IBM Tivoli Identity Manager: Server Installation Guide on UNIX …publib.boulder.ibm.com/.../en_US/PDF/svrins45mst_unix.pdf · 2007. 9. 30. · UNIX server to manage resources from

IBM Tivoli Identity Manager

Server Installation Guide on UNIX usingWebSphereVersion 4.5.0

SC32-1147-02

��

Note:Before using this information and the product it supports, read the information in Appendix H, “Notices”, on page 133.

Third Edition (September 2003)

This edition applies to version 4.5.0 of Tivoli Identity Manager and to all subsequent releases and modificationsuntil otherwise indicated in new editions.

© Copyright International Business Machines Corporation 2003. All rights reserved.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

Contents

Preface . . . . . . . . . . . . . . viiWho Should Read This Book . . . . . . . . viiPublications . . . . . . . . . . . . . . vii

Tivoli Identity Manager Server Library . . . . viiPrerequisite Product Publications . . . . . . viiiRelated Publications . . . . . . . . . . viiiAccessing Publications Online . . . . . . . ix

Accessibility . . . . . . . . . . . . . . ixContacting Software Support. . . . . . . . . ixConventions Used in This Book . . . . . . . . ixInstallation Directory Conventions . . . . . . . x

Chapter 1. Introduction . . . . . . . . 1Hardware and Software Requirements . . . . . . 1Product Compact Discs . . . . . . . . . . . 1

Chapter 2. Configuration Overview . . . 3WebSphere Application Server Terminology . . . . 3Single-Server Configurations . . . . . . . . . 4Cluster Configurations for Tivoli Identity Manager . 6

Tivoli Identity Manager Server Tiers . . . . . 7Single-cluster Configuration . . . . . . . . 7Functional Cluster Configuration . . . . . . 8Java Message Service and Other Server Processes 10WebSphere Environment Limitations using TivoliIdentity Manager . . . . . . . . . . . 10

Chapter 3. Database Configuration. . . 11IBM DB2 Configuration . . . . . . . . . . 11

Ensuring Communication and Configuring theServer . . . . . . . . . . . . . . . 11Configuring the IBM DB2 JDBC Driver . . . . 14Configuring IBM DB2 Version 7.1 and 7.2 for aJDBC Type 2 Driver . . . . . . . . . . 16Sourcing the IBM DB2 Profile on Each ClusterMember Computer . . . . . . . . . . . 16Example: Expanding Values for DB2 . . . . . 17

Oracle Installation and Configuration for TivoliIdentity Manager . . . . . . . . . . . . 17

Preparing to Install Oracle on AIX . . . . . . 17Preparing to Install Oracle on Solaris . . . . . 19Preparing to Install Oracle on Windows . . . . 20Configuring Oracle after Installation . . . . . 21

Chapter 4. Directory ServerConfiguration . . . . . . . . . . . . 23IBM Directory Server Configuration . . . . . . 23

Specify the Suffix for Tivoli Identity Manager . . 24Configure the Referential Integrity Plug-in forTivoli Identity Manager . . . . . . . . . 24Restart the Directory Server . . . . . . . . 25Create the LDAP Suffix Object . . . . . . . 26

Using Version 5.1 and WebSphere ApplicationServer on the Same Computer . . . . . . . . 27

Sun ONE Directory Server Configuration . . . . 28

Chapter 5. Single-server Installation:Tivoli Identity Manager Server. . . . . 31Before You Begin . . . . . . . . . . . . 31Resolving Port Problems . . . . . . . . . . 33Information Worksheet for Single-Server Installation 34

Database Information . . . . . . . . . . 34Directory Server Information . . . . . . . 35WebSphere Application Server Information forSingle-Server Installation . . . . . . . . . 36IBM HTTP Server Information . . . . . . . 37Tivoli Identity Manager Information . . . . . 37

Installing Tivoli Identity Manager Server . . . . 38Navigate Initial Welcome and LicensingWindows . . . . . . . . . . . . . . 40Select the Installation Type and InstallationDirectory . . . . . . . . . . . . . . 41Select the Database . . . . . . . . . . . 42Complete the Windows for a Single-serverInstallation . . . . . . . . . . . . . 42Specify WebSphere Global Security . . . . . 43Specify an Encryption Key and Read thePre-Installation Summary . . . . . . . . . 45Installation Progress and AdditionalConfiguration Activities . . . . . . . . . 46Logs and Directories for Single-Server Installation 52Complete Security Configuration . . . . . . 53Using runConfig after Installing Tivoli IdentityManager . . . . . . . . . . . . . . 53Optionally Installing a Language Pack . . . . 54

Testing Tivoli Identity Manager ServerCommunication . . . . . . . . . . . . . 54Server-Agent Communication . . . . . . . . 55

Chapter 6. Cluster Installation: TivoliIdentity Manager Server . . . . . . . 57Before You Begin . . . . . . . . . . . . 57

Resolving Port Problems . . . . . . . . . 58Creating Clusters Using Network DeploymentManager . . . . . . . . . . . . . . 59

Information Worksheet for Cluster Installation. . . 60Database Information . . . . . . . . . . 60Directory Server Information . . . . . . . 61WebSphere Application Server Information forCluster Installation . . . . . . . . . . . 62Tivoli Identity Manager Information . . . . . 63

Installing Tivoli Identity Manager Server . . . . 64Navigate Initial Welcome and LicensingWindows . . . . . . . . . . . . . . 66Select the Installation Type and DefaultInstallation Directory . . . . . . . . . . 67Select the Database . . . . . . . . . . . 68Complete the Sequence for Cluster Installation 68Specify WebSphere Global Security . . . . . 71

© Copyright IBM Corp. 2003 iii

Specify an Encryption Key and Read thePre-Installation Summary . . . . . . . . . 73Installation Progress and AdditionalConfiguration Activities . . . . . . . . . 74Logs and Directories for Cluster Installation . . 80Complete Security Configuration . . . . . . 81Using runConfig after Installing Tivoli IdentityManager . . . . . . . . . . . . . . 81Optionally Installing a Language Pack . . . . 81Optionally, Define HTTP Session Persistence . . 82Verify Transaction Service Settings . . . . . . 82

Update the Web Server Plug-in . . . . . . . . 82Start Clusters . . . . . . . . . . . . . . 82Testing Tivoli Identity Manager ServerCommunication . . . . . . . . . . . . . 82Server-Agent Communication . . . . . . . . 84Adding or Removing Cluster Members . . . . . 84

Expanding a Cluster Using a New Computer . . 84Expanding a Cluster Using the Same Computer 85Removing a Cluster Member . . . . . . . 85

Appendix A. Compact Discs . . . . . 87Recommended WebSphere Interim Fix PQ77521 Noton CDs . . . . . . . . . . . . . . . . 87Language Packs CD . . . . . . . . . . . 87Base Code Solaris CD for Tivoli Identity Managerusing WebSphere Application Server . . . . . . 87Base Code Solaris CD for Tivoli Identity Managerfor non-IBM Application Servers . . . . . . . 88Supplemental Solaris CD 1 . . . . . . . . . 88Supplemental Solaris CD 2 . . . . . . . . . 88Supplemental Solaris CD 3 . . . . . . . . . 89Supplemental Solaris CD 4 . . . . . . . . . 89Base Code AIX CD for Tivoli Identity Managerusing WebSphere Application Server . . . . . . 89Base Code AIX CD for Tivoli Identity Manager fornon-IBM Application Servers . . . . . . . . 89Supplemental AIX CD 1 . . . . . . . . . . 89Supplemental AIX CD 2 . . . . . . . . . . 90Supplemental AIX CD 3 . . . . . . . . . . 90Base Code HP-UX CD for Tivoli Identity Managerfor non-IBM Application Servers . . . . . . . 91Base Code Windows 2000 CD for Tivoli IdentityManager using WebSphere Application Server . . . 91Base Code Windows 2000 CD for Tivoli IdentityManager for non-IBM Application Servers . . . . 91Supplemental Windows 2000 CD 1 . . . . . . 91Supplemental Windows 2000 CD 2 . . . . . . 92Supplemental Windows 2000 CD 3 . . . . . . 92Supplemental Windows 2000 CD 4 . . . . . . 92

Appendix B. Software and HardwareRequirements on UNIX . . . . . . . . 93Minimum UNIX Operating System and HardwareRequirements for Tivoli Identity Manager usingWebSphere . . . . . . . . . . . . . . 93Databases for Tivoli Identity Manager Server usingWebSphere . . . . . . . . . . . . . . 94Directory Servers for Tivoli Identity Manager Serverusing WebSphere . . . . . . . . . . . . 94

Tivoli Identity Manager Server Prerequisites forWebSphere and HTTP Servers . . . . . . . . 95Supported Web Browsers . . . . . . . . . . 96

Appendix C. Preparing the WebSphereEnvironment . . . . . . . . . . . . 97Preparing for WebSphere Application ServerInstallation . . . . . . . . . . . . . . 97

Ensuring Messaging Support User and Groupsare Specified . . . . . . . . . . . . . 97Ensuring Solaris Kernel Settings for WebSphereEmbedded Messaging Server and Client . . . . 98Using an Existing WebSphere MQ Version 5.3 . . 98Validating Availability of Port 9090 . . . . . 98

Configuring Tivoli Identity Manager Clusters . . . 99Installing WebSphere Application ServerNetwork Deployment . . . . . . . . . . 99Installing IBM HTTP Server and WebSphereWeb Server Plugin. . . . . . . . . . . 100Generating the WebSphere Web Server PluginConfiguration File . . . . . . . . . . . 101Installing Base on Each Node . . . . . . . 102Add Nodes to a Cell . . . . . . . . . . 102Restarting the Node . . . . . . . . . . 103Create a Cluster . . . . . . . . . . . 103Ensure that Network Deployment Manager andNode Agents are Running . . . . . . . . 103

Configuring WebSphere Application ServerTransaction Service Settings . . . . . . . . 104

Appendix D. Security Considerations 107Security for WebSphere . . . . . . . . . . 107

Configuring Security for Single-NodeDeployment . . . . . . . . . . . . . 107Configuring Security for Multi-NodeDeployment . . . . . . . . . . . . . 110Disabling J2EE Security . . . . . . . . . 113

Alternatives in Configuring the HTTP Server . . . 113

Appendix E. Upgrading from TivoliIdentity Manager 4.3 to Tivoli IdentityManager 4.5 . . . . . . . . . . . . 117Before You Begin . . . . . . . . . . . . 117Upgrading from Tivoli Identity Manager 4.3 UsingWebLogic to Tivoli Identity Manager 4.5 UsingWebLogic. . . . . . . . . . . . . . . 118Installing Tivoli Identity Manager Version 4.5 usingWebSphere Application Server . . . . . . . . 118Configuring the New Installation . . . . . . . 119

Appendix F. Upgrading from TivoliIdentity Manager Version 4.4.x to 4.5 . 121Before You Begin . . . . . . . . . . . . 121Upgrading a Single-Server Configuration . . . . 122

Upgrading Tivoli Identity Manager 4.4.x to 4.5 122Upgrading a Cluster Configuration . . . . . . 123

Upgrading Tivoli Identity Manager 4.4.x to 4.5for the Network Deployment Manager System . 124

iv IBM Tivoli Identity Manager: Server Installation Guide on UNIX using WebSphere

Upgrading Tivoli Identity Manager 4.4.x to 4.5for the Member System . . . . . . . . . 125

Appendix G. Uninstalling TivoliIdentity Manager . . . . . . . . . . 129Before You Begin . . . . . . . . . . . . 129Steps to Uninstall Tivoli Identity Manager . . . . 130

Appendix H. Notices . . . . . . . . 133Trademarks . . . . . . . . . . . . . . 134

Glossary . . . . . . . . . . . . . 137

Index . . . . . . . . . . . . . . . 141

Contents v

vi IBM Tivoli Identity Manager: Server Installation Guide on UNIX using WebSphere

Preface

The IBM ® Tivoli ® Identity Manager Installation Guide on UNIX using WebSphere®

describes how to install and configure the Tivoli Identity Manager Server on aUNIX server to manage resources from a central location.

Who Should Read This BookThis manual is intended for system and security administrators who install,maintain, or administer software on their site’s computer systems. Readers areexpected to understand system and security administration concepts. Additionally,the reader should understand administration concepts for the following:v Directory serverv Database serverv WebSphere® embedded messaging supportv WebSphere Application Server or WebLogicv IBM HTTP Servers

PublicationsRead the descriptions of the Tivoli Identity Manager library, the prerequisitepublications, and the related publications to determine which publications youmight find helpful. After you determine the publications you need, refer to theinstructions for accessing publications online.

Tivoli Identity Manager Server LibraryThe publications in the Tivoli Identity Manager Server library are:v Online user assistance for Tivoli Identity Manager

Provides integrated online help topics for all Tivoli Identity Manageradministrative tasks.

v Separate versions of Tivoli Identity Manager Server Installation Guide on eitherUNIX or Windows, using either WebSphere or WebLogic. Use the versionappropriate for your site.Provides installation information for Tivoli Identity Manager.

v Tivoli Identity Manager Policy and Organization Administration GuideProvides topics for Tivoli Identity Manager administrative tasks.

v Tivoli Identity Manager Server Configuration GuideProvides configuration information for single-server and cluster Tivoli IdentityManager configurations.

v Tivoli Identity Manager End User GuideProvides beginning user information for Tivoli Identity Manager.

v Tivoli Identity Manager Release NotesProvides software and hardware requirements for Tivoli Identity Manager, andadditional fix, patch, and other support information.

v Tivoli Identity Manager Troubleshooting GuideProvides additional problem solving information for the Tivoli Identity Managerproduct.

© Copyright IBM Corp. 2003 vii

Prerequisite Product PublicationsTo use the information in this book effectively, you must have knowledge of theproducts that are prerequisites for Tivoli Identity Manager. Publications areavailable from the following locations:v WebSphere Application Server

http://www.ibm.com/software/webservers/appserv/support.html

Note: The following brief list of Redbooks describes installing and configuringWebSphere Application Server and providing additional security.Although the list was current when this publication went to production,publications may become obsolete. Contact your customer representativefor a recommended list of resource information.– IBM WebSphere Application Server V5.0 System Management and

Configuration, an IBM Redbook– IBM WebSphere Application Server V5.0 Security, an IBM Redbook

v Database servers– IBM DB2

http://www.ibm.com/software/data/db2/udb/support.htmlhttp://www.ibm.com/software/data/db2

– Oraclehttp://technet.oracle.com/documentation/content.html

v Directory server applications– IBM Directory Server

http://www.ibm.com/software/network/directory– Sun ONE Directory Server

http://www.ibm.com/software/network/directoryv WebSphere embedded messaging support (or IBM MQSeries)

http://www.ibm.com/software/ts/mqseriesv Web Proxy Server

– IBM HTTP Serverhttp://www.ibm.com/software/webservers/httpservers/library.html

Related PublicationsInformation related to Tivoli Identity Manager Server is available in the followingpublications:v The Tivoli Software Library provides a variety of Tivoli publications such as

white papers, datasheets, demonstrations, redbooks, and announcement letters.The Tivoli Software Library is available on the Web at:http://www.ibm.com/software/tivoli/library/

v The Tivoli Software Glossary includes definitions for many of the technical termsrelated to Tivoli software. The Tivoli Software Glossary is available, in Englishonly from the Glossary link on the left side of the Tivoli Software Library Webpage:http://www.ibm.com/software/tivoli/library/

viii IBM Tivoli Identity Manager: Server Installation Guide on UNIX using WebSphere

http://www-4.ibm.com/software/webservers/appserv/support.htmlhttp://www-4.ibm.com/software/data/db2/udb/support.htmlhttp://www.ibm.com/software/data/db2http://technet.oracle.com/documentation/content.htmlhttp://www.ibm.com/software/network/directoryhttp://wwws.sun.com/software/sunone/http://www-4.ibm.com/software/ts/mqserieshttp://www-3.ibm.com/software/webservers/httpservers/library.htmlhttp://www.ibm.com/software/tivoli/library/http://www.ibm.com/software/tivoli/library/

Accessing Publications OnlineThe IBM publications for this product are available online in Portable DocumentFormat (PDF) or Hypertext Markup Language (HTML) format, or both at theTivoli Software Library:

http://www.ibm.com/software/tivoli/library

To locate product publications in the library, click the Product manuals link on theleft side of the Library page. Then, locate and click the name of the product on theTivoli Software Information Center page.

Product publications include release notes, installation guides, user’s guides,administrator’s guides, and developer’s references.

Note: To ensure proper printing of PDF publications, select the Fit to page checkbox in the Adobe Acrobat Print window (which is available when you clickFile → Print).

AccessibilityThe product documentation includes the following features to aid accessibility:v Documentation is available in both HTML and PDF formats to give the

maximum opportunity for users to apply screen-reader software.v All images in the documentation are provided with alternative text so that users

with vision impairments can understand the contents of the images.

Contacting Software SupportBefore contacting IBM Tivoli Software support with a problem, refer to the IBMTivoli Software support Web site at:

http://www.ibm.com/software/sysmgmt/products/support/

If you need additional help, contact software support using the methods describedin the IBM Software Support Guide at the following Web site:

http://techsupport.services.ibm.com/guides/handbook.html

This guide provides the following information:v Registration and eligibility requirements for receiving supportv Telephone numbers, depending on the country in which you are locatedv A list of information you should gather before contacting customer support

Conventions Used in This BookThis reference uses several conventions for special terms and actions and foroperating system-dependent commands and paths.

The following typeface conventions are used in this book:

Bold Bold text indicates selectable window buttons, field entries, andcommands appearing in this manual except from within examplesor the contents of files.

Preface ix

http://www.ibm.com/software/tivoli/library/http://www.ibm.com/software/sysmgmt/products/support/http://techsupport.services.ibm.com/guides/handbook.html

Monospace Text in monospace type indicates the contents of files, file names orthe output from commands.

italic Italic text indicates context-specific values such as:v path namesv file namesv user namesv group namesv system parametersv environment variables

% The percent sign (%) indicates the C shell screen prompt as part ofexamples included in this manual. Your system’s C shell screenprompt may be different.

# The pound sign (#) represents the screen prompt shown to userslogged in as superusers (root access).

Installation Directory ConventionsThis publication uses the following conventions to specify default directories:

{ITIM_HOME}The default installation directory for Tivoli Identity Manager

{WAS_HOME}The default installation directory for WebSphere Application Server

{WAS_NDM_HOME}The default installation directory for WebSphere Application ServerNetwork Deployment

x IBM Tivoli Identity Manager: Server Installation Guide on UNIX using WebSphere

Chapter 1. Introduction

This manual describes installing, initially configuring, and verifying the TivoliIdentity Manager Server on either a single-server or cluster configuration. Use theinstallation documentation that matches the operating system and Web applicationon your system. There is also a Tivoli Identity Manager Server Installation Guide forWindows using WebSphere.

Major steps to install and begin to use the Tivoli Identity Manager Server varydepending on whether installation is for a single-server or cluster configuration,and whether a pre-existing WebSphere Application Server is used. An overview ofsteps includes the following:1. Determining whether your configuration should be a single server or requires a

more scalable cluster or functional cluster solution, described in Chapter 2,“Configuration Overview”, on page 3.

2. Installing and configuring a database described in Chapter 3, “DatabaseConfiguration”, on page 11.

3. Installing and configuring a directory server, described in Chapter 4, “DirectoryServer Configuration”, on page 23.

4. For a single-server configuration, installing Tivoli Identity Manager Server,described in Chapter 5, “Single-server Installation: Tivoli Identity ManagerServer”, on page 31.

5. For a cluster configuration, doing the following:v Installing and configuring prerequisite WebSphere Application Server

support described in Appendix C, “Preparing the WebSphere Environment”,on page 97.

v Creating clusters and installing Tivoli Identity Manager Server, described inChapter 6, “Cluster Installation: Tivoli Identity Manager Server”, on page 57.

Note: You must manually install the required fix packs for a clusterconfiguration.

Hardware and Software RequirementsFor a list of software and hardware requirements, see Appendix B, “Software andHardware Requirements on UNIX”, on page 93.

Product Compact DiscsThe Tivoli Identity Manager Server product is provided on a series of compactdiscs (CDs). For help obtaining the CDs, contact IBM Support. For a list of the CDsand their contents, see Appendix A, “Compact Discs”, on page 87.

© Copyright IBM Corp. 2003 1

2 IBM Tivoli Identity Manager: Server Installation Guide on UNIX using WebSphere

Chapter 2. Configuration Overview

Tivoli Identity Manager servers in a WebSphere Application Server environmentare organized in either a single-server configuration or a cluster configuration. Thissection provides a brief, high-level description of configuration options and anoverview of their implementation sequences. Subsequent chapters provide greaterimplementation detail.

Notes:

1. Sample configurations in this chapter require a number of prior planningactivities before taking the steps that install and configure this product. Foradditional documentation that describes planning to meet your business needs,contact your customer representative.

2. For additional information about the WebSphere Application Server products,refer to additional documentation cited in “Prerequisite Product Publications”on page viii.

3. Fix packs are required for most middleware that Tivoli Identity Manager uses.For more information, see Appendix B, “Software and Hardware Requirementson UNIX”, on page 93.

WebSphere Application Server TerminologyThe following terms describe elements in WebSphere Application Serverconfigurations:

cell The administrative domain that a Deployment Manager manages. A cell isa logical grouping of nodes that enables common administative activities ina WebSphere Application Server distributed environment. A cell can haveone or many clusters.

node A node is a logical group of one or more application servers on a physicalcomputer. The node name is unique within the cell. A node name usuallyis identical to the host name for the computer. That is, a node usuallycorresponds to a physical computer system with a distinct IP address.

application serverThe application server is the primary component of WebSphere. The serverruns a Java virtual machine, providing the runtime environment for theapplication’s code. The application server provides containers thatspecialize in enabling the execution of specific Java applicationcomponents.

Network Deployment ManagerThe administrative process used to provide a centralized managementview and control for all elements in a WebSphere Application Serverdistributed cell, including the management of clusters. The NetworkDeployment Manager is responsible for the contents of the repositories oneach of the nodes. The Network Deployment Manager manages thisthrough communication with node agent processes on each node of thecell.

node agentA node agent manages all managed processes on a WebSphere ApplicationServer on a node by communicating with the Network DeploymentManager to coordinate and synchronize the configuration. A node agent


performs management operations on behalf of the Network DeploymentManager. The node agent represents the node in the management cell.Node agents are installed with WebSphere Application Server base, but arenot required until the node is added to a cell in a Network Deploymentenvironment.

clusterA logical grouping of one or more functionally identical application serverprocesses. A cluster provides ease of deployment, configuration, workloadbalancing, and fallback redundancy. A cluster is a collection of serversworking together as a single system to ensure that mission-criticalapplications and resources remain available to clients.

Clusters provide scalability. For more information, refer to additionaldocumentation that customer support may provide that describes verticaland horizontal clustering in the WebSphere Application Server distributedenvironment.

cluster memberAn instance of a WebSphere Application Server in a cluster.

WebSphere Web Server plug-inThe WebSphere Web Server plug-in is a component installed onto an HTTPserver to take incoming requests and transport them to the appropriateWeb container in a cluster. The behavior of the plug-in is governed by theplugin-cfg.xml file. The plug-in allows the Web server to communicaterequests for dynamic content, such as servlets, to the application server.

Single-Server ConfigurationsA single-server configuration might install WebSphere Application Server base andother required applications on one physical computer. The Tivoli Identity ManagerServer provides both user interface and workflow processing.


The configuration on one computer requires the following:v A database to store transactional informationv A directory serverv WebSphere Application Server basev Tivoli Identity Manager Serverv An HTTP server such as IBM HTTP Server and a WebSphere Web Server

plug-in. For a basic definition of WebSphere Web Server plug-in, see “WebSphereApplication Server Terminology” on page 3. For more information onconfiguring the WebSphere Web Server plug-in, see “Alternatives in Configuringthe HTTP Server” on page 113.

Optionally, you can install the instance of WebSphere Application Server base andTivoli Identity Manager Server on one physical computer and install all otherrequired applications on one or more additional computers.

Note: For additional manual configuration steps required if you install IBMDirectory Server version 5.1 on the same computer that has WebSphereApplication Server, see “Using Version 5.1 and WebSphere ApplicationServer on the Same Computer” on page 27.

WebSpherebase

Tivoli IdentityManager Server

HTTP Server

Web Serverplugin

DirectoryServer

TivoliIdentity

ManagerDatabase

Figure 1. Single-server configuration on one physical computer

Chapter 2. Configuration Overview 5

The computer that has the Tivoli Identity Manager Server requires the following:v WebSphere Application Server basev A JDBC driver (the database client)

The additional computers have the following:v A database to store transactional informationv A directory serverv An HTTP server such as IBM HTTP Server and the WebSphere Web Server

plug-in

For more information, see Chapter 5, “Single-server Installation: Tivoli IdentityManager Server”, on page 31.

Cluster Configurations for Tivoli Identity ManagerCluster configurations for Tivoli Identity Manager specify one of the following:v “Single-cluster Configuration” on page 7v “Functional Cluster Configuration” on page 8

For more information on configuring clusters, see “Creating Clusters UsingNetwork Deployment Manager” on page 59. For release levels and fix packspecifications, see Appendix B, “Software and Hardware Requirements on UNIX”,on page 93.

Notes:

1. In the following illustrations, each box shape represents one WebSphere nodeon one physical computer. It is recommended that only one node be created onone computer.

2. If you install IBM Directory Server version 5.1 on the same computer that hasWebSphere Application Server, see “Using Version 5.1 and WebSphereApplication Server on the Same Computer” on page 27 for additional manualsteps that are required.

WebSpherebase

JDBC driver

Tivoli IdentityManager Server

DirectoryServer

HTTPServer

Web Serverplugin

TivoliIdentity

ManagerDatabase

Figure 2. Single-server configuration on multiple physical computers


Tivoli Identity Manager Server TiersAs provided by Tivoli Identity Manager Server, a tier is a subset of functions, suchas the functions that handle user interface activity or the functions that handleworkflow activity. Tivoli Identity Manager Server can be installed as a multi-tieredserver that enables you to allocate the function provided by each tier to separateclusters in a functional cluster configuration.

The Tivoli Identity Manager Server provides the following tiers:

User Interface (UI)Provides the user interface processing function, including the dialogs andforms that enable a variety of users to work with function that TivoliIdentity Manager Server provides. For information about the user interface,refer to the Tivoli Identity Manager Policy and Organization AdministrationGuide.

Workflow (WF)Provides workflow processing function.

A workflow is the process by which a request is approved, rejected, or sentfor completion. For information on workflow processing, refer to the TivoliIdentity Manager Policy and Organization Administration Guide.

Installation options include the following:v Single serverv Single cluster or functional cluster: In a single-cluster installation, both tiers are

installed on every application server in a cluster member. Each cluster memberfunctions as the equivalent of a Tivoli Identity Manager single server.In a functional cluster, the user interface (UI) tier is installed on a cluster and theworkflow (WF) tier is installed on another cluster. Combining the functionalitiesof the two clusters provides the full function of Tivoli Identity Manager.

Single-cluster ConfigurationA configuration for a single cluster specifies a group of WebSphere applicationservers. Both the Tivoli Identity Manager user interface tier and workflow tier runon the same WebSphere Application Server on every node in the cluster. Theconfiguration specifies the Network Deployment Manager on one computer. Theremaining applications are configured on additional computers.


The following describes the configuration:v On the computer that has the Network Deployment Manager, install the

following:– WebSphere Network Deployment Manager– A JDBC driver (the database client)

v On each cluster member, install the following:– WebSphere Application Server– Tivoli Identity Manager Server. Installed in this configuration, the Tivoli

Identity Manager Server provides combined user interface and workflowtiers.

– A JDBC driver (the database client)v On one or more additional computers that are not in the cluster, install the

following:– A database to store transactional information– A directory server– An HTTP server such as IBM HTTP Server and a WebSphere Web Server

plug-in. For more information on this server, refer to documentation that IBMHTTP Server provides. For a basic definition of WebSphere Web Serverplug-in, see “WebSphere Application Server Terminology” on page 3. Formore information on configuring the WebSphere Web Server plug-in, see“Alternatives in Configuring the HTTP Server” on page 113.

Functional Cluster ConfigurationA configuration for a functional cluster places the Network Deployment Manageron one computer. The remaining applications are configured in separate clusters onadditional computers. The Tivoli Identity Manager Server UI tier is configured on

WebSphere NetworkDeployment Manager

JDBC driver

Tivoli IdentityManager Cell

DirectoryServerWebSphere

ApplicationServer (ITIM)

WebSpherebase

JDBC driver

WebSphereApplication

Server (ITIM)

WebSpherebase

JDBC driver


Server (ITIM)

Tivoli IdentityManager Cluster

HTTPServer

Web Serverplugin

TivoliIdentity

ManagerDatabase

Figure 3. Single-cluster configuration on multiple physical computers


the nodes in one cluster and the WF tier is configured on the nodes in another,separate cluster.

The following describes the configuration:v On the computer that has the Network Deployment Manager, install the

following:– WebSphere Network Deployment Manager– A JDBC driver (the database client)

v On each member of the each cluster, install the following:– WebSphere Application Server– Tivoli Identity Manager Server

Within the user interface cluster, instances of the Tivoli Identity ManagerServer provide only user interface processing. Within the workflow cluster,instances of the Tivoli Identity Manager Server provide only workflowprocessing.

– A JDBC driver (the database client)v On one or more additional computers that are not in a cluster, install the

following:– A database to store transactional information– A directory server– IBM HTTP Server and a WebSphere Web Server plug-in

DirectoryServer

WebSphere NetworkDeployment Manager

JDBC driver


Server( ITIM UI )


Server( ITIM UI )

Tivoli IdentityManager Cell

WebSpherebase

JDBC driver


Server( ITIM UI )


Server( ITIM WF )


Server( ITIM WF )

WF Cluster

UI Cluster

WebSpherebase

JDBC driver

HTTPServer

Web Serverplugin

TivoliIdentity

ManagerDatabase

Figure 4. Functional Cluster Configuration


Java Message Service and Other Server ProcessesAdditional server processes run in a WebSphere Application Server environment,such as the Java Message Service (termed the jmsserver process, also the JMSserver) that provides the WebSphere embedded messaging support.

Note: WebSphere embedded messaging support is required to enable TivoliIdentity Manager to exchange information with other applications, sendingand receiving data as messages. For more information, refer to WebSphereApplication Server documentation that describes WebSphere embeddedmessaging support or WebSphere MQ.

WebSphere Environment Limitations using Tivoli IdentityManager

To use Tivoli Identity Manager most effectively in a WebSphere environment,observe the following limitations:v Tivoli Identity Manager assumes that a cluster is homogeneous with respect to

operating system. To avoid problems with secure communication and certificateconfiguration, it is recommended that you do not use more than one operatingsystem type within a Tivoli Identity Manager cluster.

v In a functional cluster, do not place cluster members from the User Interface andthe Workflow clusters on the same computer.

v If there are multiple instances of WebSphere Application Server on the samecomputer, only servers from one of these instances can be Tivoli IdentityManager cluster members.

v WebSphere Application Server permits you to install both the NetworkDeployment Manager and a cluster member on the same computer. Ensure thatthe computer has the required memory, speed, and available space to meet theadditional load.


Chapter 3. Database Configuration

This chapter describes configuring a database for use with Tivoli Identity ManagerServer. For more information on supported database releases and required patches,see Appendix B, “Software and Hardware Requirements on UNIX”, on page 93. Formore information on IBM DB2, refer to documentation available athttp://www.ibm.com/software/data/db2/udb/support.html.

Notes:

1. The IBM DB2 settings described in this chapter are initial settings that requireruntime adjustment.

2. This chapter refers to the IBM DB2 runtime client as a type 2 Java DatabaseConnectivity driver. In subsequent mention, the term used is the JDBC driver.

This section describes the following:v “IBM DB2 Configuration”v “Oracle Installation and Configuration for Tivoli Identity Manager” on page 17

IBM DB2 ConfigurationYou must log on to the IBM DB2 server as Administrator to complete the followingsteps:v “Ensuring Communication and Configuring the Server”v “Configuring the IBM DB2 JDBC Driver” on page 14

Ensuring Communication and Configuring the ServerTo prepare the IBM DB2 server, do the following:v “Ensure TCP/IP Communication”v “Configure the IBM DB2 Server” on page 12

Ensure TCP/IP CommunicationBefore you begin, confirm TCP/IP communication on the IBM DB2 server. Do thefollowing:

Note: These steps assume the configuration uses multiple computers, one of whichhas the IBM DB2 server. If the database is on the same computer as the IBMDB2 server, it is not necessary to configure TCP/IP communication.

1. Enter su - where is the IBM DB2 instance owner such as db2inst1.

2. Run the following command in the DB2 command window:db2set -all DB2COMM

3. If a tcpip entry (indicating TCP/IP communication) is not in the list returnedby the db2set -all DB2COMM command, run the following command,including tcpip and any other values that were returned in the list that thecommand provided.db2set DB2COMM=tcpip,

For example, if the db2set -all DB2COMM command returned values such asnpipe and ipxspx in the list, specify these values again when you run thedb2set command the second time:


http://www-4.ibm.com/software/data/db2/udb/support.html

db2set DB2COMM=tcpip,npipe,ipxspx

Configure the IBM DB2 ServerTo configure the server, do the following:

Note: If the IBM DB2 server is on AIX, ensure that you set EXTSHM to ON on thecomputer on which the Tivoli Identity Manager Server is installed. SettingEXTSHM to ON will increase the number of shared memory segments towhich a single process can be attached. EXTSHM must be exported both inthe shell where the client application is started and also in the shell wheredb2start is run. For more information on setting this variable for the client,see “Configuring the IBM DB2 JDBC Driver” on page 14.

Before starting the IBM DB2 server, enter the following to configure theEXTSHM environment variable for multiple JDBC connections:export EXTSHM=ONdb2set DB2ENVLIST=EXTSHMdb2set -all

Additionally, add the following lines to the sqllib/db2profile file:EXTSHM=ONexport EXTSHM

1. Create a database with a name such as itimdb for Tivoli Identity Manager anda bufferpool named enrolebp.

Note: The database name is any name you specify. The bufferpool name mustbe enrolebp.

a. Enter su - where is the IBM DB2 instance owner such as db2inst1.

b. In the command window, execute these commands to create the database:db2 create db itimdb using codeset UTF-8 territory USdb2 update db cfg for itimdb using applheapsz heapvaluedb2 update db cfg for itimdb using app_ctl_heap_sz 512

where heapvalue is an integer in kilobytes such as 1024 representing thenumber of 4K pages.

Note: Set applheapsz to a value that is approximately half the value of thereal memory in the computer that has the database, taking intoconsideration the demands other applications may make for memory.

c. Configure the service name for the instance for remote JDBC driver access.For example, enter the following:db2 update dbm cfg using svcename

where is a value such as DB2_db2inst1.d. Ensure the appropriate service name is added to following file:

v UNIX: /etc/servicesv Windows: %SYSTEMROOT%\system32\drivers\etc\services

For example, enter the following:db2 get dbm cfg

Values can be similar to the following:v DB2_db2inst1: 50000/tcp


v DB2_db2inst1i: 50001/tcp

You are required to enter the port number that corresponds to the servicename.

e. Enter the following command to confirm the connection. If the connection issuccessful, database connection information will be returned:db2 connect to itimdb

f. Create the bufferpool:db2 create bufferpool enrolebp size -1 pagesize 32k

2. Ensure that the Repeatable Read attribute is turned on with the settingDB2_RR_TO_RS=YES. Do the following:a. Type the following:

db2set -all

b. Examine the response to ensure that DB2_RR_TO_RS=YES is present.c. If the entry is not found, type the following to set the value to YES:

db2set DB2_RR_TO_RS=YES

d. Retype the following to verify the setting now exists:db2set -all

3. Restart IBM DB2.db2stop# (Note: Do a "db2 force application all" if entering db2stop fails)db2start

Create a User Named enrole on the IBM DB2 ServerOn the IBM DB2 server, create a user named enrole. Do the following:v On AIX, do the following as root:

1. Start the System Management tool using smit or smitty.2. Select Security & Users –> Users –> Add a User.3. In the User Name field, type enrole.4. Press Enter to create the user and return to the Users screen.5. Select Change a User’s Password.6. At the prompt for the User’s Name, type a value that you define such as

enrole. You have now assigned the enrole user ID with a password of enrole.7. At the prompt to change the user’s password, type the password that you

defined earlier for the database user.8. Exit the System Management tool.9. Test the user access. Telnet to the computer on which the IBM DB2 server is

running. Ensure you can log on with the new user ID without encounteringa password reset.

v On Solaris, do the following as root:1. Start the admintool.2. Click Browse –> Users from the task bar.3. Click Edit –> Add.4. On the Add User dialog, type enrole in the User Name field. On the

Password Select menu, select Normal Password.5. On the Set User Password dialog, enter the password and verify. Click OK.6. Set the path in the Home Directory field to a path such as

/export/home/enrole. Click OK.7. Click File –> Exit from the task bar to exit.

Chapter 3. Database Configuration 13

8. Test the user access. Telnet to the computer on which the IBM DB2 server isrunning. Ensure that you can log on with the new user ID withoutencountering a password reset.

v On Windows 2000, do the following as Administrator:1. Access the Computer Management tool by clicking Start –> Settings –>

Control Panel –> Administrative Tools –> Computer Management.2. Click Local Users and Groups –> Users.

Note: The enrole user does not need to be added to any group.3. Select Action –> New User.4. In the username field, type enrole.5. In the password field, type a password for the database user.6. Clear the User must change password at next login option.7. Check the Password never expires check box.8. Click Create.

Create a User Named enrole on each Computer in the ClusterOn each computer that will be part of the Tivoli Identity Manager cluster, create auser named enrole. No special privileges are required for this user. Ensure that apassword change is not required at the next logon and that the password neverexpires.

Configuring the IBM DB2 JDBC DriverIBM DB2 requires a type 2 Java Database Connectivity driver (JDBC driver) as thedatabase client. The JDBC driver is used to connect a Java-based application to anIBM DB2 database that is running on either the same machine or a remotemachine. In a clustered deployment of Tivoli Identity Manager, the JDBC driverenables all the Tivoli Identity Manager servers to communicate with the datasource and share information. For more information, refer to IBM DB2documentation.

Notes:

1. The JDBC driver that IBM DB2 product installs is called the IBM DB2 runtimeclient.

2. To ensure that database connections are correctly released on Intel platforms,use TCP sockets. Do not use named pipes as the connection method on theIBM DB2 client. The named pipes method has a limit of the number ofconnections that cause Tivoli Identity Manager database errors.

Assuming that IBM DB2 is not installed on the target computer, you must installand configure the JDBC driver and required fix pack on the following targets. Formore information, see Appendix B, “Software and Hardware Requirements onUNIX”, on page 93.v The computer that has the Network Deployment Managerv Each cluster member on which you expect to install Tivoli Identity Manager

Serverv On the computer that has a single-server installation, where IBM DB2 is remote.

On each target, do the following:1. Install and configure the JDBC driver and the required fix pack.


Notes:

a. AIX only: If the JDBC driver is on AIX, ensure that you also set theenvironment variable EXTSHM to ON.Before starting the WebSphere Application Server on AIX, enter thefollowing in a client session:export EXTSHM=ON

b. You can add export EXTSHM=ON to the IBM DB2 profile. When the profile issourced, the environment variable will be set.

2. Ensure that you have sourced the IBM DB2 profile with a validdb2InstanceHome directory. The default is:v AIX: /home/db2inst1v Solaris: /export/home/db2inst1

To source the profile, enter the following command in an IBM DB2 commandwindow:. /db2InstanceHome/sqllib/db2profile

To verify that you successfully sourced the IBM DB2 profile, enter thefollowing:set | grep db2

The resulting display is similar to the following:CLASSPATH=/home/db2inst1...DB2DIR=/usr/lpp/db2_07_01DB2INSTANCE=db2inst1

3. Catalog the database by taking the following steps:a. Open an IBM DB2 command window.

Enter su - where is the IBM DB2instance owner such as db2inst1.

b. In the command window on the client, execute this command on one line:db2 catalog tcpip node db2node_hostname remote db2server_hostnameserver service-name|portnumber

where:

node db2node_hostnameA local alias for the node to be cataloged. It is the host name of thecomputer on which the database resides. This user-defined valuerepresents the internal IBM DB2 node name.

remote db2server_hostnameHost name of the node on which IBM DB2 resides. The host nameis the name of the node that is known to the TCP/IP network. Forexample, the name is db2server2host.

server service-name|portnumberSpecifies the service name or the port number of the server databasemanager instance. The default value of the IBM DB2 port number is50000. Locate the current port number in the /etc/services file onthe computer on which the IBM DB2 server resides. The portnumber on the client and the server must match. If a port number isspecified, no service name needs to be specified in the local TCP/IPservices file.

c. Enter the following command to catalog the database:


db2 catalog database itimdb as itimdb at node db2node_hostname

4. To test that cataloging was successful, enter the following:db2 connect to itimdb

Configuring IBM DB2 Version 7.1 and 7.2 for a JDBC Type 2Driver

Note: IBM DB2 Fix Pack 3 will migrate IBM DB2 Version 7.1 to Version 7.2. Formore information on the currently required fix pack, refer to Appendix B,“Software and Hardware Requirements on UNIX”, on page 93.

For IBM DB2 version 7.1 and version 7.2, you must manually configure the JDBCtype 2 driver. Do the following on the IBM DB2 server:1. Ensure that you are logged on as the IBM DB2 Administrator.2. Configure IBM DB2 to use the JDBC type 2 driver, as follows:

a. Enter su - where is the IBM DB2 instance owner.

b. Stop all IBM DB2 services by entering the following:db2 force applications alldb2stopdb2admin stop

c. Bring up a Windows command prompt and run . //java12/usejdbc2

where is replaced by the directory into whichyou installed IBM DB2.

Note: Ensure that you invoke the usejdbc2 command using the ″. ″ (aleading dot followed by a space) specification so that theCLASSPATH environment variable change affects the current shell. Itis an error to omit the required ″. ″ (a dot followed by a space) whenyou invoke the usejdbc2 command.

For example, on AIX, enter:. /usr/lpp/db2_07_01/java12/usejdbc2

Also verify that the following is in the CLASSPATH on UNIX:/home/db2inst1/sqllib/java12/db2java.zip

d. Enter the following:su - db2startdb2admin start

3. Examine the CLASSPATH environment variable to ensure the type 2 driver isin use.

Sourcing the IBM DB2 Profile on Each Cluster MemberComputer

On AIX and Solaris, you must source the IBM DB2 profile on each cluster membercomputer to ensure that Tivoli Identity Manager can communicate with thedatabase.

On each cluster member computer, do the following:


1. Add the following line to the root user’s .profile. This ensures that each timethe node starts, the IBM DB2 profile is automatically sourced. For example, ifyour default login shell is ksh, enter the following:. /sqllib/db2profile

Note: This step depends on your default login shell. Use the appropriatesequence for your shell.

2. Either log out and log in, or start a new command shell.3. Ensure that the environment variable DB2INSTANCE is defined. To do so,

enter the following:echo $DB2INSTANCE

4. Restart the node agent.

Example: Expanding Values for DB2An example of setting larger values for IBM DB2 is the following:db2 update database configuration for itimdb using dbheap 1200db2 update database configuration for itimdb using applheapsz 2048db2 update database configuration for itimdb using maxappls 60db2 update database configuration for itimdb using app_ctl_heap_sz 1024db2 alter bufferpool ibmdefaultbp size 14750db2 alter bufferpool enrolebp size 13240

If the value of applheapsz is too small, out of memory errors might occur when alarge number of users are loaded. For example, a log file might contain thestatement:Not enough storage available for processing the sql statements.

To provide additional storage space, change the IBM DB2 application heap size toa larger value.su - db2inst1db2 force applications alldb2stopdb2 terminatedb2 update db cfg for itimdb using applheapsz 2048db2start

Note: On Windows, open a db2cmd window to enter the commands.

Oracle Installation and Configuration for Tivoli Identity ManagerThis section describes pre-installation procedures and post-installationconfiguration steps for an installation of Oracle within a framework of TivoliIdentity Manager.

In all cases, refer to the Oracle 8i Installation Guide for complete information.

Note: When you install Oracle, you must include the JServer option as part of theinstall. If you choose a typical Oracle install, JServer is included. If youchoose to perform a custom Oracle install, ensure that JServer is selected asan option for installation.

Preparing to Install Oracle on AIXComplete the following procedures prior to installing Oracle on an AIX system:1. Log in to the AIX system as root.


2. Ensure that the AIX system has the following filesets installed:v bos.adt.basev bos.adt.libmThe Oracle product installation links with local libraries to create Oracleexecutables. Without the filesets, the links will fail and Oracle will not installor run correctly. You can install these filesets from the AIX developer’s toolkitCD.

3. Verify that your system meets or exceeds the free disk space requirements forthe following directories:v /usr: 3 GBv /var: 300 MBv /tmp: 2 GBFor AIX, the default Oracle installation directory is /usr.

Notes:

a. To determine disk space availability, enter the following command:df - Ivk

Output values are in units of 1024 bytes.b. To change the size of /usr or /var directories using SMIT or SMITTY,

navigate the following windows: System Storage Management –> FileSystems –> Add/Change/Show/Delete File Systems –> Journaled FileSystems –> Change/Show Characteristics of a Journaled File System–>/usr –> SIZE of file system (in 512–byte blocks).

4. Create a CD-ROM filesystem, if not already present, using the SMITTY utility:a. Type $ mkdir /cdrom from the console or command line.b. Type $ smitty crcdrfs from the console or command line.

The following menu appears:

Add a CDROM File System

Type or select values in entry fields.Press Enter AFTER making all desired changes.

[Entry Fields]* DEVICE name +* MOUNT POINT []

Mount AUTOMATICALLY at system restart? no +

c. Select a CD-ROM drive by pressing F4, selecting a drive, and pressingEnter.

d. Hit Enter again to create the filesystem. Exit SMITTY with F10 when thecreation command completes.

e. Mount the cdrom directory with the following command:mount /cdrom

5. Create mount points to use with Oracle databases:$ mkdir /u01$ mkdir /u02

6. Set permissions for the mount points to allow the Oracle user account to writeto them during the installation:$ chmod 777 /u01$ chmod 777 /u02

7. Use SMIT to create two groups; a user group named dba and a user groupnamed oper.


8. Use SMIT to create a new user called oracle. Complete the following steps forthe new user account.a. Set the Primary GROUP of the account to the dba group you created.b. Set the HOME directory of the account to /home/oracle.c. Set the login shell (Initial PROGRAM) to /bin/sh.

The Oracle account will run the installer. This account must be used only forinstalling and maintaining Oracle.

9. Check that a file path of /usr/lbin exists and is included in the PATH for theOracle user account. This path can be set by editing /home/oracle/.profile.

10. Create the oratab file by executing the oratab.sh script located in the orainstdirectory of the CD.$ ./oratab.sh

11. Sign on to the system as the oracle user:$ su - oracle

12. View the umask settings for the oracle account.$ umask

The umask should be set to 022. If the account’s umask is not set to 022, set itwith the following command:$ umask 022

13. Edit .profile and add the following environment variable settings:ORACLE_BASE=/u01/app/oracle; export ORACLE_BASEORACLE_HOME=$ORACLE_BASE/product/8.1.7; export ORACLE_HOMELIBPATH=$ORACLE_HOME/lib; export LIBPATHLD_LIBRARY_PATH=$ORACLE_HOME/lib:$ORACLE_HOME/network/lib; export LD_LIBRARY_PATHORACLE_SID=or1; export ORACLE_SIDORACLE_TERM=vt100; export ORACLE_TERM

Make sure that the oracle user’s PATH includes $ORACLE_HOME/bin, /bin and/usr/bin. If it does not, add them to .profile.

14. Source the profile using the following command:$ . ./.profile

15. Run rootpre.sh to ready the machine for install from /cdrom:$ ./rootpre.sh

You are now ready to begin the Oracle installation.

Preparing to Install Oracle on SolarisComplete the following procedures prior to installing Oracle on a Solaris system:1. Log in to the Solaris system as root.2. Ensure that the kernel parameters set for the system meet or exceed values

required for the installation. Refer to the Oracle 8i Installation Guide for moreinformation.

3. Create mount points to use with Oracle databases:$ mkdir /u01$ mkdir /u02

4. Start the admintool utility from a console, using the following command:# admintool

5. In the Admintool window, click Browse –> Groups. The Admintool:Groupswindow opens.

6. In the Admintool:Groups window, click Edit –> Add. The Admintool:AddGroup window opens.


7. Create two groups; a user group named dba and a user group named oinstall.8. In the Admintool:Groups window, click Browse –> Users. The

Admintool:Users window opens.9. Use admintool to create a new user called oracle. Complete the following

steps for the new user account.a. Set the Primary Group of the account to the oinstall group you created.b. Set the Secondary Group of the account to the dba group you created.c. Ensure that the radio button beside the Create Home Directory field is

selected. In the Path field, enter /export/home/oracle as the homedirectory for the user oracle.

d. Set the Login Shell to /bin/sh.

The Oracle installer must be run under this account. This account will be usedonly for installing and maintaining Oracle.

10. Sign on to the system as the oracle user:# su - oracle

View the umask settings for the oracle account.$ umask

The umask should be set to 022. If the account’s umask is not set to 022, set itwith the following command:$ umask 022

Also modify .profile to reflect the change.11. Add the following to /export/home/oracle/.profile for the oracle account:

ORACLE_BASE=/u01/app/oracle; export ORACLE_BASEORACLE_HOME=$ORACLE_BASE/product/8.1.7; export ORACLE_HOMEORACLE_SID=or1; export ORACLE_SIDORACLE_DOC=$ORACLE_HOME/doc; export ORACLE_DOCORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data; export ORA_NLS33PATH=$ORACLE_HOME/bin:/usr/bin:/usr/local/bin:/usr/ccs/bin:/usr/ucb:/usr/openwin/bin:.

If you require /usr/ucb in your search path make sure it is listed after/usr/ccs/bin in the PATH setting.

12. Source the profile using the following command:$ . ./.profile

You are now ready to begin the Oracle installation. Refer to the appropriate Oracledocumentation and install the software. After a successful installation, return to theconfiguration instructions contained in this section.

Preparing to Install Oracle on WindowsComplete the following procedures prior to installing Oracle on a Windowssystem:1. Verify that your system meets or exceeds the system requirements listed in the

Oracle 8i Installation Guide for the type of installation you intend to perform.2. Log in to the Windows system with the Administrator account that you will

use for the installation.

You are now ready to begin the Oracle installation.


Configuring Oracle after InstallationThere are several post-installation tasks that must be completed to configure Oraclefor use in a Tivoli Identity Manager framework.1. Verify that the following line exists in the init.ora file:

compatible=8.1.0

2. Create a database for use with Tivoli Identity Manager.The following is a sample SQL script that can be used to create your database.The values in the script should be changed to match your site’s requirements.-- Create databaseCREATE DATABASE sample

CONTROLFILE REUSELOGFILE ’/u01/oracle/sample/redo01.log’ SIZE 1M REUSE,

’/u01/oracle/sample/redo02.log’ SIZE 1M REUSE,’/u01/oracle/sample/redo03.log’ SIZE 1M REUSE,’/u01/oracle/sample/redo04.log’ SIZE 1M REUSE

DATAFILE ’/u01/oracle/sample/system01.dbf’ SIZE 10M REUSEAUTOEXTEND ONNEXT 10M MAXSIZE 200M

CHARACTER SET UTF8;

-- Create another (temporary) system tablespaceCREATE ROLLBACK SEGMENT rb_temp STORAGE (INITIAL 100 k NEXT 250 k);

-- Alter temporary system tablespace online before proceedingALTER ROLLBACK SEGMENT rb_temp ONLINE;

-- Create additional tablespaces ...-- RBS: For rollback segments-- USERs: Create user sets this as the default tablespace-- TEMP: Create user sets this as the temporary tablespaceCREATE TABLESPACE rbs

DATAFILE ’/u01/oracle/sample/sample.dbf’ SIZE 5M REUSE AUTOEXTEND ONNEXT 5M MAXSIZE 150M;

CREATE TABLESPACE usersDATAFILE ’/u01/oracle/sample/users01.dbf’ SIZE 3M REUSE AUTOEXTEND ONNEXT 5M MAXSIZE 150M;

CREATE TABLESPACE tempDATAFILE ’/u01/oracle/sample/temp01.dbf’ SIZE 2M REUSE AUTOEXTEND ONNEXT 5M MAXSIZE 150M;

-- Create rollback segments.CREATE ROLLBACK SEGMENT rb1 STORAGE(INITIAL 50K NEXT 250K)tablespace rbs;

CREATE ROLLBACK SEGMENT rb2 STORAGE(INITIAL 50K NEXT 250K)tablespace rbs;



-- Bring new rollback segments online and drop the temporary system oneALTER ROLLBACK SEGMENT rb1 ONLINE;ALTER ROLLBACK SEGMENT rb2 ONLINE;ALTER ROLLBACK SEGMENT rb3 ONLINE;ALTER ROLLBACK SEGMENT rb4 ONLINE;

ALTER ROLLBACK SEGMENT rb_temp OFFLINE;DROP ROLLBACK SEGMENT rb_temp ;

3. Increase the value for Oracle connections from the default of 50 to a value of150 by editing the PROCESSES parameter of the $ORACLE_HOME/dbs/init.orafile.

Note: Oracle connection requirements will vary greatly between enterprises. Setyour connection value to a value appropriate for your environment.

4. Increase the Oracle tablespace from the default to the maximum amountavailable using the alter sql command.SQL> alter database datafile ’\ENROLE1_DATA_001.DBF’ resize 500mSQL> alter database datafile ’\ENROLE1_IDX_001.DBF’resize 500m


5. Start Oracle:# su - oracle# svrmgrl> connect internal> startup> quit

6. Start the Oracle listener service:# su - oracle# Insrctl start


Chapter 4. Directory Server Configuration

This chapter describes configuring the directory server. The steps assume that youpreviously installed the directory server and are ready to configure the directoryserver for Tivoli Identity Manager use.

Notes:

1. IBM Directory Server Version 5.1 can install an instance of IBM DB2. Ensurethat you do not install two instances of IBM DB2. For more information, referto documentation for IBM Directory Server athttp://www.ibm.com/software/network/directory. For more information onsupported directory servers, see Appendix B, “Software and HardwareRequirements on UNIX”, on page 93.

2. If IBM Directory Server Version 5.1 was previously installed, there may be anunregistered instance of WebSphere – Express, causing potential port conflicts.For more information, see “Using Version 5.1 and WebSphere ApplicationServer on the Same Computer” on page 27.

Choose one of the following:v “IBM Directory Server Configuration”v “Sun ONE Directory Server Configuration” on page 28

IBM Directory Server ConfigurationThis section describes configuring the IBM Directory Server.

The following steps refer to these variables:

dirserver_installdirDirectory in which you installed IBM Directory Server. For example:v AIX: /usr/ldap/v Solaris:

– IBM Directory Server Version 4.1: /opt/IBMldapc/– IBM Directory Server Version 5.1: /opt/ldap/

v Windows: c:\Program Files\IBM\ldapcd_installdir

Directory on the CD. To locate the correct CD for your environment, seethe CD1 description in Appendix A, “Compact Discs”, on page 87.

versionspecific_slapd

v IBM Directory Server Version 4.1 uses slapd as the command, andslapd32.conf as the file.

v IBM Directory Server Version 5.1 uses ibmslapd as the command, andibmslapd.conf as the file.

my_suffixAny value that you define for the Tivoli Identity Manager suffix, such ascom.

To configure the IBM Directory Server, do the following:1. “Specify the Suffix for Tivoli Identity Manager” on page 24


http://www.ibm.com/software/network/directory

2. “Configure the Referential Integrity Plug-in for Tivoli Identity Manager”3. “Restart the Directory Server” on page 254. “Create the LDAP Suffix Object” on page 26

Specify the Suffix for Tivoli Identity ManagerTo specify the suffix for Tivoli Identity Manager, log on to the IBM DirectoryServer system and perform the following steps:1. Stop the IBM Directory Server before editing the versionspecific_slapd.conf file.

The IBM Directory Server reads that file during initialization and replaces thefile when IBM Directory Server terminates.

2. Edit the following file:v UNIX: /etc/versionspecific_slapd.confv Windows: \etc\versionspecific_slapd.conf

3. Locate the line that reads: ibm-slapdSuffix: cn=localhost4. Add a line below it that reads: ibm-slapdSuffix: dc=my_suffix

where my_suffix is a value for the suffix that you define for Tivoli IdentityManager.

5. For the next step in the configuration, see “Configure the Referential IntegrityPlug-in for Tivoli Identity Manager”.

Configure the Referential Integrity Plug-in for Tivoli IdentityManager

You can configure the referential integrity plug-in before or after you install TivoliIdentity Manager.

To find the files appropriate for your environment, search CD 2 described inAppendix A, “Compact Discs”, on page 87. Locate the following directory:v AIX: DelRef/aix/v SUN: DelRef/sun/v Windows: DelRef\nt\

Locate the appropriate file:v libdelref

Referential integrity plug-in library file for Tivoli Identity Managerv timdelref

Tivoli Identity Manager configuration file

Note: On UNIX, be sure that the file permission on the plug-in library file(libdelref) is set to -r-xr-xr-x.

To configure the referential integrity plug-in, do the following:1. Copy the following plug-in library file for Tivoli Identity Manager from CD 2:

v AIX: libdelref.av Solaris: libdelref.sov Windows: libdelref.dll

to the following directory server directory:v UNIX: /lib


v Windows: \bin2. Copy the Tivoli Identity Manager configuration file named timdelref.conf

from the appropriate CD directory to the following directory server directory:v UNIX: /etcv Windows: \etc

3. Modify the following directory server file:v UNIX: /etc/versionspecific_slapd.confv Windows: \etc\versionspecific_slapd.conf

Follow these steps:a. Search for this line in the file:

ibm-slapdPlugin: database path_to_rdbmfilename rdbm_backend_init

where path_to_rdbmfilename has the value:v AIX: /lib/libback-rdbm.av Solaris: /lib/libback-rdbm.sov Windows: /bin/libback-rdbm.dll

b. Add the following on one line immediately below the previous line:v AIX:

ibm-slapdPlugin: preoperation/lib/libdelref.a DeleteReferenceInitfile=/etc/timdelref.conf dn=dc=my_suffix

v Solaris:ibm-slapdPlugin: preoperation/lib/libdelref.so DeleteReferenceInitfile=/etc/timdelref.conf dn=dc=my_suffix

v Windows:ibm-slapdPlugin: preoperation "/bin/libdelref.dll"DeleteReferenceInit file="\etc\timdelref.conf"dn=dc=my_suffix

Note: To specify the path to the timdelref.dll and the timdelref.conffiles on Windows, ensure that you enclose the value in doublequote marks. Additionally, specify the path to the timdelref.dllfile with a forward slash.

4. Restart the directory server. For more information, see “Restart the DirectoryServer”.

Restart the Directory ServerTo stop and restart the IBM Directory Server, do the following:v Windows: Enter the following commands:

net stop "IBM Directory Server version"net start "IBM Directory Server version"

where version is one of the following IBM Directory Server versions:– V4.1– V5.1

Alternatively, do the following:1. Click Start –> Settings –> Control Panel –> Administrative Tools –>

Services.

Chapter 4. Directory Server Configuration 25

2. Right-click ″IBM Directory Server version″.3. On the pop-up menu, click Stop and then click Start.4. Determine if the referential integrity plug-in is reconfigured. Examine the file

for a message similar to the following:Plugin of type PREOPERATION is successfully loadedfrom c:/Program Files/IBM/ldap/bin/libdelref.dll

v UNIX:1. Enter the following:

ps -ef | grep versionspecific_slapd

2. Note the process ID (PID) number returned in the results of the previouscommand.

3. Enter the following to end the process: kill where is replaced by the PID value that was returned earlier.

4. Ensure that the process has ended by repeating the ps -ef | grepversionspecific_slapd command until the process is not listed in the resultsof the command.

5. Restart the directory server to ensure that the new settings take effect. Enterthe following command:versionspecific_slapd

6. Determine if the referential integrity plug-in is reconfigured. Examine thedirserver_installdir/var/ldap/versionspecific_slapd.log file for amessage similar to the following:Plugin of type PREOPERATION is successfully loadedfrom /usr/ldap/lib/libdelref.a

Create the LDAP Suffix ObjectYou must specify the suffix and restart the directory server before you create theLDAP suffix object for Tivoli Identity Manager.

To create the LDAP suffix object, do one of the following:v Command line: Create an LDIF file such as suffix.ldif that is similar to the

following:dn: dc=my_suffixdc: my_suffixobjectclass: topobjectclass: domain

Use the ldapadd command to add the suffix. For example, enter the followingon one line:/bin/ldapadd -i -D -w

v LDAP administrative console: Create the suffix object with the value ofobjectClass set to domain. Use one of the following:– IBM Directory Server version 4.1: Directory Management tool– IBM Directory Server version 5.1: Administration console

For example, use the IBM Directory Server version 5.1 Web administrationconsole as follows:1. Click Directory Management –> Add an Entry.2. Select domain as the Structural Object Class. Click Next.3. Do not add Auxiliary Object Classes. Click Next.


4. For Relative DN, add dc=my_suffix.5. For Required Attributes, add my_suffix.6. Click Finish.7. Click Directory Management –> Manage Entries.

The suffix dc=my_suffix should be listed with an object class of domain.

Using Version 5.1 and WebSphere Application Server on the SameComputer

If IBM Directory Server version 5.1 previously exists, its installation might haveincluded WebSphere – Express, which might not be registered on the target system.

If you use Tivoli Identity Manager to install WebSphere Application Server on thesame computer, the installation does not detect the instance of WebSphere –Express. WebSphere – Express and WebSphere Application Server will compete forthe same set of ports. Before installing Tivoli Identity Manager and WebSphereApplication Server, you must eliminate any potential port conflicts with WebSphere– Express.

The WebSphere Application Server uses the following default port settings:v HTTP Transport (port 1): 9080v HTTP Transport (SSL, port 2): 9443v HTTP Transport (port 3): 9090v HTTP Transport (port 4): 9043v Bootstrap/rmi port: 2809v Simple Object Access Protocol (SOAP) connector port: 8880

Use a text editor to change each default port that WebSphere – Express uses to anunused port. For example, do the following:v Modify each of the HTTP Transport port numbers in the following files:

dirserver_installdir\appsrv\config\cells\DefaultNode\nodes\DefaultNode\servers\server1\server.xmldirserver_installdir\appsrv\config\cells\DefaultNode\virtualhosts.xml

Replace the following HTTP Transport port numbers with unused port numbers:– 9080– 9443– 9090– 9043

v Bootstrap/rmi port: 2809Locate the line containing the port number 2809 and replace it with an unusedport number. The line is in the following file:dirserver_installdir\appsrv\config\cells\DefaultNode\nodes\DefaultNode\serverindex.xml

v SOAP connector port: 8880Locate the line containing the port number 8880 and replace it with an unusedport number. The line is in the following file:dirserver_installdir\appsrv\config\cells\DefaultNode\nodes\DefaultNode\serverindex.xml


Sun ONE Directory Server Configuration

Note: In the following statements, my_suffix is any value for the suffix that youdefine for Tivoli Identity Manager, such as com.

To configure the Sun ONE Directory Server, do the following:1. Start the iPlanet Console.

The iPlanet Console login dialog window appears.2. Verify the port number in the Administration URL, type in your password,

and click OK.3. Go to your Directory Server in the console tree and click Open.4. Select the Configuration tab.5. Right-click Data in the directory server tree on the Configuration tab, and

click New Root Suffix.The Create new root suffix dialog window appears.

6. Type dc=my_suffix in the New suffix text field on the Create new root suffixdialog window.

7. Type the desired database name in the Database name text field.For example, type the following:itimdb

8. Select the Create associated database automatically check box if it is notselected and click OK.The Confirmation Needed dialog window appears.

9. On the Confirmation Needed dialog window, click Yes.The Directory Server console reappears.

10. Select the Directory tab.11. Right-click the name of the directory server in the directory server tree.

A pop-up menu appears.12. Select dc=my_suffix under New Root Object in the pop-up menu.

The New Object dialog window appears.13. Select domain and click OK.

The Property Editor dialog window for dc=my_suffix appears.14. Click OK in the Property Editor dialog window.

The Directory Server console reappears.15. Select the Tasks tab and click Restart the Directory Server.

The Sun ONE Directory Server is now set up.16. Increase the memory cache available for the Tivoli Identity Manager Server by

completing the following procedures:a. Open the directory server console and click the Configuration tab.b. Expand the Data node in the directory tree and click the Database

Settings tab.c. Click the LDBM Plug-in Settings tab.d. Set the Maximum Cache Size setting to an appropriate value based on

your hardware’s physical memory.If Sun ONE Directory Server is installed on its own machine, it isrecommended that this value be set to 75% of the system’s availablememory.


e. Click Save.f. Expand the Tivoli Identity Manager application node.

For example, this could be dc=com.g. Select the database object in the Tivoli Identity Manager application node

and click the Database Settings tab.h. Set the ″Memory available for cache″ setting to an appropriate value based

on your hardware’s physical memory.If Tivoli Identity Manager is the only application using this directory, it isrecommended that this value be set to 60% of the ″Maximum Cache Size″set on the LDBM Plug-in Settings tab.

i. Click Save.j. Click the Tasks tab and restart the directory server.


Chapter 5. Single-server Installation: Tivoli Identity ManagerServer

This chapter describes tasks that install and configure the Tivoli Identity ManagerServer in a single-server configuration.

On a computer on which WebSphere Application Server base is not previouslyinstalled, the single-server installation process will automatically install thefollowing applications and fix packs based on the following conditions:v WebSphere Application Server base

WebSphere Application Server, Fix Pack 2, and the APARS listed in Appendix B,“Software and Hardware Requirements on UNIX”, on page 93 are automaticallyinstalled if any of the following do not exist on the target system:– WebSphere Application Server Version 5.0 or lower– WebSphere Application Server Network Deployment

v IBM HTTP ServerIBM HTTP Server is installed if IBM HTTP Server does not exist, or if a versionlower than 1.3.26 exists.

v WebSphere embedded messaging supportv Tivoli Identity Manager Server

Note: If WebSphere Application Server 5.0 is already installed, the Tivoli IdentityManager installs only Tivoli Identity Manager Server.

For specific application versions and fix packs, see Appendix B, “Software andHardware Requirements on UNIX”, on page 93.

Installation tasks include the following:v “Before You Begin”v “Installing Tivoli Identity Manager Server” on page 38

Before You BeginBefore you begin, do the following:v If IBM DB2 is the database, source the DB2 profile with a valid db2InstanceHome

directory. For more information, see “Configuring the IBM DB2 JDBC Driver” onpage 14.

v Ensure that the following Tivoli Identity Manager prerequisites are running:Table 1. Prerequisite applications

Prerequisite For more information, see

Database Chapter 3, “Database Configuration”, on page 11

Directory server Chapter 4, “Directory Server Configuration”, on page 23

v Ensure free disk space, virtual memory, and other space requirements are met.For more information, see Appendix B, “Software and Hardware Requirementson UNIX”, on page 93.


v If the Tivoli Identity Manager installation process installs the WebSphereApplication Server, the target system must meet the requirements described inAppendix B, “Software and Hardware Requirements on UNIX”, on page 93 andalso in Appendix C, “Preparing the WebSphere Environment”, on page 97. Foradditional information on WebSphere requirements, refer to documentationprovided by WebSphere Application Server.

v Ensure you have the correct administrative authority. If not, obtain the authorityand restart the system to activate the proper authorization.

v If WebSphere Application Server was previously installed and WebSphere GlobalSecurity is already turned on, complete the necessary manual steps afterinstalling Tivoli Identity Manager. For more information on thosepost-installation steps, see “Manual Steps on Single-node Deployments AfterInstalling Tivoli Identity Manager” on page 108. For more information on GlobalSecurity, refer to documentation provided by WebSphere Application Server.

v Determine whether instances of the following currently exist on the targetcomputer and take the necessary corrective actions:– Do WebSphere Application Server base and Fix Pack 2 already exist?

Notes:

1. You must apply the fix pack and interim fix requirements described inAppendix B, “Software and Hardware Requirements on UNIX”, onpage 93 either before or after installing Tivoli Identity Manager.

2. The installer will detect the existence of the WebSphere Application Server5.0 and also Fix Pack 2. If WebSphere Application Server 5.0 exists but FixPack 2 does not exist, installation will prompt a warning message, but willnot install the Fix Pack 2. Installation will also detect the WebSphereApplication Server Network Deployment Fix Pack 2. For moreinformation, see Appendix B, “Software and Hardware Requirements onUNIX”, on page 93.

– Does WebSphere embedded messaging support already exist? If WebSphereApplication Server already exists on the target system, the installation processdoes not check whether WebSphere embedded messaging support also exists.In this case, if WebSphere embedded messaging support does not exist, runthe WebSphere Application Server installation program again to installWebSphere embedded messaging support. If WebSphere Fix Pack 2 has beenapplied to WebSphere Application Server base, you must run the same FixPack to apply patches for the WebSphere embedded messaging support.

v Verify that the WebSphere Application Server transaction service settings arelarge enough to handle Tivoli Identity Manager loads for your businessprocesses. See “Configuring WebSphere Application Server Transaction ServiceSettings” on page 104 for detailed information on modifying these settings. Ifyou do not modify the settings to handle your business process loads, requestscan time out before completing.

v Ensure you have resolved any port problems, if you have more than one versionof WebSphere Application Server installed on the computer. For moreinformation, see “Resolving Port Problems” on page 33.

v On the computer on which Tivoli Identity Manager will be installed, set theappropriate value for your locale to ensure the language format is recognized.

Note: In Japanese, ensure that the encoding method Shift-JIS is supported.License information may not be viewable if these values are not set. Setthe following value for the locale environment variable:– Solaris: LC_ALL=ja_JP.PKC


– AIX: LC_ALL=Ja_JPv Ensure that the WebSphere Application Server Fix Pack 2 is also applied on the

computer on which the Web server is installed. Stop the Web Server beforeinstalling the fix pack.

Note: There may be several WebSphere Web plug-ins in the configuration,including a WebSphere Web Server plug-in on the computer that hasWebSphere Application Server Network Deployment.

v Complete the information worksheet for your configuration.

Resolving Port ProblemsThe following port problems may occur:v Before installing Tivoli Identity Manager, ensure the same SOAP port for

WebSphere 5.0 is defined at the following locations:– com.ibm.ws.scripting.port in the following file:

{WAS_HOME}/properties/wsadmin.properties

– Port under SOAP_CONNECTOR_ADDRESS of server1 in the following file:{WAS_HOME}/config/cells//nodes//serverindex.xml

If the values are different, correct the port number as follows:1. Open the wsadmin.properties file.2. Change the value of com.ibm.ws.scripting.port to the value you find in the

serverindex.xml file.

Note: If installation failed because the SOAP port number was incorrect, correctthe port specification and rerun the {ITIM_HOME}/bin/runConfig installcommand.

v After installation completes, the Tivoli Identity Manager logon process will fail ifvirtual host port values are different than the values that Tivoli Identity Managerrequires.Tivoli Identity Manager requires virtual host port values of 80 and 9443. Port9443 is used if secure communication is enabled.Installing one instance of a WebSphere server on a computer will specify thecorrect values for the virtual host port numbers that Tivoli Identity Managerexpects to use.However, installing a second instance of a WebSphere server such as NetworkDeployment Manager on the same computer will automatically advance the portnumbers specified for the Network Deployment Manager. For example, thevirtual host port numbers advance from 80 to 81, and from 9443 to 9444. Youmust reconfigure the port numbers to be the numbers that Tivoli IdentityManager requires.To correct the virtual host port numbers, access the WebSphere administrativeconsole and do the following:1. Click Environment –> Virtual Hosts –> Default Host –> Host Aliases.2. Change the virtual host port values to 80 and to 9443.3. Save the configuration to the master repository, selecting Synch Changes

with Nodes.4. Click Update Web Server Plugin and click OK.5. Restart the cluster.

Chapter 5. Single-server Installation: Tivoli Identity Manager Server 33

Information Worksheet for Single-Server InstallationCollect the following information before you begin the installation:

Database InformationCollect the following information for the relational database management system:

Admin ID ______________________________

The Administrator User ID (the db2InstanceName as database instanceowner) that you created when installing the database. For example, thedefault for IBM DB2 is the following:v UNIX: db2inst1v Windows: db2admin

For more information, see “IBM DB2 Configuration” on page 11.

Admin Password ______________________________

The password for the Administrator user ID.

Database Name ______________________________

Specifies how the Tivoli Identity Manager Server connects to the database.If the database is installed locally, the Database Name is the name of thedatabase. For example, the value of Database Name is itimdb. If thedatabase is installed remotely, the Database Name is the local alias name ofthe remote database. For more information on using the catalog commandto specify the remote database, see “Configuring the IBM DB2 JDBCDriver” on page 14.

Database Type ______________________________

Type of database used for your system. For example, the database is IBMDB2.

Credentials for the database:

Database User

The account that Tivoli Identity Manager Server uses to log in tothe database. The user ID is enrole.

Note: This user ID cannot be changed.

User Password

Password for the account that Tivoli Identity Manager Server usesto log in to the database.

IP Address ______________________________

IP address of the database server. Not required for IBM DB2. Required forOracle and SQL Server 2000.

Port Number ______________________________

Port number of the database server. Not required for IBM DB2. Requiredfor Oracle and SQL Server 2000.

Additionally, the installation process reports the following Database Poolinformation. The database pool information determines the number of JDBC


connections that Tivoli Identity Manager Server can open to the database. For moreinformation, refer to the Tivoli Identity Manager Server Configuration Guide.

Evaluate the following values in relation to your site needs:

Initial CapacityInitial number of JDBC connections that Tivoli Identity Manager Server canopen to the database

Maximum CapacityMaximum number of JDBC connections that Tivoli Identity ManagerServer can open to the database at any one time

Login Delay SecondsTime, in seconds, between connections

Directory Server InformationCollect the following information:

Host name ______________________________

Fully-qualified host name of the directory server. For example,identity1.mylab.mydomain.com.

Identity Manager DN Location ______________________________

The value such as dc=com that you enter in the Location field must matchthe suffix (for example, dc=com) that you created when you configuredLDAP. For more information, see Chapter 4, “Directory ServerConfiguration”, on page 23.

Name of your organization ______________________________

The value that you enter in the Name of Your Organization field will bedisplayed in the organization chart that is displayed on many of the TivoliIdentity Manager graphical user interface screens. This value is typicallythe more formal name of your company. For example,

Documents

IBM Tivoli Identity Manager: Server Installation Guide on UNIX …publib.boulder.ibm.com/.../en_US/PDF/svrins45mst_unix.pdf · 2007. 9. 30. · UNIX server to manage resources from