17.4 Completing a Non-root Installation

When you install the Identity Manager engine and plug-ins as a non-root user, the process performs all intended installation activities. This section guides you through the manual process required to complete the installation.

17.4.1 Assigning the Password Policy Object to Driver Sets

You must assign the DirMXL-PasswordPolicy object to each driver set in the Identity Vault. The Identity Manager Default Universal Password Policy package includes this policy object. The default policy installs and assigns a universal password policy to control how the Identity Manager engine automatically generates random passwords for drivers.

Alternatively, to use a custom password policy, you must create the password policy object and the policy. For more information, see Creating a Custom Password Policy.

Creating a Container for Password Policies

Identity Manager requires password policy objects in the Identity Vault. However, the non-root installation process does not create a container for password policies.

  1. Log in to the Identity Manager tree in iManager.

  2. Navigate to the security container in eDirectory.

  3. Create a container for password policies.

    For more information about creating a container in eDirectory, see the eDirectory Administration Guide.

Creating the Password Policy Object in the Identity Vault

After creating the container for password policies, you must create the DirMXL-PasswordPolicy object in the Identity Vault using Designer or the ldapmodify utility. For more information about how to do this in Designer, see Configuring Driver Sets in NetIQ Designer for Identity Manager Administration Guide. To use the ldapmodify utility, use the following procedure:

  1. In a text editor, create an LDAP Data Interchange Format (LDIF) file with the following attributes:

    dn: cn=DirXML-PasswordPolicy,cn=Password Policies,cn=Security 
changetype: add 
nsimPwdRuleEnforcement: FALSE 
nspmSpecialAsLastCharacter: TRUE 
nspmSpecialAsFirstCharacter: TRUE 
nspmSpecialCharactersAllowed: TRUE 
nspmNumericAsLastCharacter: TRUE 
nspmNumericAsFirstCharacter: TRUE 
nspmNumericCharactersAllowed: TRUE 
nspmMaximumLength: 64 
nspmConfigurationOptions: 596 
passwordUniqueRequired: FALSE 
passwordMinimumLength: 1 
passwordAllowChange: TRUE 
objectClass: nspmPasswordPolicy 
    dn: cn=DirXML-PasswordPolicy,cn=Password Policies,cn=Security 
changetype: modify 
add: nsimAssignments 
nsimAssignments: <driverset LDAP dn>

    NOTE:Copying the content as is might insert some hidden special characters in the file. If you receive a ldif_record() = 17 error message when you add these attributes to the Identity Vault, insert an extra space between the two DNs.

  2. To add the DirMXL-PasswordPolicy object in the Identity Vault, import the attributes from the file by performing one of the following actions:

    Linux:

    From the directory containing the ldapmodify utility, enter the following command:

    ldapmodify -x -c -h hostname_or_IP_address -p 389 -D "cn=admin,ou=sa,o=system" -w password -f path_to_ldif_file

    For example:

    ldapmodify -x -ZZ -c -h server1.test.com -p 389 -D "cn=admin,ou=sa,o=system" -w test123 -f /root/dirxmlpasswordpolicy.ldif

    The ldapmodify utility is located by default in the /etc/opt/novell/eDirectory/conf directory.

    Windows:

    Run ldapmodify.exe from the install/utilities directory of the Identity Manager installation kit.

Assigning the Password Policy Object

You must assign the DirMXL-PasswordPolicy object to each driver set in a tree.

  1. Open your project in Designer.

  2. In the Outline pane, expand your project.

  3. Expand Package Catalog > Common > Common Settings to verify whether the Default Universal Password Policy package exists.

  4. (Conditional) If the password policy package is not already listed in Designer, complete the following steps:

    1. Right-click Package Catalog.

    2. Select Import Package.

    3. Select Identity Manager Default Universal Password Policy, and then click OK.

      To ensure that the table displays all available packages, you might need to deselect Show Base Packages Only.

  5. Select each driver set and assign the password policy.

Creating a Custom Password Policy

Rather than using the default password policy in Identity Manager, you can create a new policy based on your organizational requirements. You can assign a password policy to the entire tree structure, a partition root container, a container, or a specific user. To simplify management, NetIQ recommends that you assign password policies as high in the tree as possible. For more information, see Creating Password Policies in the Password Management 3.3.2 Administration Guide.

NOTE:You must also assign the DirXML-PasswordPolicy object to the driver sets. For more information, see Assigning the Password Policy Object.

17.4.2 Creating the Default Notification Collection Object in the Identity Vault

The Default Notification Collection is an Identity Vault object that contains a set of e-mail notification templates and an SMTP server that is used when sending e-mails generated from the templates. The non-root installation process does not create the Default Notification Collection object in the Identity Vault. You must use Designer to create the object.

Creating a Container for Notification Templates

Identity Manager requires default notification templates in the Identity Vault. However, the non-root installation process does not create a container for notification templates.

  1. Log in to the Identity Manager tree in iManager.

  2. Navigate to the security container in eDirectory.

  3. Create a container for notification templates.

    For more information about creating a container in eDirectory, see the eDirectory Administration Guide.

Creating the Default Notification Collection Object

  1. Open your project in Designer.

  2. In the Outline pane, expand your project.

  3. Right-click the Identity Vault, then click Identity Vault Properties.

  4. Click Packages, then click the Add Packages icon.

  5. Select all the notification templates packages, and then click OK.

  6. Click Apply to install the packages with the Install operation.

  7. Deploy the notification templates to the Identity Vault.

17.4.3 Adding Support for Graphics in Email Notifications

If you install the Identity Vault and the Identity Manager engine as a non-root user, email notifications might fail to include the graphics or images provided in the email template. For example, when running the do-send-email-from-template action, Identity Manager sends the email but the included images are blank. You must update the driverset to ensure graphic support.

  1. Log into your project in Designer.

  2. In the Outline pane, expand Identity Vault.

  3. Right-click Driver Set.

  4. Select Properties > Java.

  5. For JVM options, enter the following content:

    -Dcom.novell.nds.dirxml.util.mail.templatepath=path_to_graphics_files

    For example:

    -Dcom.novell.nds.dirxml.util.mail.templatepath=/prod/eDirectory/opt/novell/eDirectory/lib/dirxml/rules/manualtask/mt_files

  6. Click OK.

  7. Deploy the changes to the driverset:

    1. Right-click Driver Set.

    2. Select Live > Deploy.

    3. Select Deploy.

  8. Restart eDirectory.