3.5 Considerations for Installing Identity Reporting Components

This section provides guidance for preparing to install the components for Identity Reporting. You can use Sentinel to audit events.

NetIQ recommends that you review the following information before starting the installation process.

3.5.1 Prerequisites for Identity Reporting

  • The installation process requires the following minimum space requirements:

    • /opt - 2 GB

    • /var - 2 GB

    • /etc - 2 GB

  • The installation process requires a supported and configured version of the following Identity Manager components:

    • Identity applications, including the User Application driver (applicable only for Advanced Edition)

    • Sentinel Log Management installed on a separate Linux computer.

  • The installation process modifies JAVA_OPTs or CATALINA_OPTS entries for JRE mapping in the setenv.sh file for Tomcat.

  • Do not install Identity Reporting on a server in a clustered environment.

  • If you are connecting to a remote database, ensure that you create the database before installing Identity Reporting. For information on connecting to the remote PostgreSQL database, see Connecting to a Remote PostgreSQL Database.

  • To run reports against an Oracle database, you must ensure that you have copied the ojdbc8.jar. For more information, see Running Reports on an Oracle Database.

  • Assign the Report Administrator role to any users that you want to access reporting functionality

  • Ensure that all servers in your Identity Manager environment are set to the same time. If you do not synchronize the time on your servers, some reports might be empty when executed. For example, this issue can affect data related to new users when the servers hosting the Identity Manager engine and the warehouse have different time stamps. If you create and then modify a user, the reports are populated with data.

  • To configure Reporting, you must specify the hostname in lowercase. Identity Reporting 6.6.0 and its later versions no longer allows IP address to configure Reporting.

  • If you are using a supported version of Remote PostgreSQL, Oracle, or Microsoft SQL Server databases, you must configure the database instance for Identity Reporting (idmrptdb) to work correctly. Ensure that you configure the database instances on the same server.

3.5.2 Identifying Audit Events for Identity Reporting

This section provides information on how to identify different audit events required for Identity Manager reports and custom reports. You can unzip all report sources and run the following script to identify the audit events:

find . -name *.jrxml -print0 |xargs -0 grep -H "'000[B3]" | perl -ne '($file) = /^\.\/(.*?)\//;@a = /000[3B]..../g; foreach $a (@a) { print "$file;$a\n"}' |sort -u

The following section provides information on how to identify and select various audit events for identity Manager reports and custom reports:

Event Name

Audit Flag

Authentication and Password Change

Selecting Audit Flag using SSPR: Launch SSPR Configuration Editor > Audit Configuration > Select from the following audit flags:

  • Authenticate

  • Change Password

  • Unlock Password

  • Recover Password

  • Intruder Attempt

  • Intruder Lock

  • Intruder Lock User

Selecting Audit Flag using iManager: Go to iManager Roles and Tasks > eDirectory Auditing > > Audit Configuration > Novell Audit > Select from the following audit flags:

  • Change Password

  • Verify Password

  • Login

  • Logout

All other reporting events

Go to NetIQ Identity Manager UserApp > Administration > Logging > Enable audit service