Sun ONE logo      Previous      Contents      Index      Next     

Sun ONE Identity Server 6.0 Installation and Configuration Guide

Chapter 4
Installing Identity Server with a
New Directory Server

This chapter provides instructions for a greenfield installation, where there is no existing user data to migrate. These instructions are useful if you are installing Identity Server for evaluation purposes, if or you’re building your user and policy management topology for the first time. These instructions assume that you do not already have Sun ONE Directory Server installed on the target computer system. If you already have Sun ONE Directory Serve installed and provisioned with user data, you must follow the instructions in Chapter 5, "Installing Identity Server Against an Existing Directory Server".

Topics in this chapter include:

Before You Begin

You must resolve the following issues before you start the Installation program.

Setting the Domain Name

Be sure the domain name of the computer system where you will install Identity Server is set.

To Set the Domain Name On UNIX

  1. View your host name setting by running the following command:

    2.   # uname -n

    The short format of the host name is returned.

  2. To set the domain name, do one of the following:
    • If the file /etc/resolv.conf exists, then enter the domain name in the domain configuration entry. Example: domain madisonparc.com
    • If the file /etc/resolv.conf does not exist, then enter the following command:

      •       # domainname domainname

      Example:

            # domainname madisonparc.com

      where madisonparc.com is the domain to which this computer system belongs.

  3. To verify that the host name and domain name are set properly, you can enter the following command:

    4.   # ping hostname.domainname

    If the host name is not returned, contact your network Administrator.

To Set the Domain Name on Windows 2000

  1. On the Windows desktop, right-click My Computer and then click Properties.
  2. In the System Properties window, click Network Identification.
  3. Click Properties.
  4. In the Computer Name field, if there is no name, enter a name for the host.
  5. Click More.
  6. In the Primary DNS Suffix of this computer field, enter the name of the domain to which this computer belongs.

    7. The Primary DNS Suffix combined with the computer name forms the fully-qualified domain name for this computer. Example:

      hostname.MadisonParc.com

Removing Old Instances of Identity Server

Be sure that Identity Server packages or schema are not already installed in another directory on the computer system. To check for an existing packages, you can use the following command:

pkginfo

If packages beginning with SUNWam exist, Identity Server may have been previously installed on the computer system. If possible, uninstall Identity Server using its Uninstallation program. See "Uninstalling Identity Server" and "Uninstalling Identity Server On Windows" of this manual.

If Identity Server was not properly uninstalled, then you should manually remove the Identity Server packages and files now. Follow these steps:

  1. Remove all Identity Server packages.

    2. First find all Identity Server packages installed on the computer system, run the following command:

      pkginfo | grep SUNWam

    Then use the pkgrm command to remove each package identified with either of the following:

    • Sun ONE Identity Server 6.0
    • iPlanet Directory Server Access Management Edition 5.1.

      • Important: There may be other Solaris packages beginning with SUNWam that should not be removed.

  2. Remove the following files located in the directory /var/sadm/install if they exist:
    • productregistry
    • .lockfile
    • .pkg.lock

      • Important: Exercise caution when removing the productregistry file. If you have other Sun ONE products installed which use the Setup SDK Installation program, then do not remove this file.

  3. If the directory /var/sadm/pkg exists, remove all Identity Server packages from it.

To Install Identity Server Services with a New Directory Server

  1. Locate the Identity Server Installation program.

    2. If you’re installing Identity Server schema from the product CD, insert the CD into the drive of the system on which you want to install the software. You’ll find the Installation program in the following directory:

    UNIX

    /cdrom/is_60/solaris

    Windows

    CDdrive\cdrom\is_60\windows

    If you’ve downloaded the compressed product binaries, in a temporary directory, unpack the product binaries file. On UNIX, be sure to use the Solaris tar utility. To unpack the binaries, enter the following command:

    UNIX

    gunzip -dc binaryfile.tar.gz | tar -xvof -

    Windows

    winzip binaryfile.tar.zip

    where binaryfile is the name of the file you have downloaded. You’ll find the Installation program in the directory where you unpacked the product binaries.

  2. Start the Installation program.

    3. To run the Installation wizard, in the directory that contains the Installation program, enter the following command:

    UNIX

    ./setup

    Windows

    setup.exe

    To run the Installation program from the command line, in the directory that contains the Installation program, enter the following command:

    UNIX

    ./setup -nosdisplay

    Windows

    setup -nodisplay

    Note

    The remaining steps describe the GUI version of the Installation program. If you’re using the command-line version of the Installation program, you’ll be prompted to provide the same information as that presented in the Installation wizard. In the command-line version, you can use the following commands:

    • Press Enter to accept a default value in [brackets], or to continue on after you’ve entered a new value.
    • Press < to go back to the previous screen.
    • Enter Exit to stop the program and return to the command line.

  3. In the Welcome window, click Next.
  4. To accept the terms of the License Agreement, click “Yes (Accept License).”
  5. In the Installation Directory window, specify the directory where you want to install the product, and then click Next.

    6. Note that you should have write and execute permissions in this directory.

    Install Sun ONE Identity Server in this directory: Enter the path to the directory where Identity Server Services will be installed.The default directory is /opt on Solaris and c:\SunONE\SunONEIS on Windows 2000. You may specify another directory.

  6. In the Components to Be Installed/Uninstalled panel, select “Sun ONE Identity Server Management and Policy Services,” and then click Next.

    7. Along with these services, the installation program also installs Sun ONE Web Server, Sun ONE Directory Server, Sun ONE Identity Server Console, Common Domain Services, Identity Server Management and Policy Services and Java SDK 1.3.1_06.

    Figure 4-1  Components to Be Installed/Uninstalled Panel

  7. In the Java Configuration window, provide the following information, and then click Next:

    8. Do you want to use custom Java SDK? Java support in the Web Server requires Java SDK, version 1.3.1_06, which is provided with Identity Server 6.0. If you want to install the Java SDK available with Identity Server, select No. However, if you want to use a JDK (version 1.3.1_06), that you already have, select Yes and then type the full path to its location.

  8. In the Sun ONE Web Server Information window, provide the following information about the Web Server that will run Identity Server services, and then click Next:

    9. Administrator: Type the user name for the administrator who will access and manage the Web Server.

    Port: Type the port number. Typically, the default is 58888.

    Password: Type the Administrator’s password. The password must be a minimum of eight characters in length.

    Confirm Password: To confirm the Administrator password, type it again.

    Enter user to run server as: Type the UNIX user account the Web Server will run as. The default is nobody.

    Enter group to run this server as: Type the UNIX group the above user belongs to. The default is nobody.

  9. In the Web Server that Runs Sun ONE Identity Server Services panel, provide the following information, and then click Next:

    10. Host: This field displays the fully qualified domain name of the computer where the Identity Server components and a dedicated web server will be installed together.

    Port: Type the port number of the Web Server that runs the Identity Server services. The default port is 58080.

    Services Deployment URI: The Universal Resource Identifier (URI) prefix tells the Web Server where to look for HTML pages associated with a service and also for web application-specific information such as classes and jars.

    The default URI prefix is amserver. You can type a different name.

    Common Domain Deployment URI: The URI for accessing the common domain services on the Web Server. The default URI is common, which you may change, if required.

    Deploy console with this service? By default, this check box is clicked to indicate that the Identity Server Console will be installed with the Identity Server services. However, if you have an existing console and hence do not want to deploy the console now, click the check box to clear the selection. In this case, the installation program will display another panel to seek more information about the existing console. See the next step for details.

    Console Deployment URI: This URI prefix tells the Web Server where to look for HTML pages associated with the Identity Server console and also for other web application-specific information like classes and jars. The default URI prefix is amconsole. You can type a different name. This field is not available, if you cleared the check box Deploy Console with this Service?.

  10. If, in the previous panel, you did not choose to deploy the console with this service, provide the following information, and then click Next:

    11. Figure 4-2  Web Server that Runs Sun ONE Identity Server Console Panel

    Host: Type the fully qualified domain name of the computer where the Identity Server components and a dedicated web server will be installed together. Make sure that the domain name of the computer is set and you have typed it correctly in the field. See "Setting the Domain Name" for instructions on how to set the domain name.

    Port: Type the port number of the Web Server that runs the Identity Server services. The default port is 58080.

    Console Deployment URI: This URI prefix tells the Web Server where to look for HTML pages associated with the Identity Server console and also for other web application-specific information like classes and jars. The default URI prefix is amconsole. You can type a different name.

  11. In the Directory Schema panel, select “Install a new Sun ONE Directory Server,” and then click Next.

    12. Figure 4-3  Directory Schema Panel

  12. In the Directory Root Suffix panel, provide the following information:

    13. Sun ONE Identity Server root in your Directory tree: Type a distinguished name (DN) that you want to set as the root suffix. It should have at least one type=value pair. Examples:

      o=edisonwatson

      dc=madisonparc,dc=com

  13. Sun ONE Directory Server Information window, provide the following information, and then click Next:

    14. Host: Type the fully qualified domain name of the computer where Directory Server is installed.

    Port: Type the Directory Server port number.The default port is 389. If the port is already in use, the installation program will prompt you to type another port number. You can type in another number (between 1 and 65535) that is not in use.

    Installation Directory: Type the full path to the directory where you want to install the Directory Server. It is recommended that you make sure that the default directory /usr/iplanet/servers is empty or specify a fresh installation directory. This is because if you ever need to uninstall, the uninstallation program will remove this directory with its contents and you may lose any data that previously resided in it.

    Directory Manager: Type the DN of the user who will have restricted access to Directory Server. Example: cn=Directory Manager

    Password: Type the password for Directory Manager. The password must be a minimum of eight characters in length.

    Confirm Password: To confirm the Directory Manager password, type it again.

  14. In the Administration Server that Manages Directory Server panel, provide the following information, and then click Next:

    15. Administrator: Type the username of the administrator who will have access to the Administration Server that manages Sun ONE Directory Server. The default username is admin, which you can change.

    Port: Type a port number for the Administration Server that manages Directory Server. By default, this port is set at 58900.

    Password: Type the password for the user amAdmin. the password must be a minimum of 8 characters in length.

    Confirm Password: To confirm the password, type it again.

  15. In the Sun ONE Identity Server Internal LDAP Authentication User Information window, provide the following information and then click Next:

    16. Username: This is the Bind DN user for LDAP/Membership/Policy service. The user name amldapuser is hard coded and you cannot change it. This user will have read and search access to Directory Server entries.

    Password: Type the password for the amldap user. This password must be unique and different from the Top Level Administrator password that you would provide in the next panel. This password is the shared secret between Identity Server and Agents.

    Confirm Password: Retype the password to confirm.

  16. In the Sun ONE Identity Server Top Level Administrator Information panel, provide the following information and then click Next:

    17. Username: The username for the Top Level administrator is amAdmin. This name cannot be reconfigured.

    Password: Type the password for the user amAdmin. the password must be a minimum of 8 characters in length. This password must be different from the the amldapuser password you provided in the previous panel.

    Confirm Password: To confirm the amAdmin password, type it again.

    Start the Server after installation: Click this option if you want to automatically start the Identity Server after installation. If you do not select this, you may start the server manually after installation. For steps to do this, see "Starting Identity Server Services".

  17. In the Currently Selected Settings panel, review the configuration information that you’ve entered. If you need to make changes, click Back, go to the required panels and make the changes. Otherwise, click Next to proceed.
  18. In the Ready to Install panel, review the installation information. If you need to make changes, click Back to go to any of the previous panels. Otherwise, click Install Now to begin the installation.
  19. In the Installation Summary panel, you can click Details for a detailed summary of the configuration information that was processed during Installation.
  20. Click Exit to end the program.

Now that you have installed Identity Server, you can login to the Identity Server Console. For steps to do this, see "Logging In to the Administration Console".



Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.