This section describes how to perform a silent install of the identity applications. A silent installation requires no interaction during the installation and can save you time, especially when you install on more than one server. You can perform silent installations on supported Linux computers only.
To prepare for the installation, review the activities listed in Checklist for Installing the Identity Applications. Also see the Release Notes accompanying the release.
This process includes the following activities:
Instead of specifying the configuration passwords in the .properties file, you can set the passwords in the environment instead. In this case, the silent installer will read the passwords from the environment, rather than from the silent.properties file. This can provide some additional security.
You must specify the following passwords for the installation:
NOVL_DB_USER_PASSWORD
NOVL_CONFIG_DBADMIN_PASSWORD
NOVL_CONFIG_LDAPADMINPASS
NOVL_CONFIG_KEYSTOREPASSWORD
Use the export command. For example:
export NOVL_DB_USER_PASSWORD=myPassWord
Use the set command. For example:
set NOVL_DB_USER_PASSWORD=myPassWord
You must edit the parameter values in the .properties file before performing the silent installation or configuration. The table in this section provides a list of the parameters. The parameters correspond to the basic installation parameters as well as for configuring RBPM and the identity applications. For more information about specifying the parameter values, see Using the Guided Process to Install the Identity Applications and Section 40.0, Configuring the Settings for the Identity Applications.
Log in as root to the computer where you want to install the identity applications
Ensure that the silent.properties file is stored on the local computer.
By default, you can find the file in the products/rbpm/user_app_install directory within the .iso image file for the Identity Manager installation package.
Open the user_app.configure.properties file.
Modify the following parameters in the .properties file:
|
Parameter Name |
Description |
|---|---|
|
USER_INSTALL_DIR= |
Specify the installation path for the User Application. For example: /opt/netiq/idm/apps/UserApplication |
|
NOVL_APP_SERVER_TYPE_CHOICE= |
Specify the application server hosting the User Application. This release of Identity Manager supports only Apache Tomcat. |
|
NOVL_TOMCAT_BASE_FOLDER= |
Specify the base folder location of the application server hosting the User Application. For example: /opt/netiq/idm/apps/tomcat |
|
NOVL_APPLICATION_NAME= |
Specify the application context name. By default, it contains IDMProv as an application context name. |
|
NOVL_CREATE_DB= |
Specify whether you want to configure new or existing database as part of the installation process, or afterward. Alternatively, you can create a schema file at installation time, which the Database Administrator would use to create the tables later. Depending on your requirement, specify one of the following options:
|
|
NOVL_DATABASE_NEW= |
Specify whether you want to use existing, empty databases, or create new tables in the existing database. To create a new database specify true. Ensure that a database exists before selecting this option. Otherwise, specify false. |
|
NOVL_UPGRADE= |
To upgrade your User Application using an existing database, specify true. If database is existing and it has User Application tables from a previous installation, specify false. If the existing database runs on an Oracle platform, you must prepare Oracle before updating the schema. For more information, see Preparing an Oracle Database for the SQL File. |
|
NOVL_UPGRADE_PROPS_FILE= |
If you are upgrading the User Application, specify the path of the properties file of the currently installed application. |
|
NOVL_JDBC_DRIVER= NOVL_DB_JARFILE_NAME= |
Specify the absolute path of the JDBC jar file. For example: /opt/netiq/idm/apps/postgres/postgresql-9.4.1212.jdbc42.jar |
|
NOVL_DB_DRIVER_CLASS_NAME= |
Specify the database driver class name for the database that is used for installation.
NOTE:MS SQL is supported on Windows only. |
|
NOVL_DB_DRIVER_NAME= |
Specify the database driver name.
NOTE:MS SQL is supported on Windows only. |
|
NOVL_DB_JDBC_URL= |
Specify the URL to connect to the database running the User Application.
NOTE:MS SQL is supported on Windows only. |
|
NOVL_DB_TYPE |
Select the valid database type. Your options are: PostgreSQL, SQL Server, and Oracle. |
|
NOVL_DB_ORACLE_VERSION= |
If you select Oracle in NOVL_DB_TYPE, specify the version of the database. |
|
NOVL_DB_HOST= |
Specify the hostname or IP address of the User Application database server.For example: 192.168.0.1 |
|
NOVL_DB_PORT= |
Specify the port that is used by the User Application database server.For example: 5432 |
|
NOVL_DB_NAME= |
Specify the name of your database. For example, idmuserappdb. |
|
NOVL_DB_USER= |
Specify the name of an account that allows the User Application to access and modify data in the databases. For example, idmadmin. |
|
NOVL_DB_USER_PASSWORD= NOVL_DB_USER_PASSWORD_CONFIRM= |
Specify and confirm the password for the username specified in NOVL_DB_USER. |
|
NOVL_CONFIG_DBADMIN_NAME= NOVL_CONFIG_DBADMIN_PASSWORD= NOVL_CONFIG_DBADMIN_PASSWORD_CONFIRM= |
Specify the name and password for the database administrator. You can use the same user account and password that you specified for NOVL_DB_USER and NOVL_DB_USER_PASSWORD. To use that account, do not make any changes. |
|
NOVL_CONFIG_WRITE_TO_FILE= |
By default, the value of this property is set to 0. To write database to a file, change the value to 1. You might select this option if you do not have permissions to create or modify a database in your environment. For more information about generating the tables with the file, see Manually Creating the Database Schema. |
|
RUN_LDAPCONFIG= |
Specify whether you want to configure LDAP settings now or later. The options are:
|
|
NOVL_JAVA_HOME= |
Specify the JAVA_HOME path for this attribute and specify the same path for USER_MAGIC_FOLDER_1 attribute also. For example: /opt/netiq/idm/apps/jre |
|
NOVL_AUDIT_OFF= NOVL_AUDIT_ON= |
Specify whether you want to set up auditing for the User Application. By default auditing is enabled. If you choose this option, you must also set NOVL_AUDIT_SERVER and NOVL_AUDIT_LOG_CACHE_DIR properties. |
|
NOVL_AUDIT_SERVER= |
If auditing is enabled, specify the hostname or IP address of the Audit server.For example: 192.168.0.1 |
|
NOVL_AUDIT_LOG_CACHE_DIR= |
If auditing is enabled, specify the absolute path of audit cache. For example: /var/opt/novell/audit |
|
NOVL_XDAS_OFF= NOVL_XDAS_ON= |
Specify whether you want to use XDAS for auditing the User Application. If you choose this option, you must also set the following XDAS options:
|
|
NOVL_XDAS_SERVER_NAME= |
If XDAS is enabled, specify the hostname or IP address of the XDAS server. |
|
NOVL_XDAS_LOGGING_DIR= |
If XDAS is enabled, specify the path of the XDAS directory. |
|
NOVL_UA_OSP_PWD= |
Specify the User Application and OSP password. |
|
NOVL_USE_EXTERNAL_AUTH_SERVER= |
If OSP is installed on a different server, you can configure that server for external authentication with the User Application. If you choose this option, you must also set the following properties:
By default, authenticating to an external server is disabled. |
|
NOVL_EXTERNAL_AUTH_PROTOCOL= |
If you are using an external server for authentication, specify the external authentication protocol. For example: http/https |
|
NOVL_EXTERNAL_AUTH_HOSTNAME= |
If you are using an external server for authentication, specify the hostname or IP address of the authentication server.For example: 192.168.0.1 |
|
NOVL_EXTERNAL_AUTH_PORT= |
If you are using an external server for authentication, specify the port value of the authentication server.For example: 8180 for http, 8443 for https |
|
NOVL_CONFIG_UPDATE_FILE_PATH= |
Specify the path for the configuration update properties file. For example: /root/configupdate.properties |
To establish a trust connection between Identity Applications and eDirectory server, import the eDirecotry certificates into Identity Applications.
Export the eDirectory certificate from iManager:
Log in to iManager as an administrator.
Navigate to Roles and Task > NetIQ Certificate Access > Server Certificates.
Check the SSL CertificateDNS check box and click Export.
From Certificates drop-down list, select SSL CertificateDNS option, clear the Export Private Key check box, and select the export format as DER.
Click Next.
Click Save the exported certificate, and exported certificate is saved on to your local system.
Import the eDirectory certificate into Identity Applications:
Log in to the server as an administrator where you want to install Identity Applications.
Copy the eDirectory certificate which you have exported from iManager, run keytool command:
<java bin path>keytool -import -trustcacerts -file <Cerificate_Path> -alias <ALIAS_NAME> -keystore <java security keystore path>
In Certificate_Path, specify the location of eDirectory certificate that is saved in your computer.
In ALIAS_NAME, specify any alias name for the certificate. For example,
/opt/netiq/idm/jre/bin/keytool -import -trustcacerts -file /opt/Certificate_Import_Path/EdirCertificate -alias EDIR_CERT -keystore /opt/netiq/idm/jre/lib/security/cacerts
Log in as a root user to the computer where you want to install the identity applications.
Open a terminal session.
Specify the values for the installation. For more information, see Editing the Silent Properties File and Safeguarding the Passwords for a Silent Installation.
To launch the installation program for your platform, enter the following command:
Linux: ./IdmUserApp.bin -i silent -f /yourdirectorypath/silent.properties
Windows: ./IdmUserApp.exe -i silent -f /yourdirectorypath/silent.properties
NOTE:If the silent.properties file is in a different directory from the installer script, you must specify the full path to the file. The script unpacks the necessary files to a temporary directory and then launches the silent installation.