Install Security Directory Server v6.3 with a script (AIX, Linux, Solaris)

Use the idsNative script file to automate the installation of Security Directory Server. See also Security Directory Server v6.5 and v8.0 tech note

Steps

  1. Log on to the system with root privileges.

  2. Access the product DVD or extract the files from the archive file that we downloaded from Passport Advantage®.

  3. Extract the Security Directory Server archive file to a directory with adequate disk space. For example, /tdsV6.3/. If we use a DVD to install Security Directory Server, the files are in the tdsV6.3 directory.

  4. Locate the following script files and change the permissions to write to the files:

      chmod +w image_path/tdsV6.3/responsefile.txt
      chmod +w image_path/scripts/ISAMConfigTDS.sh
      chmod +w image_path/scripts/ISAMGenSSLCert.sh
      chmod +w image_path/platform/tdsV6.3/idsConfigServerSSL.sh

  5. Install the Security Directory Server license files:

      cd image_path/tdsV6.3FP/license
      idsLicense -q

    The -q option installs the license files without displaying the license. If we use the -q option, we automatically accept the license without viewing it.

  6. In the tdsV6.3 directory, locate the installation program file and the response file:

    • idsNativeInstall.sh
    • responseFile.txt

    These files must be in the same directory.

  7. Update the following entries in the responseFile.txt file. By default, the values of the variable are set to false and their corresponding path variables are not set.

    • To install DB2, set the db2FeatureInstall variable to true. Update the db2InstallimagePath variable with the absolute path where the DB2 installation files are located.For example:

        db2FeatureInstall=true
        db2InstallimagePath=/image_path/platform/tdsV6.3/db2

    • To install GSKit, set the gskitFeatureInstall variable to true. Update the gskitInstallimagePath with the absolute path to where the GSKit installation files are located. For example:

        gskitFeatureInstall=true
        gskitInstallimagePath=/image_path/platform/tdsV6.3/gskit

    • To install embedded WebSphere Application Server (eWAS), set the eWasFeatureInstall variable to true. Update the eWasInstallimagePath with the absolute path to where the embedded WebSphere Application Server installation files are located. For example:

        eWasFeatureInstall=true
        eWasInstallimagePath=/image_path/platform/tdsV6.3/appsrv

    • To install Security Directory Server, update the tdsInstallimagePath with the absolute path to where the Security Directory Server installation files are located. Update the tdsFixPackInstallimagePath variable with the absolute path to where the Security Directory Server fix pack installation files are located. For example:

        tdsInstallimagePath=/image_path/platform/tdsV6.3/
        tdsFixPackInstallimagePath=/image_path/platform/tdsV6.3FP

      To install the full Security Directory Server , but there are already some Security Directory Server packages installed, such as the client packages, remove the images before running this script.

  8. Save the responseFile.txt file.

  9. For Solaris systems only:

    1. Check the /export/home directory exists. If the directory does not exist, create it.

    2. Ensure the following kernel parameters in the /etc/system file are set appropriately for the system. The following values are suggested as starting values:

        set msgsys:msginfo_msgmax = 65535
        set msgsys:msginfo_msgmnb = 65535
        set shmsys:shminfo_shmmax = 2134020096

    See the Solaris tuning documentation.

  10. Open a command prompt and start the installation by typing idsNativeInstall.sh

  11. Verify the installation by checking the installation log: /var/idsldap/V6.3/idsNativeInstall_timestamp.log

  12. For AIX, Linux, or Solaris systems only: Update the installation to the appropriate fix pack level. For Windows installations, the installation image includes the appropriate fix pack level.

    1. Stop all Security Directory Server services.

    2. Access the DVD or extract the files from the archive file that we downloaded from Passport Advantage.

    3. Change to the appropriate directory for your operating system.

        platform/tdsV6.3FP

    4. See the readme file included with the fix pack for information and installation instructions.

    5. Run the installation program.

        ./idsinstall -u -f

  13. Optional: To use the Security Directory Server Web Administration Tool, deploy Security Directory Server into the embedded version of WebSphere Application Server:

    1. Open a command prompt.

    2. Run ldaphome/idstools/deploy_IDSWebApp. Replace ldaphome with the installation path.

  14. Create the default instance and suffix:

    1. Open a command prompt and run...

        cd image_path/platform/tdsV6.3/
        ./idsdefinst -p passworddn -w passworduser -e encryptseed

      where:

        passworddn
        The administration DN password. For example, cn=root password.

        passworduser
        The database owner password. For example, the password for the user ID dsrdbm01.

        encryptseed

        The encryption seed value. This value is used to create is used to generate a set of Advanced Encryption Standard (AES) secret key values. The length must be 12 - 1016 characters.

  15. Configure Security Directory Server for ISAM:

    1. Edit...

        image_path/scripts/ISAMConfigTDS.sh

    2. Set the adminPW to the cn=root password. This password was created when the idsdefinst tool was run.

    3. Review the other settings in the file. If we used the default values during the installation of Security Directory Server, no further modification is required.

    4. Save and close the ISAMConfigTDS.sh file.

    5. Open a command prompt.

    6. Run...

        image_path/scripts/ISAMConfigTDS.sh

    7. Review output messages and verify the script completed successfully.

      If we used an improper database name, the script might exit with a return code of zero. Review all messages to ensure the script completed successfully. The default database name is dsrdbm01. We do not need to change the default name if we used the defaults with the idsdefinst command.

  16. Optional: If we are setting up Suite B and NIST compliance between our user registry and Security Verify Access components, see Configure IBM Tivoli Directory Server for SSL access. To configure basic SSL, continue with the following steps:

    1. To create a self-signed certificate:

      1. Open image_path/scripts/ISAMGenSSLCert.sh in a text editor.

      2. Set the password for the key database with the KEYFILEPWD variable.

      3. Save and close the file.

      4. Run image_path/scripts/ISAMGenSSLCert.sh. Replace image_path with the path to the script files. The self-signed certificate is extracted to am_key.der.

    2. To enable SSL with Security Directory Server:

      1. Open image_path/platform/tdsV6.3/idsConfigServerSSL.sh in a text editor.

      2. Set the values for the following variables. Values in bold are the typical default values. Use values specific and correct for the environment.

          tdsinstancename=dsrdbm01
          port=389
          ssl_port=636
          serverpwd=
          serverlabel=AMLDAP
          serverkeywithpath=/am_key.kdb
          user_dn=cn=root
          password_dn=

        The password fields must be set to your passwords.

      3. Save and close the file.

      4. Run...

          image_path/platform/tdsV6.3/idsConfigServerSSL.sh

        Replace image_path/platform with the path to the Security Directory Server installation files.

Parent topic: Security Directory Server installation