3.4 Configuring the Identity Vault after Installation

After installing the Identity Vault, you may need to perform certain configuration tasks on the Identity Vault.

3.4.1 Adding SecretStore to the Identity Vault Schema

You must extend the Identity Vault schema to support SecretStore functionality. The identity applications need SecretStore to connect to the vault.

  1. To extend the schema for the Identity Vault, enter the following command:

    ice -S SCH -f C:\NetIQ\eDirectory\sssv3.sch -D LDAP -s serverIP -d adminDN

    For example:

    ice -S SCH -f C:\NetIQ\eDirectory\sssv3.sch -D LDAP -s 192.168.0.1 -d cn=admin,o=administrators
  2. To configure SecretStore on a Windows server, complete the following steps:

    1. Navigate to the C:\NetIQ\eDirectory directory.

    2. Enter the following command:

      ssscfg.exe -c
    3. Specify the configuration settings for SecretStore, then close the utility.

    4. Run NDSCons.exe.

    5. In the utility, specify auto for the ssncp.dlm module.

    6. Close the utility.

For more information, see “SecretStore Configuration for eDirectory Server” in the NetIQ eDirectory Administration Guide.

3.4.2 Configuring the Identity Vault in a Specific Locale

To configure the Identity Vault in a specific locale, you must export LC_ALL and LANG to that particular locale before performing the configuration. For example, enter the following commands in the ndsconfig utility:

export LC_ALL=ja
export LANG=ja

3.4.3 Managing eDirectory Instances

You can create, start, and stop server instances in the Identity Vault. You can also view a list of configured instances.

Listing Identity Vault Instances

You can use the DHost iConsole to view the configuration file path, fully distinguished name and port for the server instance, and the status of the instance (active or inactive) for specified users.

Creating a New Instance in the Identity Vault

Use DHost utility to create a new instance in eDirectory.

Configuring and Deconfiguring an Instance in the Identity Vault

Use DHost utility to configure and deconfigure an instance in the Identity Vault.

Invoking a utility for an Instance in the Identity Vault

You can run utilities, such as DSTrace, against an instance.

  1. Navigate to the C:\NetIQ\eDirectory directory.

  2. Run the NDSCons.exe.

  3. In the NetIQ eDirectory Services console, navigate to the dstrace.dlm.

  4. Click Start.

Starting and Stopping Instances in the Identity Vault

You can start or stop one or more instances that you configured.

To start an instance:

  1. Navigate to the C:\NetIQ\eDirectory directory.

  2. Run the NDSCons.exe.

  3. Navigate to an instance and click Start.

To stop an instance:

  1. Navigate to the C:\NetIQ\eDirectory directory.

  2. Run the NDSCons.exe.

  3. Navigate to an instance and click Stop.