The installation program (wizard) can guide you through the configuration settings for the Identity Vault. The installation program automatically defaults to wizard mode. However, you can also perform a silent installation.
This section assumes that you want to use eDirectory as the base structure for the Identity Vault.
When you start the installation program, it checks for Novell International Cryptographic Infrastructure (NICI) and Novell Client for Windows. The installation program will install or update these
components as needed. If you install the Identity Vault on a computer already containing the Novell Client, eDirectory will use the existing Novell Client. You can install the Identity Vault for Windows without the Novell Client.
For more information about NICI, see the Novell International Cryptographic Infrastructure 2.7 Administration Guide. For more information on the Client, see the Novell Client for Windows documentation.
The installation program can install the server components for NetIQ Module Authentication Service (NMAS). During the installation, you must specify the login methods to use with NMAS. You must also install the NMAS client software on each client workstation where you want to use the NMAS login methods.
NOTE
Starting with eDirectory 8.8, you can use case-sensitive passwords for all the utilities.
Your container names can include a period (dot). For information on using dots in container names, see Section 7.2.3, “Prerequisites for Installing Identity Vault on a Windows Server,” on page 62.
10.1 Using the Wizard to Install the Identity Vault on a Windows Server
1 Log in as administrative user to the computer where you want to install eDirectory.
2 Navigate to the Setup.exe program in the installation directory, by default IDMversion_Win:\products\eDirectory\processor_type\windows\.
3 Run the Setup.exe program.
4 Follow the steps in the installation wizard.
5 (Conditional) If the NICI or Novell Client for Windows is not already installed on the computer, the installation program will prompt you to install these components.
The computer will restart after the program installs NICI. The Identity Vault installation wizard should open after the computer restarts. If it does not open, run the Setup.exe program.
6 In the Identity Vault installation program, complete the steps in the wizard with the following considerations:
(Optional) To use IPv6 addresses on the Identity Vault server, click Enable IPv6 under IPv6 Preference.
NOTE: NetIQ recommends that you enable this option. To enable IPv6 addressing after installation, you must run the setup program again.
Ensure that the ports for HTTP stack are different than the HTTP stack ports you have used or will use for NetIQ iManager. For more information, see the iManager Administration Guide.
(Conditional) If a service already loaded on the host server (before eDirectory was installed) uses port 636, you must specify a different port for SSL/TLS.
(Optional) To disallow clear passwords and other data, select Require TLS for Simple Bind with Password when specifying the LDAP ports. For more information, see Section 8.5,
“Using LDAP to Communicate with the Identity Vault,” on page 78.
Specify the login methods that you want to install for NetIQ Module Authentication Service (NMAS). For more information, see “Managing Login and Post-Login Methods and Sequences” in the NetIQ Modular Authentication Services 3.3 Administration Guide.
You must install and configure NetIQ SecreStore (ss). For more information, see Section 12.1.2, “Adding SecretStore to the Identity Vault Schema,” on page 107.
7 Follow the instructions in the wizard until you finish installing the Identity Vault.
8 To use the NMAS login methods, install the NMAS client software on each client workstation. For more information, see “NMAS Considerations” in the NetIQ eDirectory Administration Guide.
9 (Optional) Exclude the DIB directory on your eDirectory server from any antivirus or backup software processes. Use the eDirectory Backup Tool to back up your DIB directory. For more information about backing up eDirectory, see “Backing Up and Restoring NetIQ eDirectory” in the NetIQ eDirectory Administration Guide.
10.2 Silently Installing and Configuring the Identity Vault on a Windows Server
To support a silent (or unattended) installation or configuration of the Identity Vault, you can use a response.ni file that contains sections and keys, similar to a Windows.ini file.
NOTE: You must install and configure NetIQ SecreStore (ss). For more information, see Section 12.1.2, “Adding SecretStore to the Identity Vault Schema,” on page 107.
10.2.1 Editing the response.ni File
You can use an ASCII text edit to create and edit the response.ni file. The response file helps you:
Perform a complete unattended installation with all required user inputs.
Define the default configuration of components.
Bypass all prompts during the installation.
NetIQ provides a response.ni file in the products\eDirectory\x64\windows\x64\NDSonNT folder of the installation kit. The file contains default settings for essential parameters. You must edit the values for the eDirectory instance in the NWI:NDS section.
Installing the Identity Vault on a Windows Server 89 NOTE: When you edit the response.ni file, do not include blank spaces between the key and values along with the equal sign (“=”) in each key-value pair.
WARNING: You specify the administrator user credentials in the response.ni file for an unattended installation. To prevent the administrator credentials from being compromised, you should
permanently delete the file after the installation or configuration.
The following sections describe the sections and keys required in the response.ni file:
“NWI:NDS” on page 89
“NWI:NMAS (NMAS Methods)” on page 91
“eDir:HTTP (Ports)” on page 92
“Novell:Languages:1.0.0 (Language Settings)” on page 92
“Initialization” on page 92
“NWI:SNMP” on page 93
“EDIR:SLP” on page 93
“Novell:ExistingTree:1.0.0” on page 93
“Selected Nodes” on page 94
“Novell:NOVELL_ROOT:1.0.0” on page 94
NWI:NDS
Upgrade Mode
Specifies whether to run the installation program as an upgrade. Valid values are False, True, and Copy.
Mode
Specifies the type of installation that you want to perform:
full allows you to both install and configure the Identity Vault. Specify this value when you wan to perform a fresh installation and configuration of the Identity Vault or an upgrade and configuration of only the required files.
install allows you to install a fresh version of the Identity Vault or upgrade the required files.
configure allows you to modify the Identity Vault settings. If you only perform an upgrade of the required files, then the installation program configures only the upgraded files.
NOTE
If you specify configure, ensure that you do not change the RestrictNodeRemove value of the ConfigurationMode key in the [Initialization] section.
If you specify full, you cannot opt for individual deconfiguration and uninstallation option when you uninstall the Identity Vault.
New Tree
Specifies whether this installation is for a new tree or a secondary server. Valid values are Yes and No. For example, if you want to install a new tree, specify Yes. For more information about specifying values for an existing tree, see “Novell:ExistingTree:1.0.0” on page 93.
Tree Name
If this is a new installation, specify the name of the tree that you want to install. To install a secondary server, specify the tree where you want to add the server.
Server Name
Specifies the name of the server that you want to install in the Identity Vault.
Server Container
Specifies the container object in the tree to which the server object will be added. The server object contains all the configuration details specific to the Identity Vault server. If you are installing a fresh version of the Identity Vault, the installation program creates this container with the server object.
Server Context
Specifies the complete distinguished name (DN) of the server object (server name), along with the container object. For example, if the Identity Vault server is EDIR-TEST-SERVER and the container is Netiq, specify EDIR-TEST-SERVER.Netiq.
Admin Context
Specifies the container object in the tree to which the Administrator object will be added. For example, Netiq. Any user added to a tree has a user object that contains all the user-specific details. If you are installing a fresh version of the Identity Vault, the installation program creates this container with the server object.
Admin Login Name
Specifies the relative distinguished name (RDN) of the Administrator object in the tree that has full rights, at least to the context to which this server is added. For example, Admin. The installation program uses this account to perform all operations in the tree.
Admin Password
Specifies the password for the Administrator object. For example, netiq123. If you are installing a fresh version of the Identity Vault, the installation program configures this password for the Administrator object.
NDS Location
Specifies the path in the local system where you want to install the Identity Vault libraries and binaries. When you configure the Identity Vault components, they refer to this installation location for relevant files. By default, the installation program places the files in C:\Novell\NDS.
DataDir
Specifies the path in the local system where you want to install the DIB files. By default, the installation program places the files in C:\Novell\NDS\DIBFiles.
You might want to specify a different path if the DIB data files for your environment will require more space that is available in the default location.
Installation Location
(Optional) Specifies a path that the installation program uses while copying files to the NDS Location. For example, [Novell:DST:1.0.0_Location] or Path=file://C:\Novell\NDS. The default value is C:\Novell\NDS, the same as the default for NDS Location. The installation program uses this path while copying files to the specified NDS and DataDir locations.
Installing the Identity Vault on a Windows Server 91 System Location
(Optional) Specifies a path to the system folder of the computer where you want to install the Identity Vault server. For example, [Novell:SYS32_DST:1.0.0_Location] or Path=file:/
C:\Windows\system32. The installation program requires access to the system folder to copy DLLs and to access system-specific files during installation.
Require TLS
(Optional) Specifies whether the Identity Vault requires Transport Layer Security (TLS) protocol when receiving LDAP requests in clear text.
LDAP TLS Port
(Optional) Specifies the port on which the Identity Vault listens for LDAP requests in clear text.
LDAP SSL Port
(Optional) Specifies the port on which the Identity Vault should listen for LDAP requests using Secure Sockets Layer (SSL) protocol.
Install as Service
Instructs the installation program to install eDirectory as a service in Windows. You must specify Yes.
Prompt
Specifies whether the installation program prompts you for decisions such as tree name and server name. For example, in a silent or unattended installation, specify False.