Install Security Directory Server with a script (Windows)

Use the script file to automate the installation of Security Directory Server.

The information in this topic is for Directory Server version 6.3. Use the information and links in the tech note for the configuration instructions for Security Directory Server 6.4 and Security Directory Suite 8.0.

Automated installations can perform unattended silent installations. This task uses the install_tdsSilent command.

Steps

  1. Log on to the system with Administrator privileges.
  2. Extract the Security Directory Server archive file to a directory with adequate disk space, for example, /tdsV6.3/. If we use a DVD to install Security Directory Server, the files are in the tdsV6.3 directory.
  3. Locate the following script files and change the permissions to write to the files: 
    image_path\tds\optionsFile\InstallServer.txt
image_path\scripts\ISAMConfigTDS.bat
image_path\scripts\ISAMGenSSLCert.bat
image_path\Windows\tdsV6.3\idsConfigServerSSL.bat
    For example:

    1. For each file previously listed, right-click the file and click Properties.

    2. Click the Security tab.

    3. In the Name list box, select the user or group to change.

    4. In the Permissions box, select Write.

    5. Click OK.

  4. In the directory, locate the installation program file and the response file.

    • image_path\windows\tdsV6.3\tds\install_tdsSilent.exe
    • image_path\windows\tdsV6.3\tds\optionsFile\InstallServer.txt

  5. Update the entries in the InstallServer.txt file with the appropriate values for your installation. Use the instructions in the text file. See the topics about the options files for silent installation in the Security Directory Server IBM Knowledge Center.

  6. Save the InstallServer.txt file.
  7. Open a command prompt and change to the following directory: 

      image_path\windows\tdsV6.3\tds

  8. Start the installation by running the following command: 

      install_tdsSilent -is:silent -options image_path\optionsFiles\InstallServer.txt
      where image_path is the full path to the optionsFiles directory.
    • Verify the installation by checking the installation log:

      C:\Program Files\IBM\LDAP\V6.3\var\ldapinst.log

    • Create the default instance and suffix:

      1. Open a command prompt.
      2. Change to the following directory: ldap_home\idstools
      3. Run the following command: 

          idsdefinst -p passworddn -w passworduser -e encryptseed
          where:

            passworddn
            The administration DN password. For example, cn=root password.

            passworduser
            The database owner password. For example, the password for the user ID dsrdbm01.

            encryptseed
            The encryption seed value. This value is used to create is used to generate a set of Advanced Encryption Standard (AES) secret key values. The length must be 12 - 1016 characters.

    • Configure Security Directory Server for ISAM:

      1. Locate the image_path\scripts\ISAMConfigTDS.bat file.
      2. Open the file in a text editor.

      3. Set the adminPW to the cn=root password.
      4. Review the other settings in the file. If we used the default values during the installation of Security Directory Server, no further modification is required.

      5. Save and close the ISAMConfigTDS.bat file.
      6. Open a command prompt.
      7. Run image_path\scripts\ISAMConfigTDS.bat. Replace image_path with the path to the script files.
      8. Verify the configuration by checking the configuration log:

        C:\Users\Administrator\ConfigTDSforISAM.log

    • Optional: If we are setting up Suite B and NIST compliance between our user registry and Security Verify Access components, see Configure IBM Tivoli Directory Server for SSL access. To configure basic SSL, continue with the following steps:

      1. To create a self-signed certificate:

        1. Open image_path\scripts\ISAMGenSSLCert.bat in a text editor.

        2. Set the password for the key database with the KEYFILEPWD variable.

        3. Save and close the file.
        4. Run image_path\scripts\ISAMGenSSLCert.bat. Replace image_path with the path to the script files. The self-signed certificate is extracted to am_key.der.

      2. To enable SSL with Security Directory Server:

        1. Open image_path\Windows\tdsV6.3\idsConfigServerSSL.bat in a text editor.

        2. Set the values for the following variables. Values in bold are the typical default values. Use values specific and correct for your environment.
          tdsinstancename=dsrdbm01
port=389
ssl_port=636
serverpwd=
serverlabel=AMLDAP
serverkeywithpath=C:\am_key.kdb
user_dn=cn=root
password_dn=
          The password fields must be set to your passwords.

        3. Save and close the file.
        4. Run image_path\Windows\tdsV6.3\idsConfigServerSSL.bat. Replace image_path with the path to the Security Directory Server installation files.

Parent topic: Security Directory Server installation