This service pack includes a Identity_Manager_4.8.2_Windows.iso file for updating the Identity Manager components on Windows platforms.
NOTE:If Identity Manager Engine is installed on the same server as Identity Applications or Identity Reporting, then the Identity Applications or the Identity Reporting update process will restart the Identity Vault (eDirectory) service.
Download and mount the Identity_Manager_4.8.2_Windows.iso file.
Navigate to the <ISO mounted location>\IdentityManagerServer\eDirectory directory and run the eDirectory_923_Windows_x86_64.exe file.
NOTE:The Identity Vault update process restarts the Identity Vault (eDirectory) server.
Verify the tree name for Identity Vault.
Verify the server FDN.
Specify an administrator name for Identity Vault in NCP or dot format.
Specify the administrator password.
In the Install Location field, verify the location where Identity Vault is installed.
In the DIB Location field, verify the location where the DIB files are located.
Select the NICI check box.
Click Upgrade.
This section describes how to update Identity Manager Server Components:
Download and mount the Identity_Manager_4.8.2_Windows.iso file from the download site.
Stop the Identity Vault and Remote Loader instances.
(Conditonal) This step is applicable only if you are upgrading Remote Loader.
Stop all Remote Loader instances.
Close Remote Loader console.
Stop all drivers.
Stop the Identity Vault.
Update the components using the interactive or silent mode:.
Interactive: Perform the following steps to upgrade Identity Manager Server components using interactive mode:
Navigate to the <ISO mounted location>\IdentityManagerServer directory.
Run install.exe file.
Select the component that you want to update from the list and click Next.
To update the Identity Manager Engine, select Identity Manager Engine.
To update the 32-bit Remote Loader, select 32-Bit Remote Loader Service.
To update the 64-bit Remote Loader, select 64-Bit Remote Loader Service.
To update the .NET Remote Loader, select .NET Remote Loader Service.
To update the Fanout Agent, select Fanout Agent.
To update the iManager, select iManager.
In the Pre-Installation Summary page click Install.
Silent: Perform the following steps to upgrade the Identity Manager Server components using silent mode:
Navigate to the <ISO mounted location>\IdentityManagerServer\response-file directory.
Copy the install.properties file to a different location.
Edit the install.properties file and set the value of the components as appropriate.
To update Identity Manager Engine, set the value of NETIQ_UPGRADE_ENGINE to True.
To update the Remote Loader (root and non-root), set the value of NETIQ_UPGRADE_REMOTE_LOADER to True.
To update the 32-bit Remote Loader, set the value of NETIQ_UPGRADE_REMOTE_LOADER_32 to True.
To update the 64-bit Remote Loader, set the value of NETIQ_UPGRADE_REMOTE_LOADER_64 to True.
To update the Fanout Agent, set the value of NETIQ_UPGRADE_FANOUT_AGENT to True.
To update the iManager, set the value of NETIQ_UPGRADE_iManager to True.
In the command prompt, run the following command:
install.exe -i silent -f <absolute path of install.properties>
(Conditional) Delete or take a back-up of the existing logs from the <install_directory>\IDM\apps\tomcat\logs directory.
Download and mount the Identity_Manager_4.8.2_Windows.iso file from the download site.
Navigate to the <ISO mounted location>\IdentityApplications directory.
Perform one of the following actions:
GUI: install.exe
Silent: In the command prompt, go to the <ISO mounted location>\IdentityApplications location and run install.exe -i silent
The Identity Applications update program will update User Application, OSP, SSPR, Tomcat, and JRE.
For GUI, on the Introduction page, click Next.
Review the Deployed Applications page, then click Next.
This page lists the currently installed components with their versions.
On the Available Patches page, click Next.
This page lists the available updates for the installed components.
Review the required disk space and available disk space for installation in the Pre-Install Summary page, then click Install.
The installation process might take some time to complete.
Before applying the service pack, the installation process automatically stops the Tomcat service.
The process also creates a back-up of the current configuration for the installed components.
In case, the installation reports any warnings or errors, see the logs from the Service Pack Installation/Logs directory.
For example, C:\NetIQ\IDM\apps\Identity_Apps_4.8.2.0_Install\Logs. You must fix the issues and manually restart the Tomcat service.
Start the Tomcat service.
(Optional) To verify that the service pack has been successfully applied, launch the upgraded components and check the component versions.
Clear your browser cache before accessing Identity Applications.
NOTE:To modify any settings in the configuration update utility, launch configupdate.bat from the <install_directory>\IDM\apps\configupdate directory.
(Conditional) Delete or take a back-up of the existing logs from the <install_directory>\IDM\apps\tomcat\logs directory.
Download and mount the Identity_Manager_4.8.2_Windows.iso file.
Navigate to the <ISO mounted location>\IdentityReporting directory.
Perform following steps:
Silent: In the command prompt, go to the <ISO mounted location>\IdentityReporting location and run install.exe -i silent
GUI: In the IdentityReporting directory, double-click on install.exe
For GUI, on the Introduction page, click Next.
Review the Deployed Applications page, then click Next.
This page lists the currently installed components with their versions.
On the Available Updates page, click Next.
This page lists the available updates for the installed components.
On the Pre-Installation Summary page, click Install.
Start the Tomcat service.
Clear your browser cache before accessing Identity Reporting.
NOTE:To modify any settings in the configuration update utility, launch configupdate.bat from the <install_directory>\IDM\apps\configupdate directory.
Perform the following actions after applying this service pack.
(Conditional) This section does not apply if you have already upgraded to 4.8.1 and extended the Identity Vault Schema.
This section applies if you want to extend the Identity Vault schema for the Resource Weightage feature.
To extend the Identity Vault schema, perform the following steps:
Log in to the server where you want to extend the Identity Vault schema.
Create a new file in your preferred directory.
For example, create nrf-extensions.sch file in the C:\Temp directory.
Open the nrf-extensions.sch file and add the following content:
--
-- The nrfResourceWeightage attribute contained by nrfResource object class specifies the weightage of
-- resource object which is used for assignment/revocation based on priority
--
NDSSchemaExtensions DEFINITIONS ::=
BEGIN
"nrfResourceWeightage" ATTRIBUTE ::=
{
Operation ADD,
Flags {DS_SYNC_IMMEDIATE, DS_SINGLE_VALUED_ATTR},
SyntaxID SYN_INTEGER,
ASN1ObjID {2 16 840 1 113719 1 33 4 174}
}
"nrfResource" OBJECT-CLASS ::=
{
Operation MODIFY,
MayContain {"nrfResourceWeightage"}
}
ENDNavigate to the C:\NetIQ\eDirectory\ directory.
Run the following command to extend the schema:
ice -l <schema_update_log> -C -a -S SCH -f <file that you created in step 2> -D LDAP -s <eDirectory DNS name/IP> -p <LDAP port> -d <eDirectory_admin_dn> -w <eDirectory_admin_password>
where,
-C -a updates the destination schema.
-f indicates the schema file (sch).
-p indicates the port number of the LDAP server. The default port is 389. For secure communication, use port 636. Secure communication needs an SSL Certificate.
-L indicates a file in DER format containing a server key used for SSL authentication.
-s indicates the DNS name or IP address of the LDAP server.
For example,
ice -l schemaupdate.log -C -a -S SCH -f C:\Temp\nrf-extensions.sch -D LDAP -s idmorg.com -p 636 -d cn=admin,ou=idm,o=microfocus -w password -L cert.der
Update the Role and Resource Service Driver to 4.8.2. For more information, refer to the section Update Driver Packages.
Restart the Identity Vault.
NOTE:Before updating driver packages to 4.8.2, ensure that you have the Identity Applications latest version.
Once the Identity Application is updated to latest version, you can now update Role and Resource Service Driver (RRSD) to 4.8.2. For more information on updating RRSD, see NetIQ Identity Manager Role and Resource Service Driver 4.8.2 Readme.
(Conditional) This service pack has the same version of PostgreSQL as in Identity Manager 4.8.1. You can skip updating PostgreSQL if version 12.2 is already installed.
IMPORTANT:In addition to the default capabilities offered by PostgreSQL 12.2, this service pack allows you to configure the PostgreSQL database with SSL (OpenSSL 1.0.2u built with FIPS) and without zlib. This service pack also bundles the PostgreSQL Contrib packages.
Stop and disable the PostgreSQL service running on your server.
Rename the postgres directory from C:\Netiq\IDM\apps.
For example, rename postgres to postgressql_old.
Remove the old PostgreSQL service by running the following command:
sc delete <"postgres_service_name">
For example, sc delete "NetIQ PostgreSQL"
Download and mount the Identity_Manager_4.8.2_Windows.iso file.
Navigate to the <ISO mounted location>\common\postgres directory and run the NetIQ_PostgreSQL.exe file. Select only PostgreSQL option during installation.
NOTE:
Do not provide any database details in PostgreSQL details page. Ensure that Create database login account and Create empty database options are unchecked.
Ensure that you have Administrator privilege for the old and new PostgreSQL installation directories.
Stop the newly installed PostgreSQL service (NetIQ PostgreSQL).
Go to Services, search for <PostgreSQL version number> service, and stop the service.
NOTE:Appropriate users can perform stop operations after providing valid authentication.
Change the permissions for the newly installed PostgreSQL directory by performing the following actions:
(Optional) If postgres user is not created, then perform the following steps to create a postgres user:
Go to Control Panel > User Accounts > User Accounts > Manage Accounts.
Click Add a user account.
In the Add a User page, specify postgres as the user name and provide a password for the user.
Provide permissions to postgres user to the existing and newly installed PostgreSQL directories:
Right click the PostgreSQL directory and go to Properties > Security > Edit.
Select Full Control for the user to provide complete permissions.
Click Apply.
Access the PostgreSQL directory as postgres user.
Login to the server as postgres user.
Before logging in, make sure that postgres can connect to the Windows server by verifying if a remote connection is allowed for this user.
Delete the data directory from the new postgres install location.
For example, C:\NetIQ\IDM\apps\postgres\data.
Open a command prompt and set PGPASSWORD by using the following command:
set PGPASSWORD=<your pg password>
Change to the newly installed PostgreSQL directory.
For example, C:\netiq\IDM\apps\postgresql\bin.
Based on the encoding type that is set for the database, execute the following initdb commands as a postgres user from the bin directory.
If the encoding type is set to UTF8, run the following command:
initdb.exe -D <new_data_directory> -E <Encoding> UTF8 -U postgres
For example, initdb.exe -D C:\NetIQ\IDM\apps\postgres\data -E UTF8 -U postgres
If the encoding type is set to WIN1252, run the following command:
initdb.exe -D <new_data_directory> -E <Encoding> WIN1252 -U postgres
For example, initdb.exe -D C:\NetIQ\IDM\apps\postgres\data -E WIN1252 -U postgres
Upgrade PostgreSQL from new PostgreSQL bin directory. Run the following command and click Enter:
pg_upgrade.exe --old-datadir "C:\NetIQ\IDM\apps\postgres9.6.12\data" --new-datadir
"C:\NetIQ\IDM\apps\postgres\data" --old-bindir
"C:\NetIQ\IDM\apps\postgres9.6.12\bin" --new-bindir
"C:\NetIQ\IDM\apps\postgres\bin"
NOTE:
C:\NetIQ\IDM\apps\postgres9.6.12 refers to the postgressql_old directory created in step 2.
Ensure that you set the Method type from md5 to trust in the pg_hba.conf file for both old and new postgres directories (path: C:\NetIQ\idm\apps\postgres\data\ directory).
Change the old PostgreSQL directory according to the folder name.
After successful upgrade, replace the pg_hba.conf and postgresql.conf files from the old postgres data directory to the new postgres data directory (C:\NetIQ\IDM\apps\postgres\data).
Start the upgraded PostgreSQL database service.
Go to Services, search for <PostgreSQL version number> service, that is NetIQ PostgreSQL and start the service.
NOTE:Appropriate users can perform start operations after providing valid authentication.
(Optional) Delete the old data files from the bin directory of the newly installed PostgreSQL service to ensure that the service does not start automatically.
Log in as postgres user.
Navigate to the bin directory and run analyze_new_cluster.bat and delete_old_cluster.bat files.
For example,C:\NetIQ\IDM\apps\postgres\bin