2.1 New Identity Server Cluster Configuration

This section explains how to add your Identity Server to a cluster and how to configure the cluster to communicate with the LDAP server and use its authentication credentials.

Table 2-1 Identity Server Configuration Information

What you need to know


Your Value

LDAP server information:



DN of the administrator




Password of the administrator




IP address of the LDAP server



DN of the user container



DNS name of the Identity Server



Names you need to create:




Identity Server cluster name




User store name

User Store



Replica name

User Store Replica



Alias certificate name



Organization information for the Identity Server cluster:





Access Manager



Display name

Access Manager 3






For more information, see Creating a Basic Identity Server Configuration in the NetIQ Access Manager 3.1 SP5 Setup Guide.

  1. In the Administration Console, click Devices > Identity Servers.

  2. Click New Cluster.

  3. Specify a name such as idpa, select your Identity Server, then click OK.

    In Table 2-1, idpa is the Identity Server cluster name you created.

  4. Configure the Base URL of the Identity Server, using the DNS name of the Identity Server:


    In Table 2-1, this is the DNS name of the Identity Server with a port and /nipd.

  5. Click Next, then configure the organization information.

    Name: Access Manager

    Display name: Access Manager 3

    URL: idpa.am.novell.com

    In Table 2-1, these three fields are the organization information you created for the Identity Server cluster.

  6. Click Next, then configure the user store:

    Name: User Store

    In Table 2-1, User Store is the sample name for the user store.

    Admin name: cn=admin,o=novell

    In Table 2-1, this is the sample DN of the administrator for the LDAP server.

    Admin password: novell

    Confirm password: novell

    In Table 2-1, these fields are the sample password for the administrator of the LDAP server.

    Directory Type: Select a type from the drop-down menu.

  7. In the Server replicas section, click New, then fill in the following fields:

    Name: User Store Replica

    In Table 2-1, User Store Replica is the sample name for the replica

    IP Address:

    In Table 2-1, this is the sample IP address of the LDAP server.

    Use secure LDAP connections: Select this option.

    Auto import trusted root: Click this link, follow the prompts, and specify UserStoreRoot for the alias.

    In Table 2-1, UserStoreRoot is the sample alias certificate name.

  8. Click OK, then make sure the Validation Status of the replica displays a green check mark. If the check mark is red, you have a configuration error:

    • Check the distinguished name of the admin user, the password, and the IP address of the replica.

    • Check for network communication problems between the Identity Server and the LDAP server.

  9. In the Search Contexts section, click New, then specify the following:

    Search context: ou=users,o=novell

    In Table 2-1, this is the sample DN of the user container.

    Scope: Subtree

  10. Click OK > Finish, then restart Tomcat as prompted.

  11. Wait for the health status of the Identity Server to turn green, then verify the configuration:

    1. Enter the Base URL of the Identity Server in a browser.

    2. Log in using the credentials of a user in the LDAP server.

      The user portal appears.

      If the URL returns an error rather than displaying a login page, verify the following:

      • The browser machine can resolve the DNS name of the Identity Server.

      • The browser machine can access to the port.