This service pack includes a Identity_Manager_4.8.2_Linux.iso file for updating the Identity Manager components on Linux platforms.
IMPORTANT:
Before you update Identity Manager to 4.8.2 version, ensure that you install the zip and unzip RPM packages.
NOTE:NetIQ recommends you to obtain the dependent packages from your operating system subscription service to ensure continued support from your operating system vendor. If you do not have a subscription service, you can find the recent packages from a website such as http://rpmfind.net/linux.
(Conditional) If you are updating the Identity Manager from 4.8 to 4.8.2 directly, then you must apply the Identity Applications 4.8.0.1 patch before 4.8.2 version in the following scenarios:
eDirectory 9.2 and Identity Applications 4.8 are installed on the same server.
iManager 3.2 and Identity Applications 4.8 are installed on the same server.
Identity Applications 4.8 and PostgreSQL are installed on the same server.
The Identity Applications 4.8.0.1 patch resolves the dependencies between the NGINX module and the OpenSSL libraries. For instructions on applying the patch, see the NetIQ Identity Applications 4.8.0 Hotfix 1 Release Notes.
If you do not apply the Identity Applications 4.8.0.1 patch, the Identity Vault update fails and the installer reports the following error message:
Problem: patterns-edirectory-9.2.2-6.x86_64 requires netiq-openssl = 1.0.2u, but this requirement cannot be provided not installable providers: netiq-openssl-1.0.2u-32.x86_64[edirectory-9.2.2] Solution 1: deinstallation of netiq-nginx-1.14.2-1.x86_64 Solution 2: do not install patterns-edirectory-9.2.2-6.x86_64 Solution 3: break patterns-edirectory-9.2.2-6.x86_64 by ignoring some of its dependencies
Download and mount the Identity_Manager_4.8.2_Linux.iso file from the download site.
Navigate to the <ISO mounted location>/IDVault/setup directory.
Run the following command:
./nds-install
Specify inputs in the prompt.
You can update the following components interactively or silently:
Identity Manager Engine
Identity Manager Remote Loader Service
NOTE:Before updating the Remote Loader, ensure that the following components are stopped:
Remote Loader instances
Driver instances running with the Remote Loader
Identity Vault
Identity Manager Fanout Agent
iManager Web Administration
Identity Applications
Identity Reporting
Download and mount the Identity_Manager_4.8.2_Linux.iso file from the download site.
Navigate to the <ISO mounted location> and run the following command:
./install.sh
Choose the components to update from the list of components available for upgrade.
NOTE:You can update only one component at a time.
To start the Identity Manager components, run the following commands:
Remote Loader: rdxml -config <filename>
Fanout Agent: startAgent –config <FanoutAgent Installation Location>/config/fanoutagentconfig.properties
Identity Applications: systemctl start netiq-tomcat.service
Identity Reporting: systemctl start netiq-tomcat.service
(Conditional) If you have applied any customizations on Identity Applications and Identity Reporting components, restore the customizations and restart the Tomcat service.
(Conditional) Clear your browser cache before accessing the updated Identity Applications Dashboard.
Locate the silent.properties file from the extracted directory and modify the file to update the required components.
To update the Identity Vault, set IDVAULT_SKIP_UPDATE=false always
To update the Engine, set INSTALL_ENGINE=true
To update the Remote Loader, set INSTALL_RL=true
To update the Fanout Agent, set INSTALL_FOA=true
To update iManager, set INSTALL_IMAN=true
To update Identity Reporting, set INSTALL_REPORTING=true
To update the Identity Applications, set INSTALL_UA=true
NOTE:
You must set the value to true for only one component at a time.
While updating any component other than Identity Vault, you must always set the value of IDVAULT_SKIP_UPDATE to true to skip the Identity Vault update.
When you update iManager, it automatically updates the iManager plug-ins (if any).
Perform the following actions to update the components silently:
Download and mount the Identity_Manager_4.8.2_Linux.iso file from the download site.
Navigate to the <ISO mounted location> directory.
Run the following command:
./install.sh -s -f silent.properties
To start the Identity Manager components, run the following commands:
Remote Loader: rdxml -config <filename>
Fanout Agent: startAgent –config <FanoutAgent Installation Location>/config/fanoutagentconfig.properties
Identity Applications: systemctl start netiq-tomcat.service
Identity Reporting: systemctl start netiq-tomcat.service
(Conditional) If you have applied any customizations on Identity Applications and Identity Reporting components, restore the customizations and restart the Tomcat service.
(Conditional) Clear your browser cache before accessing the updated Identity Applications Dashboard.
This release allows you to perform a fresh installation of containers along with the option of updating the containers from the previous versions. NetIQ recommends you to directly use the 4.8.2 version of containers if you are using containers for the first time. For more information abut deploying containers, see the NetIQ Identity Manager: Deploying Identity Manager 4.8.2 Containers.
NICI package should be updated before you update the eDirectory and Identity Engine. You can update the NICI only as a root user.
Root User Updating NICI
To update 64-bit NICI, run the following command from the location where you have mounted the Identity Vault setup:
rpm -Uvh nici64-3.1.0-2.x86_64.rpm
Updating eDirectory
This section guides you through the process of updating eDirectory as a non-root user. For upgrading instructions, see Upgrading eDirectory in NetIQ eDirectory Installation Guide.
Updating Identity Engine
Perform this action only if you have installed Identity Manager engine as a non-root user.
Download and mount the Identity_Manager_4.8.2_Linux.iso for non-root user to access.
Log in as non-root user.
Run the following command from the location where you have mounted the Identity_Manager_4.8.2_Linux.iso:
./install.sh
Select Identity Manager Engine and press Enter.
Specify the non-root install location for Identity Vault.
For example, /home/user/eDirectory/.
Specify Y to complete the update.
Perform the following actions after applying service pack.
(Conditional) This section does not apply if you have already upgraded to 4.8.1 and extended the Identity Vault Schema.
However, this section applies:
if you have installed Identity Manager as a root or a non-root user, and
if you want to extend the Identity Vault schema for the Resource Weightage feature
To extend the Identity Vault schema, perform the following steps:
Log in to the server where you want to extend the Identity Vault schema.
Navigate to /opt/novell/eDirectory/bin directory.
Run the following command to extend the schema:
./idm-install-schema
Update the Role and Resource Service Driver to 4.8.2. For more information, refer to the section Update Driver Packages.
Restart the Identity Vault.
NOTE:Before updating the User Application driver and Role and Resource Service driver packages to 4.8.2, ensure that you have the Identity Applications latest version.
Once the Identity Application is updated to latest version, you can now update User Application driver and Role and Resource Service Driver (RRSD) to 4.8.2. For more information on updating RRSD, see NetIQ Identity Manager Role and Resource Service Driver 4.8.2 Readme.
NOTE:
If SSPR auditing output format type is CEF, make sure to uninstall the NetIQ Self Service Password Reset Collector on Sentinel Syslog server before updating SSPR. For more information, see Considerations for Updating SSPR on Linux and Windows.
Use this method if SSPR is:
Installed on a different server than the Identity Applications server.
Installed in a Standard Edition.
Perform the following steps to update SSPR:
Download and mount the Identity_Manager_4.8.2_Linux.iso file.
Navigate to the <ISO mounted location>/sspr directory.
Run the following command:
./install.sh
Specify inputs in the prompt.
(Conditional) This service pack has the same version of PostgreSQL as in Identity Manager 4.8.1. You can skip updating PostgreSQL if version 12.2 is already installed.
NOTE:
In addition to the default capabilities offered by PostgreSQL 12.2, this service pack allows you to configure the PostgreSQL database with SSL (OpenSSL 1.0.2u built with FIPS). This service pack also bundles the PostgreSQL Contrib packages.
Download and mount the Identity_Manager_4.8.2_Linux.iso file from the download site.
Navigate to the <ISO mounted location>/common/scripts directory and run the pg-upgrade.sh script.
NOTE:To specify a different directory than the existing directory, run the SPECIFY_NEW_PG_DATA_DIR=true ./pg-upgrade.sh command.
The upgrade script performs the following actions:
Takes a backup of the existing postgres to a different folder. For example, from /opt/netiq/idm/postgres to /opt/netiq/idm/postgres-<timestamp>-backup.
Updates the existing Postgres directory. For example, /opt/netiq/idm/postgres.
Specify the following details to complete the installation:
Existing Postgres install location: Specify the location where PostgreSQL is installed. For example, /opt/netiq/idm/postgres.
Existing Postgres Data Directory: Specify the location of the existing PostgreSQL data directory. For example, /opt/netiq/idm/postgres/data.
Existing Postgres Database Password: Specify the PostgreSQL password.
Enter New Postgres Data Directory [/opt/netiq/idm/postgres12.2/data]: Specify the location of the new PostgresSQL data directory. This prompt is displayed if you selected to specify a different directory other than the existing directory.