Data Centers

SolutionBase: Centralize Novell Open Enterprise Server and Windows authentication using Identity Manager 3

The Identity Manager administrative objects are now available in iManager

This gallery is also available as a TechRepublic article.

System requirements

Identity Manager's system requirements can be complex and depend on the degree to which you plan to deploy the service. I will be using a fairly simplistic installation to a single server for my examples. As you might expect, Identity Manager supports installation onto NetWare 6.5 or Open Enterprise Server, but most components also support installation into Red Hat, Solaris, SuSE, and Windows environments as well. While Novell does not provide specific RAM and disk space requirements for the Identity Manager components, I recommend that you not have less than 1GB of RAM in your server and no less than a few gigabytes of disk space available on each system.

You must also have a server running eDirectory 8.7.3 or higher. The web-based administration components require that you be running iManager 2.5 or 2.6.

On the Active Directory side of the house, you need to be running Windows Server 2003 or Windows 2000 SP2 or better and be using at least Internet Explorer 5.5. It's also recommended that your Active Directory domain controller's name be resolvable from the Identity Manager server. You can use the server's IP address alone, but you will lose some key functionality.

Author's Note

I am installing Identity Manager 3 to a single Novell Open Enterprise Server system and, by the end of the article, will have achieved account synchronization between my lab's Active Directory and eDirectory implementations. I'm making the assumption that you're starting from scratch and have no existing Identity Manager objects in your eDirectory tree.

There are a number of ways you can install Identity Manager and the various drivers. In this article, on the Windows server, I'll install the Active Directory Driver Shim along with the Remote Loader and will run the remaining components (Identity Vault, Metadirectory Engine, and the Active Directory driver) on the Open Enterprise Server system.

Terminology

Identity Manager introduces a lot of new terminology that's important to understand in order to be able to affectively administer a system.

  • Identity Vault: The Identity Vault is the central data repository for Identity manager.
  • Metadirectory Engine: Consisting of an eDirectory interface and a synchronization engine, the metadirectory engine watches for events that take place in eDirectory and applies your Identity Manager policies to particular event items.
  • Driver set: The driver set is an eDirectory object that holds your Identity Manager drivers.
  • Driver object: A driver object (just "driver" in much of this article) is software that communicates with a connected system that integrates with the Identity Vault.
  • Driver shim: Written in Java, C, or C , a driver shim is the software that acts as the information conduit between the Identity Vault and the connected system.

There are many more terms, but these are enough to get you through this article.

Installation

To get started installing Identity Manager 3 on a Novell Open Enterprise Server system, insert the Identity Manager CD into your server. If you are installing from an ISO image, this CD is labeled Identity_Manager_3_Linux_NW_Win.iso.

On your server, open a terminal session and change to /linux/setup. Execute the file named dirxml_linux.bin.

Become root so that you can install Identity Manager 3. You must be root to complete the installation. The installation program gives you a lot of status information so that you know it's continuing to run. Press the Enter key as you're prompted to move.

During the installation process, install the metadirectory server. Provide a user name and password for a user that has enough rights to extend the Identity Manager schema.

iManager plug-in installation

To install the Identity Manager iManager plug-ins, run the setup program again. This time, though, choose the Web-based Administrative Server option. When you're done, reboot your system to make sure all of the Identity Manager components load properly.

Using Identity Manager 3

At this point, Identity Manager 3 and the related iManager plus-ins are installed, as evidenced by the screen shown above. To get to iManager, browse to https://{your server name or IP address}/nps and log in with appropriate administrative credentials.

0 comments