3.1 About the Roles Based Provisioning Module Installation

Identity Manager 4.0.2 will install the core runtime components of RBPM for you automatically. However, you can also invoke the installation program for the Roles Based Provisioning Module separately.

The RBPM installation program needs to be executed on the machine where your Identity Manager Metadirectory environment has been installed. The installation will fail if eDirectory is not installed in the default location or default dib location.

The User Application expects the eDirectory server be set to require the use of NMAS Login first during login, so that Universal Password (UP) functionality may be enforced. In version 4.0.2, the IDM integrated installer automatically handles this by modifying the pre_ndsd_start script (for Linux) or the HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\Environment registry key (for Windows):

  • In Linux, the /opt/novell/eDirectory/sbin/pre_ndsd_start script will be modified by the IDM integrated installer to add the following commands:

    NDSD_TRY_NMASLOGIN_FIRST=true
    export NDSD_TRY_NMASLOGIN_FIRST
    
  • In Windows, the registry key HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\Environment will be modified to add the key NDSD_TRY_NMASLOGIN_FIRST with the string value true.

    For more information, see the Identity Manager 4.0.2 Integrated Installation Guide.

NOTE:The RBPM installation program will fail to execute properly if eDirectory is not running on the default LDAP ports of 389 and 636. If you are not running on the default LDAP ports, you will always be told that the schema is not valid and that you have to run the NrfCaseUpdate utility. To fix this problem, you need to extend the schema manually, as described in Section 3.4, Extending the Schema Manually.

Once these items have been installed into Identity Manager, you need to follow the steps described in Section 4.0, Creating the Drivers to create the drivers needed to run the User Application.

IMPORTANT:If you have a User Application Driver in your eDirectory tree that was created with 3.6.1 or an earlier release of the RBPM, you need to run the NrfCaseUpdate utility before you run the Roles Based Provisioning Module installation program. If you do not, your installation will fail. This step is not required if you are doing a new installation of version 4.0.2 or are upgrading from 3.7.