To support a silent (or unattended) installation or configuration of the Identity Vault, you can use a response.ni file that contains sections and keys, similar to a Windows.ini file.
NOTE:You must install and configure NetIQ SecreStore (ss). For more information, see Section 11.1.2, Adding SecretStore to the Identity Vault Schema.
You can use an ASCII text edit to create and edit the response.ni file. The response file helps you:
Perform a complete unattended installation with all required user inputs.
Define the default configuration of components.
Bypass all prompts during the installation.
NetIQ provides a response.ni file in the products\eDirectory\x64\windows\x64\NDSonNT folder of the installation kit. The file contains default settings for essential parameters. You must edit the values for the eDirectory instance in the NWI:NDS section.
NOTE:When you edit the response.ni file, do not include blank spaces between the key and values along with the equal sign (“=”) in each key-value pair.
WARNING:You specify the administrator user credentials in the response.ni file for an unattended installation. To prevent the administrator credentials from being compromised, you should permanently delete the file after the installation or configuration.
The following sections describe the sections and keys required in the response.ni file:
Specifies whether to run the installation program as an upgrade. Valid values are False, True, and Copy.
Specifies the type of installation that you want to perform:
full allows you to both install and configure the Identity Vault. Specify this value when you wan to perform a fresh installation and configuration of the Identity Vault or an upgrade and configuration of only the required files.
install allows you to install a fresh version of the Identity Vault or upgrade the required files.
configure allows you to modify the Identity Vault settings. If you only perform an upgrade of the required files, then the installation program configures only the upgraded files.
NOTE:
If you specify configure, ensure that you do not change the RestrictNodeRemove value of the ConfigurationMode key in the [Initialization] section.
If you specify full, you cannot opt for individual deconfiguration and uninstallation option when you uninstall the Identity Vault.
Specifies whether this installation is for a new tree or a secondary server. Valid values are Yes and No. For example, if you want to install a new tree, specify Yes. For more information about specifying values for an existing tree, see Novell:ExistingTree:1.0.0.
If this is a new installation, specify the name of the tree that you want to install. To install a secondary server, specify the tree where you want to add the server.
Specifies the name of the server that you want to install in the Identity Vault.
Specifies the container object in the tree to which the server object will be added. The server object contains all the configuration details specific to the Identity Vault server. If you are installing a fresh version of the Identity Vault, the installation program creates this container with the server object.
Specifies the complete distinguished name (DN) of the server object (server name), along with the container object. For example, if the Identity Vault server is EDIR-TEST-SERVER and the container is Netiq, specify EDIR-TEST-SERVER.Netiq.
Specifies the container object in the tree to which the Administrator object will be added. For example, Netiq. Any user added to a tree has a user object that contains all the user-specific details. If you are installing a fresh version of the Identity Vault, the installation program creates this container with the server object.
Specifies the relative distinguished name (RDN) of the Administrator object in the tree that has full rights, at least to the context to which this server is added. For example, Admin. The installation program uses this account to perform all operations in the tree.
Specifies the password for the Administrator object. For example, netiq123. If you are installing a fresh version of the Identity Vault, the installation program configures this password for the Administrator object.
Specifies the path in the local system where you want to install the Identity Vault libraries and binaries. When you configure the Identity Vault components, they refer to this installation location for relevant files. By default, the installation program places the files in C:\Novell\NDS.
Specifies the path in the local system where you want to install the DIB files. By default, the installation program places the files in C:\Novell\NDS\DIBFiles.
You might want to specify a different path if the DIB data files for your environment will require more space that is available in the default location.
(Optional) Specifies a path that the installation program uses while copying files to the NDS Location. For example, [Novell:DST:1.0.0_Location] or Path=file://C:\Novell\NDS. The default value is C:\Novell\NDS, the same as the default for NDS Location. The installation program uses this path while copying files to the specified NDS and DataDir locations.
(Optional) Specifies a path to the system folder of the computer where you want to install the Identity Vault server. For example, [Novell:SYS32_DST:1.0.0_Location] or Path=file:/C:\Windows\system32. The installation program requires access to the system folder to copy DLLs and to access system-specific files during installation.
(Optional) Specifies whether the Identity Vault requires Transport Layer Security (TLS) protocol when receiving LDAP requests in clear text.
(Optional) Specifies the port on which the Identity Vault listens for LDAP requests in clear text.
(Optional) Specifies the port on which the Identity Vault should listen for LDAP requests using Secure Sockets Layer (SSL) protocol.
Instructs the installation program to install eDirectory as a service in Windows. You must specify Yes.
Specifies whether the installation program prompts you for decisions such as tree name and server name. For example, in a silent or unattended installation, specify False.
The Identity Vault supports multiple NMAS methods, both during installation and upgrade. You must specify the NDS NMAS method in the response.ni file. If you do not specify any NMAS methods, the installation program installs the NDS method by default. However, if you are creating an explicit list, you must include NDS.
Specifies the number of NMAS methods that you want to install. For example, 5.
Specifies the types of NMAS methods that you want to install. Use commas to separate multiple types. For example, CertMutual,Challenge Response,DIGEST-MD5,NDS.
The installation program matches the exact string (with case) for choosing the NMAS methods to install, so you must specify the values exactly as listed:
CertMutual
Challenge Response - which represents the NetIQ challenge response NMAS method.
DIGEST-MD5
Enhanced Password
Entrust
GSSAPI - which represents the SASL GSSAPI mechanism for eDirectory. Authentication to the Identity Vault occurs through LDAP using a Kerberos ticket.
NDS - the default login method. REQUIRED.
NDS Change Password
Simple Password
Universal Smart Card
X509 Advanced Certificate
X509 Certificate
When you specify the NMAS methods in the response file, the Identity Vault shows a status message while installing without prompting for user input.
The Identity Vault listens on preconfigured HTTP ports for access through the web. For example, iMonitor accesses the Identity Vault through web interfaces. They need to specify certain ports to access the appropriate applications. The following options allow you to configure the Identity Vault for specific ports:
Specifies the number of the port for the HTTP operations in clear text.
Specifies the number of the port for the HTTP operations using SSL protocol.
During installation, you can specify the locale and displayed language for the Identity Vault: English, French, or Japanese. These values are mutually exclusive.
Represents English. For example, LangID4=true.
Represents French.
Represents Japanese.
NOTE:
Do not specify true for more than one language.
You can also specify the language that the installation program uses to display messages throughout the installation. For more information, see Initialization.
The [Initialization] section of the response.ni file specifies the settings for the installation process.
Specifies the language used for messages displayed during the installation process. For example, DisplayLanguage=en_US.
Specifies how you want to run the installation process. For example, to perform a silent or unattended installation, specify silent.
Specifies whether the installation program prompts you to review a summary of the installation settings. For example, in a silent or unattended installation, specify false.
Specifies whether the installation program prompts you for decisions. For example, in a silent or unattended installation, specify false.
Most Windows servers have SNMP configured and running. When you install the Identity Vault, you must stop SNMP services and then restart after the process completes. During a manual installation, the program prompts you to stop the SNMP services before continuing the installation.
To stop SNMP services without a prompt during a silent or unattended installation, in the [NWI:SNMP] section of the response.ni file, specify Stop Service=yes.
The Identity Vault uses Service Location Protocol (SLP) services to identify other servers or trees in the subnet during installation or upgrade. If SLP services are already installed on your server, you can replace them with the version that ships with the current version of the Identity Vault or use your own SLP services.
Specifies whether to uninstall any SLP services already installed on your server. The default value is true.
Specifies whether to remove the files for any SLP services already installed on your server. The default value is true.
The installation program provides options for the unattended install of a primary or a secondary server into a network. The installation program uses three different keys to decide whether to install a new tree or a secondary server in an existing tree.
NOTE:The New Tree key resides in the NWI:NDS section. For more information, see NWI:NDS.
Valid values are True and False. For example, if you want to install a new tree, specify False.
Valid values are True and False. For example, if you want to install a new tree, specify True.
To run a silent or unattended installation without prompts for decisions about primary or secondary server installation, in the Existing Tree section of the response.ni file, specify prompt=false.
This section in the response.ni file lists the components that are installed in the Identity Vault, along with information in the profile database that contains more information about the component, including source location, destination copy location, and component version. These details in the profile database are compiled into a .db file that is delivered in the Identity Vault release.
To run a silent or unattended installation without prompts for decisions such as the destination copy location or version details, in the [Selected Nodes] section of the response.ni file, specify prompt=false.
Your response file must include this section. Use the keys and values exactly as provided in the sample response.ni file.
This section in the response.ni file contains the settings for image and status displays that occur during the installation process. For example, you can specify the settings for the way the installation program responds to scenarios such as file write conflicts and file copying decisions. You can also specify whether images are displayed. Most images contain information on what version of the Identity Vault is installed, what components are installed, a welcome screen, license files, customization options, a status message indicating the component currently being installed, percentage complete, etc. Some applications that intend to embed eDirectory might not want eDirectory displaying these images.
To run a silent or unattended installation without prompts for decisions such as the destination copy location or version details, in this section of the response.ni file, specify prompt=false.
Your response file should include this section. Use the keys and values provided in the sample response.ni file.
Before beginning, review the prerequisites for performing a silent or unattended installation on a Windows server. For more information, see Section 7.2.3, Prerequisites for Installing Identity Vault on a Windows Server. Also, create the response.ni file to use as a template for the installation. For more information, see Section 10.2.1, Editing the response.ni File.
NOTE:To ensure that the operating system does not display a status window for installation, upgrade, or configuration, use the nopleasewait option in the command.
Create a new response.ni file or edit an existing response file. For more information about the values in the response file, see Section 10.2.1, Editing the response.ni File.
Log in with an administrator account to the computer where you want to install the Identity Vault.
Open a command prompt with the Run as administrator option enabled.
At the command line, enter the following command:
path_to_installation_files\windows\eDirectory\x64\NDSonNT>install.exe /silent /nopleasewait /template=Response file
For example:
D:\builds\eDirectory\windows\eDirectory\x64\NDSonNT>install.exe /silent / nopleasewait /template=D:\builds\eDirectory\windows\x64\NDSonNT\response.ni
Create a new response.ni file or edit an existing response file. For more information about the values in the response file, see Section 10.2.1, Editing the response.ni File.
Log in with an administrator account to the computer where you want to install the Identity Vault.
Open a command prompt with the Run as administrator option enabled.
At the command line, enter the following command:
Windows Drive\Program Files\Common Files\novell>install.exe /silent /restrictnoderemove /nopleasewait /template=Response file
For example:
c:\Program Files\Common Files\novell>install.exe /silent /restrictnoderemove /nopleasewait /template=D:\builds\eDirectory\windows\x64\NDSonNT\response.ni
Before beginning, review the prerequisites for performing a silent or unattended installation on a Windows server. For more information, see Section 7.2.3, Prerequisites for Installing Identity Vault on a Windows Server. Also, create the response.ni file to use as a template for the installation.
Create a new response.ni file or edit an existing response file. For more information about the values in the response file, see Section 10.2.1, Editing the response.ni File.
Log in with an administrator account to the computer where you want to install the Identity Vault.
Open a command prompt with the Run as administrator option enabled.
At the command line, enter the following command:
Unzipped Location\windows\eDirectory\x64\NDSonNT>install.exe /silent /nopleasewait /template=Response file
For example:
D:\builds\eDirectory\windows\eDirectory\x64\NDSonNT>install.exe /silent / nopleasewait /template=D:\builds\eDirectory\windows\x64\NDSonNT\response.ni