Symantec IGA

 View Only
  • 1.  Installation Guide for Identity Manager 12.6 SP5 on Linux 6u6

    Posted May 29, 2015 11:20 AM

    Required rpm packages as specified in the following link:  https://support.ca.com/cadocs/0/CA Identity Manager 12 6 5-ENU/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?2008769_3.html

         NOTE: You can use newer versions of the packages.

         NOTE: If you wish to use Provisioning Manager, you will need to download CA IdentityMinder r12.6 SP5 Server components for Windows and install Provisioning Manager on a Windows OS.

     

    • Login into the system as root

     

    • Prior to running each of the installers, execute the following commands:
      • mv /dev/random /dev/random.orig
      • ln -s /dev/urandom /dev/random
      • chkconfig iptables off
      • service iptables stop
      • vi /etc/selinux/config
        • SELINUX=permissive
        • Note: A system reboot may be required for the changes to take place.
      • setenforce 0

     

    • Install CA Directory
      • Install required prerequisite packages
        • yum install tcsh
      • Create CA Directory User Store (Only use this step if your User store will be CA Directory) (EXAMPLE ONLY)
        • Get a copy of NeteAuto.ldif from the Identity Manager samples and upload it to the "Your Own Path" directory
        • su - dsa
        • dxnewdsa mydsa 11389 dc=security,dc=com
        • dxserver stop mydsa
        • dxloaddb mydsa "Your Own Path"/NeteAuto.ldif
        • dxserver start mydsa
        • dxserver status

     

      • Install Provisioning Directory
        • Install required prerequisite packages
          • yum install glibc.i686
          • yum install libXext.i686
          • yum install libXtst.i686
          • yum install ncurses-devel.i686
          • yum install ksh

     

        • Make a temporary directory, and download the IM 12.6 installer (GEN01140749E.tar) to that directory
        • tar -xvf GEN01140749E.tar
        • cd Provisioning/ProvisioningDirectory
        • ./setup -console
          • to get past the license agreement, hold down the enter key for a while, then enter "q" to quit, then enter "Y"
          • when prompted for the provisioning server host, enter:  yourHostName
          • Please configure your shared secret password (Save in a secure location, you will need this password in the future)

     

    • Configure SEMMNI parameter in kernel
      • vi /etc/sysctl.conf
      • Add the following at the end of the file:
        • kernel.sem = 250 32000 32 512
      • /sbin/sysctl -p
      • Alternate Command:
        • sysctl -w kernel.sem="250 32000 32 512"

     

    • Install Provisioning Server
      • Install required prerequisite packages
        • yum install compat-libstdc++*.i686
        • yum install libstdc++.i686
        • yum install libidn.i686
        • yum install libgcc.i686

     

      • From the temporary directory where you unzipped the IM 126 installer:
        • cd Provisioning/ProvisioningServer
        • ./setup -console
          • to get past the license agreement, hold down the enter key for a while, then enter "q" to quit, then enter "Y"
          • when prompted for the directory server host, enter:  yourHostName
          • Please configure your shared secret password (Save in a secure location, you will need this password in the future)
          • for the username, enter:  etaadmin or your desired name (Save in a secure location, you will need this in the future)
          • for the connectors you  wish to select, enter: *

     

    • Install Connector Server
      • Install required prerequisite packages
        • yum install glibc.i686
        • yum install libX11.i686
        • yum install libxcb.i686
        • yum install libXtst.i686
        • yum install libXau.i686
        • yum install libXi.i686
        • yum install libXext.i686
        • yum install nss-softokn-freebl.i686
        • yum install libXmu.i686
        • yum install libXft.i686
        • yum install libXpm.i686

     

      • From the temporary directory where you unzipped the IM 126 installer:
        • cd Provisioning/ConnectorServer
        • ./setup -console
          • to get past the license agreement, hold down the enter key for a while, then enter "q" to quit, then enter "Y"
          • when asked whether to register the connection to the provisioning server, enter "Y"
          • when prompted for the provisioning server host, enter:  yourHostName
          • for the username, enter: etaadmin or your desired name (Save in a secure location, you will need this in the future)
          • Please configure your shared secret password (Save in a secure location, you will need this password in the future)

     

    • 4016: IM Installation
      • Login as root
      • Configure /etc/hosts as needed
      • Install required prerequisite packages
          • yum install glibc.i686
          • yum install libXext.i686
          • yum install libXtst.i686
          • yum install ncurses-devel.i686
          • yum install ksh

     

        • JDK
          • NOTE: JAVA 1.7u72 has a bug please avoid this version.
          • Download JDK 1.7u79 (jdk-7u79-linux-x64.tar.gz) to the /opt folder
          • tar -xvf jdk-7u79-linux-x64.tar.gz
          • Upload Unlimited JCE Policy (UnlimitedJCEPolicyJDK7.zip) to the /opt folder
          • unzip UnlimitedJCEPolicyJDK7.zip
          • copy the two jar files to /opt/jdk1.7.0_71/jre/lib/security

     

        • JBOSS
          • Upload JBoss EAP 6.3 (jboss-eap-6.3.0.zip) to the /opt folder
          • unzip jboss-eap-6.3.0.zip

     

      • Install IM Server
        • From the temporary directory where you unzipped the IM 126 installer:
          • ./ca-im-12.6.05-linux.bin -i console
            • to get past the license agreement, hold down the enter key, then enter "Y"
            • when prompted for which options to select enter:  1,3
            • when prompted for the app server, choose your application server, and enter the path to where application server is installed
            • when prompted for the jdk, select option 1, and enter the path to where the jdk is installed, including "/bin/java"
            • when prompted for the database, select either SLQ or Oracle, and enter the necessary parameters.
            • when prompted to enter a username enter: imadmin or your any admin account name of your choice (Save in a secure location, you will need this in the future)
            • Please configure your shared secret password (Save in a secure location, you will need this password in the future)

     

      • After installation completes:
        • Start up your application server and confirm functionality.

     

    Common Errors and Resolutions:

    • EXEC(err): -bash: /src/CADirectory/dxserver/samples/impd-main/setup.sh: /bin/csh: bad interpreter: No such file or directory (When installing provisioning directory)
      • Confirm that you have installed csh / reinstall csh


  • 2.  Re: Installation Guide for Identity Manager 12.6 SP5 on Linux 6u6

    Posted Jun 03, 2015 11:51 AM

    Thanks for sharing this important information with the CA Security Community, Vincent!



  • 3.  Re: Installation Guide for Identity Manager 12.6 SP5 on Linux 6u6

    Posted Aug 20, 2015 11:58 AM

    Common Error:

    Checking operating system...

    Checking kernel parameters for required minimum values...

    Cannot find version information for existing installation. Installation procedure aborted.

     

    Check your eCSinstall and confirm you are not experiencing any kernel value problems if not try removing the following file and reinstall.

     

    /etc/.ecspath



  • 4.  Re: Installation Guide for Identity Manager 12.6 SP5 on Linux 6u6

    Posted Sep 22, 2015 10:11 AM

    Error:

     

    An earlier version of CA Identity Manager has been detected (12.6.5.0.386), but

    the Installer is unable to locate the installation files

    Please uninstall the previous version of CA Identity Manager and rerun.

     

    Solution:

     

    In the path /var exists some hide files that you need to erase:

    .com.zerog.registry.xml and another file with the name : .CA_configuration_settings find and delete those.



  • 5.  Re: Installation Guide for Identity Manager 12.6 SP5 on Linux 6u6

    Posted Sep 22, 2015 11:49 AM

    Error:

     

    Custom Action:

                              Status: ERROR

                              Additional Notes: ERROR - Command failed: Invoking Framework Installer

    Return Value: /tmp/498449.tmp/install_fw.sh: line 1: /home/nambiar/install/idm_install\Framework\iamfw.exe: No such file or directory

     

     

    Stdout: {2}

    Stderr: {3}

     

    Cause and Resolution:

     

    If you did not untar the file locally before and used winscp or filezilla to transfer the file the binary sometimes gets messed up. Please completely delete your install media, and execute tar -xvf IDMmedia.tar locally on the machine.



  • 6.  Re: Installation Guide for Identity Manager 12.6 SP5 on Linux 6u6

    Posted Sep 13, 2016 01:11 PM

    One point I have noted in many postings related to installing Identity Suite components on Linux platforms is the step to increase the random number generation pool by setting up a symbolic link to urandom to replace the random binary. We have posted these two lines before:

    >  mv /dev/random /dev/random.orig

    >  ln -s /dev/urandom /dev/random

    In many cases the random number generator daemon is not running, so the symbolic link will not have effect until the rngd process is started:

    > service rngd start

    You should also ensure the rngd daemon starts on reboot:

    > chkconfig rngd on

    While researching the transient nature of the symbolic link to /dev/urandom, I ran across this posting using a Google search (how to increase entropy in Centos 6.2? - CentOS ) "How to Increase Entropy in CentOS 6.2". The recommended permanent change is to set the rngd options as shown in the article by editing the /etc/sysconfig/rngd options file:

    > # Add extra options here
    > EXTRAOPTIONS="-r /dev/urandom"

    The effect is the same as setting the symbolic link but not additional updates to udev configurations or similar techniques to make the symbolic link persist on reboot.



  • 7.  Re: Installation Guide for Identity Manager 12.6 SP5 on Linux 6u6

    Posted Sep 20, 2016 03:39 PM

    Nice doc! It helped me out, especially having all the pre-reqs outlined. Thanks.



  • 8.  Re: Installation Guide for Identity Manager 12.6 SP5 on Linux 6u6

    Posted Feb 13, 2018 11:45 AM

    Nice doc ! Lots of hints reported here ...


    It's been a while since you posted it :-) but I'm curious ...

    Regarding IPTABLES and SELINUX recommendations, did you have any problems that required such configurations? 

     

    regards, Roberto



  • 9.  Re: Installation Guide for Identity Manager 12.6 SP5 on Linux 6u6

    Posted Feb 13, 2018 03:39 PM

    The suggestions to disable iptables and selinux apply to setting up a Dev or Sandbox environment to test the installation and execution of CA Identity Manager (12.6 SP5 as stated in the initial post). Additional posts in the CA Identity Management forum identified iptable ports to open for communication with CA Identity Manager components.



  • 10.  Re: Installation Guide for Identity Manager 12.6 SP5 on Linux 6u6

    Posted Feb 14, 2018 03:15 AM

    This definitely helps to quickly setup CA Identity Manager if components are deployed on different boxes.

     

    Thanks Enrique.



  • 11.  Re: Installation Guide for Identity Manager 12.6 SP5 on Linux 6u6

    Posted Feb 13, 2018 11:57 AM

    I do not remember.