The installation program can guide you through the configuration settings for the Identity Vault. The installation program automatically defaults to wizard mode. However, you can also perform a silent installation.
This section assumes that you want to use eDirectory as the base structure for the Identity Vault.
When you start the installation program, it checks for Novell International Cryptographic Infrastructure (NICI) and Novell Client for Windows. The installation program will install or update these components as needed. If you install the Identity Vault on a computer already containing the Novell Client, eDirectory will use the existing Novell Client. You can install the Identity Vault without the Novell Client.
For more information about NICI, see the Novell International Cryptographic Infrastructure Administration Guide. For more information on the Client, see the Novell Client for Windows documentation.
The installation program can install the server components for NetIQ Module Authentication Service (NMAS). During the installation, you must specify the login methods to use with NMAS. You must also install the NMAS client software on each client workstation where you want to use the NMAS login methods.
NOTE:
You can use case-sensitive passwords for all the utilities.
Your container names can include a period (dot). For information on using dots in container names, see Prerequisites and Considerations for Installing the Identity Vault.
Log in as administrative user to the computer where you want to install eDirectory.
Navigate to the \products\eDirectory\x64\ directory.
Run the eDirectory_910_windows_x86_64.exe file.
In the Basic tab, specify the following details:
If you select New Tree, specify the following details:
Tree Name: Specify a tree name for Identity Vault.
Server FDN: Specify a server FDN.
NOTE:Though Identity Vault allows you to set the NCP server object's FDN up to 256 characters, NetIQ recommends that you restrict the variable to a much lesser value because Identity Vault creates other objects of greater length based on the length of this object.
Tree Admin: Specify an administrator name for Identity Vault.
Admin Password: Specify the administrator password.
If you select Existing Tree, specify the following details:
IP Address: Specify the IP address of the of the existing tree for Identity Vault.
Port Number: Specify the port number for the existing tree. The default value is 524.
Server FDN: Specify a server FDN.
Tree Admin: Specify the existing administrator name for Identity Vault.
Admin Password: Specify the administrator password.
(Conditional) In the Advanced tab, specify the following details:
To use IPv6 addresses on the Identity Vault server, select Enable IPv6.
NOTE:NetIQ recommends that you enable this option. To enable IPv6 addressing after installation, you must run the setup program again.
To enable Enhanced Background Authentication (EBA), select Enable EBA.
Specify the HTTP clear text and secure ports. The default values are 8028 and 8030 respectively.
Specify the LDAP clear text and secure ports. The default values are 389 and 636 respectively.
In the Install Location field, specify the location where Identity Vault is installed.
In the DIB Location field, specify the location where the DIB files are located.
Click Install and proceed with the installation.
To support a silent (or unattended) installation or configuration of the Identity Vault, you can use a response.ni file that contains sections and keys, similar to a Windows.ini file.
NOTE:You must install and configure NetIQ SecreStore (ss). For more information, see Adding SecretStore to the Identity Vault Schema.
You can use an ASCII text edit to create and edit the response.ni file. The response file helps you:
Perform a complete unattended installation with all required user inputs.
Define the default configuration of components.
Bypass all prompts during the installation.
NetIQ provides a response.ni file in the products\eDirectory\x64\windows\x64\NDSonNT folder of the installation kit. The file contains default settings for essential parameters. You must edit the values for the eDirectory instance in the NWI:NDS section.
NOTE:When you edit the response.ni file, do not include blank spaces between the key and values along with the equal sign (“=”) in each key-value pair.
WARNING:You specify the administrator user credentials in the response.ni file for an unattended installation. To prevent the administrator credentials from being compromised, you should permanently delete the file after the installation or configuration.
The following sections describe the sections and keys required in the response.ni file:
Specifies whether to run the installation program as an upgrade. Valid values are False, True, and Copy.
Specifies the type of installation that you want to perform:
full allows you to both install and configure the Identity Vault. Specify this value when you want to perform a fresh installation and configuration of the Identity Vault or an upgrade and configuration of only the required files.
install allows you to install a fresh version of the Identity Vault or upgrade the required files.
configure allows you to modify the Identity Vault settings. If you only perform an upgrade of the required files, then the installation program configures only the upgraded files.
NOTE:
If you specify configure, ensure that you do not change the RestrictNodeRemove value of the ConfigurationMode key in the [Initialization] section.
If you specify full, you cannot opt for individual deconfiguration and uninstallation option when you uninstall the Identity Vault.
Specifies whether this installation is for a new tree or a secondary server. Valid values are Yes and No. For example, if you want to install a new tree, specify Yes. For more information about specifying values for an existing tree, see Novell:ExistingTree:1.0.0.
If this is a new installation, specify the name of the tree that you want to install. To install a secondary server, specify the tree where you want to add the server.
Specifies the name of the server that you want to install in the Identity Vault.
Specifies the container object in the tree to which the server object will be added. The server object contains all the configuration details specific to the Identity Vault server. If you are installing a fresh version of the Identity Vault, the installation program creates this container with the server object.
Specifies the complete distinguished name (DN) of the server object (server name), along with the container object. For example, if the Identity Vault server is EDIR-TEST-SERVER and the container is Netiq, specify EDIR-TEST-SERVER.Netiq.
Specifies the container object in the tree to which the Administrator object will be added. For example, Netiq. Any user added to a tree has a user object that contains all the user-specific details. If you are installing a fresh version of the Identity Vault, the installation program creates this container with the server object.
Specifies the relative distinguished name (RDN) of the Administrator object in the tree that has full rights, at least to the context to which this server is added. For example, Admin. The installation program uses this account to perform all operations in the tree.
Specifies the password for the Administrator object. For example, netiq123. If you are installing a fresh version of the Identity Vault, the installation program configures this password for the Administrator object.
Specifies the path in the local system where you want to install the Identity Vault libraries and binaries. When you configure the Identity Vault components, they refer to this installation location for relevant files. By default, the installation program places the files in C:\Novell\NDS.
Specifies the path in the local system where you want to install the DIB files. By default, the installation program places the files in C:\Novell\NDS\DIBFiles.
You might want to specify a different path if the DIB data files for your environment will require more space that is available in the default location.
(Optional) Specifies a path that the installation program uses while copying files to the NDS Location. For example, [Novell:DST:1.0.0_Location] or Path=file://C:\Novell\NDS. The default value is C:\Novell\NDS, the same as the default for NDS Location. The installation program uses this path while copying files to the specified NDS and DataDir locations.
(Optional) Specifies a path to the system folder of the computer where you want to install the Identity Vault server. For example, [Novell:SYS32_DST:1.0.0_Location] or Path=file:/C:\Windows\system32. The installation program requires access to the system folder to copy DLLs and to access system-specific files during installation.
(Optional) Specifies whether the Identity Vault requires Transport Layer Security (TLS) protocol when receiving LDAP requests in clear text.
(Optional) Specifies the port on which the Identity Vault listens for LDAP requests in clear text.
(Optional) Specifies the port on which the Identity Vault should listen for LDAP requests using Secure Sockets Layer (SSL) protocol.
Instructs the installation program to install eDirectory as a service. You must specify Yes.
Specifies whether the installation program prompts you for decisions such as tree name and server name. For example, in a silent or unattended installation, specify False.
The Identity Vault supports multiple NMAS methods, both during installation and upgrade. You must specify the NDS NMAS method in the response.ni file. If you do not specify any NMAS methods, the installation program installs the NDS method by default. However, if you are creating an explicit list, you must include NDS.
Specifies the number of NMAS methods that you want to install. For example, 5.
Specifies the types of NMAS methods that you want to install. Use commas to separate multiple types. For example, CertMutual,Challenge Response,DIGEST-MD5,NDS.
The installation program matches the exact string (with case) for choosing the NMAS methods to install, so you must specify the values exactly as listed:
CertMutual
Challenge Response - which represents the NetIQ challenge response NMAS method.
DIGEST-MD5
Enhanced Password
Entrust
GSSAPI - which represents the SASL GSSAPI mechanism for eDirectory. Authentication to the Identity Vault occurs through LDAP using a Kerberos ticket.
NDS - the default login method. REQUIRED.
NDS Change Password
Simple Password
Universal Smart Card
X509 Advanced Certificate
X509 Certificate
When you specify the NMAS methods in the response file, the Identity Vault shows a status message while installing without prompting for user input.
The Identity Vault listens on preconfigured HTTP ports for access through the web. For example, iMonitor accesses the Identity Vault through web interfaces. They need to specify certain ports to access the appropriate applications. The following options allow you to configure the Identity Vault for specific ports:
Specifies the number of the port for the HTTP operations in clear text.
Specifies the number of the port for the HTTP operations using SSL protocol.
During installation, you can specify the locale and displayed language for the Identity Vault: English, French, or Japanese. These values are mutually exclusive.
Represents English. For example, LangID4=true.
Represents French.
Represents Japanese.
NOTE:
Do not specify true for more than one language.
You can also specify the language that the installation program uses to display messages throughout the installation. For more information, see Initialization.
The [Initialization] section of the response.ni file specifies the settings for the installation process.
Specifies the language used for messages displayed during the installation process. For example, DisplayLanguage=en_US.
Specifies how you want to run the installation process. For example, to perform a silent or unattended installation, specify silent.
Specifies whether the installation program prompts you to review a summary of the installation settings. For example, in a silent or unattended installation, specify false.
Specifies whether the installation program prompts you for decisions. For example, in a silent or unattended installation, specify false.
Most Windows servers have SNMP configured and running. When you install the Identity Vault, you must stop SNMP services and then restart after the process completes. During a manual installation, the program prompts you to stop the SNMP services before continuing the installation.
To stop SNMP services without a prompt during a silent or unattended installation, in the [NWI:SNMP] section of the response.ni file, specify Stop Service=yes.
The Identity Vault uses Service Location Protocol (SLP) services to identify other servers or trees in the subnet during installation or upgrade. If SLP services are already installed on your server, you can replace them with the version that ships with the current version of the Identity Vault or use your own SLP services.
Specifies whether to uninstall any SLP services already installed on your server. The default value is true.
Specifies whether to remove the files for any SLP services already installed on your server. The default value is true.
The installation program provides options for the unattended install of a primary or a secondary server into a network. The installation program uses three different keys to decide whether to install a new tree or a secondary server in an existing tree.
NOTE:The New Tree key resides in the NWI:NDS section. For more information, see NWI:NDS.
Valid values are True and False. For example, if you want to install a new tree, specify False.
Valid values are True and False. For example, if you want to install a new tree, specify True.
To run a silent or unattended installation without prompts for decisions about primary or secondary server installation, in the Existing Tree section of the response.ni file, specify prompt=false.
This section in the response.ni file lists the components that are installed in the Identity Vault, along with information in the profile database that contains more information about the component, including source location, destination copy location, and component version. These details in the profile database are compiled into a .db file that is delivered in the Identity Vault release.
To run a silent or unattended installation without prompts for decisions such as the destination copy location or version details, in the [Selected Nodes] section of the response.ni file, specify prompt=false.
Your response file must include this section. Use the keys and values exactly as provided in the sample response.ni file.
This section in the response.ni file contains the settings for image and status displays that occur during the installation process. For example, you can specify the settings for the way the installation program responds to scenarios such as file write conflicts and file copying decisions. You can also specify whether images are displayed. Most images contain information on what version of the Identity Vault is installed, what components are installed, a welcome screen, license files, customization options, a status message indicating the component currently being installed, percentage complete, etc. Some applications that intend to embed eDirectory might not want eDirectory displaying these images.
To run a silent or unattended installation without prompts for decisions such as the destination copy location or version details, in this section of the response.ni file, specify prompt=false.
Your response file should include this section. Use the keys and values provided in the sample response.ni file.
Before beginning, review the prerequisites for performing a silent or unattended installation. For more information, see Prerequisites and Considerations for Installing the Identity Vault. Also, create the response.ni file to use as a template for the installation. For more information, see Editing the response.ni File.
NOTE:To ensure that the operating system does not display a status window for installation, upgrade, or configuration, use the nopleasewait option in the command.
Create a new response.ni file or edit an existing response file. For more information about the values in the response file, see Editing the response.ni File.
Log in with an administrator account to the computer where you want to install the Identity Vault.
Open a command prompt with the Run as administrator option enabled.
At the command line, enter the following command:
path_to_installation_files\windows\eDirectory\x64\NDSonNT>install.exe /silent /nopleasewait /template=Response file
For example:
D:\builds\eDirectory\windows\eDirectory\x64\NDSonNT>install.exe /silent / nopleasewait /template=D:\builds\eDirectory\windows\x64\NDSonNT\response.ni
Create a new response.ni file or edit an existing response file. For more information about the values in the response file, see Editing the response.ni File.
Log in with an administrator account to the computer where you want to install the Identity Vault.
Open a command prompt with the Run as administrator option enabled.
At the command line, enter the following command:
Windows Drive\Program Files\Common Files\novell>install.exe /silent /restrictnoderemove /nopleasewait /template=Response file
For example:
c:\Program Files\Common Files\novell>install.exe /silent /restrictnoderemove /nopleasewait /template=D:\builds\eDirectory\windows\x64\NDSonNT\response.ni
Before beginning, review the prerequisites for performing a silent or unattended installation. For more information, see Prerequisites and Considerations for Installing the Identity Vault. Also, create the response.ni file to use as a template for the installation.
Create a new response.ni file or edit an existing response file. For more information about the values in the response file, see Editing the response.ni File.
Log in with an administrator account to the computer where you want to install the Identity Vault.
Open a command prompt with the Run as administrator option enabled.
At the command line, enter the following command:
Unzipped Location\windows\eDirectory\x64\NDSonNT>install.exe /silent /nopleasewait /template=Response file
For example:
D:\builds\eDirectory\windows\eDirectory\x64\NDSonNT>install.exe /silent / nopleasewait /template=D:\builds\eDirectory\windows\x64\NDSonNT\response.ni