Service.
Identity Manager uses this password to connect to the OSP client on the authentication server.
Database Details
Represents the settings for the reporting database, including whether you want the installation process to create the database or generate an SQL file for creating the database later.
Specify the database name as per your requirement:
In case of a new installation, specify the name of your Reporting database. For example, idmrptdb or SIEM.
If you are migrating from EAS, specify the name for the EAS database, for example, SIEM.
Specify the database host as per your requirement:
In case of a new installation, specify the DNS name or IP address of the server where the database has to be created.
If you are migrating from EAS, specify the DNS name or IP address of the server that hosts your SIEM database.
Select the database that you want to use.
If you select Oracle, specify the following details:
JDBC driver jar
Specifies the path to the jar file for the Oracle JDBC driver. For example, opt\oracl\ojdbc7.jar.
For more information, see Running Reports on an Oracle Database.
JDBC driver classname
Specifies the class of the JDBC driver.
JDBC driver type
Specifies the type of JDBC driver.
If you select PostgresSQL, click Next.
Enables you to specify a single password for all reporting users when they connect to the database.
Enables you to specify a unique password for each reporting user to the database. You need to specify a password for idm_rpt_data_password, idm_rpt_cfg_password, and idmrptuserpassword.
Specifies the port to connect to the database.The default port is 5432.
Indicates that you have the login settings for the database so the installation program can create the database immediately or during reporting startup. You must also specify the following values:
DBA userid
Specifies the name of the administrative account for the SIEM database server. For example, postgres.
DBA password
Specifies the password for the administrative account for the database.
Test Database Connection: Indicates whether you want the installation program to test the values specified for the database.
The installation program attempts the connection when you click Next or press Enter.
NOTE:You can continue with installation if the database connection fails. However, after installation, you must manually create the tables and connect to the database. For more information, see Manually Generating the Database Schema.
Instructs the installation program to generate a SQL file that your database administrator will use to create the database after your complete the installation process.
Default Language
Specifies the language that you want Identity Reporting to use in searches.
Identity Vault Credentials
Represents the settings that Identity Reporting uses to connect to the Identity Vault.
Specifies the distinguished name for the LDAP Administrator. For example, cn=admin. This user must already exist in the Identity Vault.
Specifies the password for the Identity Vault administrator.
Specifies the full path to your keystore (cacerts) file of the JRE that Tomcat uses to run.
Specifies the password for the keystore file.
Specify the DN for the container that stores the Report Administrator role.
Specifies an existing user account in the Identity Vault that has the rights to perform administrative tasks for Identity Reporting.
User Application driver
Represents the name of your application driver, driver set, and driver set container.
Specifies the name of the User Application driver.
Specifies the name of the driver set.
Specifies the name of the driver set container.
Email Delivery
Represents the settings for the SMTP server that sends report notifications. To modify these settings after installation, use the RBPM Configuration utility.
Specifies the email address that you want Identity Reporting to use as the origination for email notifications.
Specifies the IP address or DNS name of the SMTP email host that Identity Reporting uses for notifications. Do not use localhost.
Specifies the port number for the SMTP server. The default port is 465.
Specifies whether you want to use SSL protocol for communication with the SMTP server.
Specifies whether you want to use authentication for communication with the SMTP server. You must also specify the following values:
SMTP user name
Specifies the name of an login account for the SMTP server.
SMTP password
Specifies the password of a login account for the SMTP server.
Report Details
Represents the settings for report definitions and completed reports.
Specifies the amount of time that Identity Reporting will retain completed reports before deleting them.
For example, to specify six months, enter 6 and then select Month.
Specifies a path where you want to store the report definitions.
For example, /opt/netiq/IdentityReporting.
Novell Identity Audit
Represents the settings for sending log events to an auditing server.
For your convenience, NetiQ includes Sentinel Log Management for IGA.
Specifies whether you want to send log events to an auditing server.
Audit server
Applies only when you select Enable auditing for Identity Reporting.
Specify the host name of the auditing server, that is, the IP where Sentinel is hosted.
Audit log cache folder
Applies only when you select Enable auditing for Identity Reporting.
Specify the location of the cache directory that you want to use for auditing. For example, /opt/novell/Identity Reporting.
NOTE:Ensure that the logevent file has valid paths for the cache directory and nauditpa.jar file. If these settings are not defined correctly, Identity Reporting will not start.
NAudit Certificates
Specifies whether you want to push NAudit events from Identity Reporting to the auditing server.
Applies only when you select Enable auditing for Identity Reporting.
Indicates whether you want to use an existing certificate for the NAudit server or create a new one.
Applies only when you want to use an existing certificate.
Specify the custom public key certificate that the NAudit service will use to authenticate audit messages.
Applies only when you want to use an existing certificate.
Specify the path to the custom private key file that the NAudit service will use to authenticate audit messages.
In the Pre-Installation Summary window, click Install.
Install the Oracle database on a connected sever.
Create an Oracle System ID (SID) for Identity Reporting.
Log in to the Oracle SQL developer tool or Oracle database as database admin.
Connect to the database instance created in Step 2.
To create Create_rpt_roles_and_schemas procedure, copy the following script to SQL Developer where you run it against the connected Database:
CREATE OR REPLACE PROCEDURE create_rpt_roles_and_schemas(
idm_rpt_data_password character varying,
idm_rpt_cfg_password character varying,
idmrptuser_password character varying)
AUTHID CURRENT_USER
AS
cnt number;
BEGIN
/* Create user IDM_RPT_DATA if it does not exist already */
select count(*) into cnt from ALL_USERS WHERE USERNAME = 'IDM_RPT_DATA';
IF cnt = 0 THEN
execute immediate 'CREATE USER idm_rpt_data IDENTIFIED BY ' || idm_rpt_data_password;
DBMS_OUTPUT.put_line('Created user idm_rpt_data');
END IF;
/* Grant rights to the idm_rpt_data user */
execute immediate 'GRANT CREATE SESSION, CREATE TABLE, CREATE VIEW, CREATE PROCEDURE, CREATE SEQUENCE, CREATE TRIGGER, UNLIMITED TABLESPACE to idm_rpt_data';
DBMS_OUTPUT.put_line('Granted rights to user idm_rpt_data');
/* Create user IDM_RPT_CFG if it does not exist */
select count(*) into cnt from ALL_USERS WHERE USERNAME = 'IDM_RPT_CFG';
IF cnt = 0 THEN
execute immediate 'CREATE USER idm_rpt_cfg IDENTIFIED BY ' || idm_rpt_cfg_password;
DBMS_OUTPUT.put_line('Created user idm_rpt_cfg');
END IF;
/* Grant rights to the idm_rpt_cfg user */
execute immediate 'GRANT CREATE SESSION, CREATE TABLE, CREATE VIEW, CREATE PROCEDURE, CREATE SEQUENCE, CREATE TRIGGER, UNLIMITED TABLESPACE to idm_rpt_cfg';
DBMS_OUTPUT.put_line('Granted rights to user idm_rpt_cfg');
/* Create user IDMRPTUSER if it does not exist */
select count(*) into cnt from ALL_USERS WHERE USERNAME = 'IDMRPTUSER';
IF cnt = 0 THEN
execute immediate 'CREATE USER idmrptuser IDENTIFIED BY ' || idmrptuser_password;
DBMS_OUTPUT.put_line('Created user idmrptuser');
END IF;
/* Grant rights to the idmrptuser user */
execute immediate 'GRANT CREATE SESSION to idmrptuser';
DBMS_OUTPUT.put_line('Granted rights to user idmrptuser');
END;To create IDM_RPT_DATA, IDM_RPT_CFG, and IDMRPTUSER roles, execute the following command:
begin
CREATE_RPT_ROLES_AND_SCHEMAS('<Set pwd for IDM_RPT_DATA>', '<Set pwd for IDM_RPT_CFG>', '<Set pwd for IDMRPTUSER>');
end;
Start and complete the Identity Manager Reporting installation.
NOTE:In the Database Details parameter, select Generate SQL for later option.
Stop Tomcat.
For example:/etc/init.d/idmapps_tomcat_init stop
Navigate to /opt/netiq/idm/apps/IdentityReporting/sql/ and verify that the following files are available:
DbUpdate-01-run-as-idm_rpt_cfg.sql
DbUpdate-02-run-as-idm_rpt_cfg.sql
DbUpdate-03-run-as-idm_rpt_data.sql
DbUpdate-04-run-as-idm_rpt_data.sql
DbUpdate-05-run-as-idm_rpt_cfg.sql
DbUpdate-06-run-as-idm_rpt_cfg.sql
Log in to the Oracle SQL Developer tool or Oracle database as IDM_RPT_CFG user and execute the following commands:
DbUpdate-01-run-as-idm_rpt_cfg.sql
DbUpdate-02-run-as-idm_rpt_cfg.sql (Add a separator ‘/’ after the line 183 and then run the SQL command)
Log in to the Oracle SQL Developer tool or Oracle database as IDM_RPT_DATA user and execute the following commands:
DbUpdate-03-run-as-idm_rpt_data.sql
DbUpdate-04-run-as-idm_rpt_data.sql
Log in to the Oracle SQL Developer tool or Oracle database as IDM_RPT_CFG user and execute the following commands:
DbUpdate-05-run-as-idm_rpt_cfg.sql
DbUpdate-06-run-as-idm_rpt_cfg.sql
Start Tomcat.
For example:/etc/init.d/ idmapps_tomcat_init start