This section defines the settings for the eDirectory tree for the Identity Vault. Some parameters apply to configuring a new tree versus an existing tree. Also, the program displays the basic parameters. To view all parameters, click Advanced Settings.
Use the following parameters if you do not have an existing eDirectory tree. All of the parameters in this section help you create a new tree.
Select this option to create a new eDirectory tree for your Identity Vault.
Specifies the name of the tree that you want to create. The tree name must meet the following requirements:
The tree name must be unique in your network.
The tree name must be 2 to 32 characters long.
The tree name must contain only characters such as letters (a-zA-Z), numbers (0-9), hyphens (-), and underscores (_).
If you have separate trees, creating a corporate standard for the tree names makes it easier to merge trees in the future.
Specifies the password for the Administrator object. For example, netiq123. The installation program configures this password for the Administrator object that the installation program creates.
All of the remaining settings are under Advanced Settings. If you do not make any changes to the Advanced Settings, the configuration program uses the default settings listed.
Specifies the relative distinguished name (RDN) of the administrator object in the tree that has full rights, at least to the context to which this server is added. The default name is admin.
The installation program uses this account to perform all operations in the tree.
Applies to Linux servers only
Specifies the NetWare Core Protocol (NCP) port that the Identity Vault uses to communicate with the Identity Manager components. The default value is 524.
Specifies the port on which the Identity Vault listens for LDAP requests in clear text. The default value is 389.
For more information about using LDAP, see Using LDAP to Communicate with the Identity Vault
in the NetIQ Identity Manager Setup Guide.
Specifies the port on which the Identity Vault listens for LDAP requests using Secure Sockets Layer (SSL) protocol. The default value is 636.
If a service already loaded on the server (before you install eDirectory) uses the default port, you must specify a different port. For more information about using LDAP, see Using LDAP to Communicate with the Identity Vault
in the NetIQ Identity Manager Setup Guide.
Specifies the port on which the HTTP stack operates in clear text. The default value is 8028.
The specified HTTP stack ports must be different than the HTTP stack ports that you use for iManager. For more information, see the iManager Administration Guide.
Specifies the port on which the HTTP stack operates using TLS/SSL protocol. The default value is 8030.
The specified HTTP stack ports must be different than the HTTP stack ports that you use for iManager. For more information, see the iManager Administration Guide.
Applies to Linux servers only
Specifies the path of this eDirectory instance on this server. The default path is /var/opt/novell/eDirectory. You can run multiple instances of eDirectory on one server.
Specifies the path in the local system where you want to install the Directory Information Base (DIB) files. By default, the installation program places the files in the following locations:
Linux: /var/opt/novell/eDirectory/data/dib
Windows: C:\NetIQ\IdentityManager\NDS\DIBFiles\
The DIB data files are your eDirectory database files. You might want to specify a different path if the DIB data files for your environment require more space than is available in the default location.
IMPORTANT:DIB files must reside in the \NDS directory on Windows. The configuration of the Identity Manager engine fails if you change the default location of the DIB files on Windows.
(Optional) Select whether the Identity Vault requires Transport Layer Security (TLS) protocol when receiving LDAP requests in clear text. This option is enabled by default.
Applies to Windows servers only
(Optional) Select whether to enable SecretStore during the configuration of eDirectory. For more information, see SecretStore Integration with eDirectory.
If you already have an existing eDirectory tree, use the following parameters to add this new server into the existing tree.
IMPORTANT:Ensure that you understand the implications of adding a new server into an existing tree. For more information, see Section 4.1, Considerations for Configuring the Components.
Select this option to if you have an existing tree that you want to modify for the Identity Vault.
Specify your existing eDirectory tree name.
Specify the IP address of the server that holds the master replica of the root partition.
Specify the NCP port of the server specified above. The default port for NCP is 524.
Specify the LDAP DN of the context where you want this server placed in your existing tree. The default value is ou=servers,o=system from the Identity Vault structure that the integrated installer creates. For more information, see Section 1.3, Understanding the Default Identity Vault Structure.
Specify the name of the eDirectory administrator. The default name is admin. For more information, see Section 1.3, Understanding the Default Identity Vault Structure.
Specify the LDAP DN of the context where the eDirectory administrator resides in the existing tree. The default value is ou=sa,o=system from the Identity Vault structure that the integrated installer creates. For more information, see Section 1.3, Understanding the Default Identity Vault Structure.
Specify the password of the eDirectory administrator.
All of the remaining settings are under Advanced Settings. If you do not make any changes to the Advanced Settings, the configuration program uses the default settings listed.
Specifies the port on which the existing eDirectory tree listens for LDAP requests in clear text. The default value is 389.
For more information about using LDAP, see Using LDAP to Communicate with the Identity Vault
in the NetIQ Identity Manager Setup Guide.
Specifies the port on which the existing eDirectory tree listens for LDAP requests using Secure Sockets Layer (SSL) protocol. The default value is 636.
For more information about using LDAP, see Using LDAP to Communicate with the Identity Vault
in the NetIQ Identity Manager Setup Guide.
Specifies the port on which the HTTP stack operates in clear text. The default value is 8028.
The specified HTTP stack ports must be different than the HTTP stack ports that you use for iManager. For more information, see the iManager Administration Guide.
Specifies the port on which the HTTP stack operates using TLS/SSL protocol. The default value is 8030.
The specified HTTP stack ports must be different than the HTTP stack ports that you use for iManager. For more information, see the iManager Administration Guide.
Specifies the path in the local system where you want to install the Directory Information Base (DIB) files. By default, the installation program places the files in the following locations:
Linux: /var/opt/novell/eDirectory/data/dib
Windows: C:\NetIQ\IdentityManager\NDS\DIBFiles\
The DIB data files are your eDirectory database files. You might want to specify a different path if the DIB data files for your environment require more space than is available in the default location.
IMPORTANT:DIB files must reside in the \NDS directory on Windows. The configuration of the Identity Manager engine fails if you change the default location of the DIB files on Windows.
(Optional) Select whether the Identity Vault requires Transport Layer Security (TLS) protocol when receiving LDAP requests in clear text. This option is enabled by default.
Applies to Windows servers only
(Optional) Select whether to enable SecretStore during the configuration of eDirectory. For more information, see SecretStore Integration with eDirectory.