Layer 7 Identity Management

Red Hat Linux CA Identity Manager Install 

08-25-2017 12:00 PM

What this guide covers:

  • Setup X11 forwarding to allow GUI setup
  • Install Linux Dependencies
  • Install CA Directory
  • Install CA Identity Manager product
  • Silent Install Example File
  • Installer in DEBUG mode
  • Applications Servers Specific Instructions for Clusters
  • Possible Errors during Install


Setup X11 forwarding to allow GUI setup 

Download an X11 forwarding client like Xming or Cywin/X. In the example below, I'll use Xming as a reference.

Once Xming is downloaded, make sure you setup your ssh client to use X11 forwarding.

1) Use an X11 server application such as Xming or Cygwin/X

2) Enable X11 forwarding in your client (Putty is used as an example. See image below)

x forwarding.png

Note: Stop here if you don't need to run Xming as a different user.

How to run Xming as different user:

  1. Enable X-11 Forwarding in your client
  2. Log in as your normal user
  3. echo $DISPLAY to get the associated display
  4. xauth list, find the display number which corresponds with what you found in #3 and copy it (Make sure you copy everything in the output)
  5. Sudo to root xauth add <paste in what you copied from #4>
  6. Now you can execute commands as root and will be able to se the X11 Forwarding connection


Install Linux Dependencies

Make sure these commands are run (the "-y" parameter forces the library to install):

Note: These are the 32-bit packages and must be installed even if the Linux Distro is in 64-bit. In RHEL 7.x an extra command needs to be run to install packages:


RHEL 7.x:

subscription-manager register --username <username> --password <password> --auto-attach
subscription-manager refresh


Then run below libraries in RHEL 6.x. 


RHEL 6.x and lower:

yum install -y glibc.i686

yum install -y libXext.i686

yum install -y libXtst.i686

yum install -y ncurses-devel.i686

yum install -y compat-libstdc++.i686

yum install -y

yum install -y libstdc++.i686

yum install -y libidn.i686

yum install -y libgcc.i686

yum install -y libX11.i686

yum install -y libxcb.i686

yum install -y libXau.i686

yum install -y libXi.i686

yum install -y nss-softokn-freebl.i686

yum install -y libXmu.i686

yum install -y libXft.i686

yum install -y libXpm.i686

yum install -y ncurses-devel.i686

yum install -y ksh


This is required from the IDM 12.6.8 CR1 installer:

yum install - y xrender.i686


mv /dev/random /dev/random.orig

ln -s /dev/urandom /dev/random

chkconfig iptables off (RHEL 6.x only)

service iptables stop (RHEL 6.x only)

vi /etc/selinux/config


setenforce 0


For RHEL 7.x:

Instead of 

chkconfig iptables off

service iptables stop



systemctl disable firewalld.service
systemctl stop firewalld.service


To check entropy:

cat /proc/sys/kernel/random/entropy_avail





Install CA Directory product:

Run the file from .../CADirectory.../dxserver

Get a copy of NeteAuto.ldif from the CA Identity Manager samples folder and upload it to any desired directory or

Use the attached sample userstore.ldif I have attached onto this post at the bottom of this document.

The sample user would be imadmin and password can be found in the ldif file.

su - dsa
dxnewdsa <insert-dsa-name> 11389 dc=security,dc=com
dxserver stop <insert-dsa-name>
dxloaddb <insert-dsa-name> /CA_Install/NeteAuto.ldif
dxserver start <insert-dsa-name>
dxserver status


Install CA Identity Manager product:

Be sure to check the CA Identity Manager Support Matrix

   - For CA IDM 12.6.8 or lower: click here

   - For CA IDM 14.0: click here

From the install directory where the file was unzipped, run the installer:



Note: Make sure this command is not run in console mode and Xming is enabled! Console mode prevents the installer from installing as a cluster.


Silent Install Example File

For IDM version 12.6.x and later, this file was used to perform an Identity Manager install without the addtional components. Please use this guide as it has an example file available:

Successful install of CA Identity Manager using a silent install file 


After the sample file has been created, use this command to begin the install (assuming the file you created is named



      ca-im-release-win32.exe -f -i silent



      ./ca-im-release-sol.bin -f -i silent


Changing default temp location

Set the variable IATEMPDIR


Linux: Ex. export IATEMPDIR=/<newlocation>


Installer in DEBUG mode

Execute this command before running the installer:

export LAX_DEBUG=true


Further References for Logging in DEBUG:


Applications Servers Specific Instructions:

- Weblogic

  • In the AdminServer field, "AdminServer" must be typed in!
  • In the URL field the format should look like this: http:\\<hostname>:7001 (Default AdminServer port is 7001)
  • Cluster name can be anything you choose to be
  • During the startup of the weblogic nodes:
    • 11g uses this command line instruction: ./ <IM_NODE_NAME> -Xms256m -Xmx1024m -XX:ReservedCodeCacheSize=50m -XX:MaxPermSize=256m<ADMINSERVER_HOSTNAME>:<ADMIN-PORT>
    • 12c uses this command line instruction: ./ <IM_NODE_NAME> -Xms256m -Xmx1024m -XX:ReservedCodeCacheSize=50m -XX:MaxPermSize=256m<ADMINSERVER_HOSTNAME>:<ADMIN-PORT>
  • POST Weblogic Install Specific Instructions
    • Create a Distributed JMS Server
      1. Make an IM_JMS_filestore directory (Ex. WL_HOME\user_projects\IM_JMS_filestore)
      2. Under Admin Console, go to Services -> Messaging -> JMS Servers (See attached image below)

- JBoss

  • JBoss App Server and Identity Manager needs to be installed on x numbered of nodes in environment. During the install, Identity Manager asks for the nodes "Peer Server ID" (This is determined by the installer).
  • Recommended options are to select "Unicast" for Master Node procedure
  • Configuring journal files recommended option would be for "Shared Store"
  • Configure the JK Connector
    • Fill in the field with your corresponding nodes’ hostnames.
      For example, consider a cluster where the CA Identity Manager server is installed on three JBoss hosts named myhostA, myhostB, and myhostC, using Peer IDs 1, 2, and 3.


  • Pre-install items
    • Set the Sun Reference Implementation as the JSF Implementation Container
    • Disable Global Security
  • Remove the contents of the following folders:

    • Temp Directory:
      • Windows: %temp%
      • Unix: /tmp/*
    • Websphere_home/profiles/WAS_PROFILE/temp/*
    • Websphere_home/profiles/WAS_PROFILE/wstemp/*
    • Websphere_home/profiles/WAS_PROFILE/tranlog/*
    • Websphere_home/profiles/WAS_PROFILE/configuration/*
    • Websphere_home/deploytool/itp/configuration/org.*, leaving only config.ini in this directory


Possible Errors during Install:


32 bit ncurses library is not installed.

Reason: On a 64 bit system the 32 bit library libncurses is necessary.

Action: \Please install the ncurses 32 bit package with version >= 5.


There are 2 possible solutions to this error:


Please make sure that the following 32 bit RPMs are installed:










Creating a symbolic link in /usr/lib to the 32 bit library in /lib:

/usr/lib # ln –s /lib/


Weblogic node doesn't start up after fresh install


Please refer to this TEC DOC:


JBoss RPM Linux Install failed to complete due to "Unsupported Version" even though version is listed as compatible on Compatibility Matrix (Support Matrix)


CA Identity Manager does not support RPM installs. This type of install has not been tested with our engineering and will not be supported.


Linked TEC DOC:

0 Favorited
1 Files
zip file   348B   1 version
Uploaded - 05-29-2019

Tags and Keywords

Related Entries and Links

No Related Resource entered.