Launchanywhere properties file missing

Installation and Administration Guide

Transcript

1 Directory Integrator Version Installation and Administration Manual SC

2

3 Directory Integrator Version Installation and Administration Manual SC

4 Notice Before using this information and the product it supports, read the general information in Appendix D, Notices, on page 385. This publication is a translation of the IBM Tivoli Directory Integrator 7.1.1: Installation and Administrator Guide, IBM Form SC, published by International Business Machines Corporation, USA. Copyright International Business Machines Corporation 2006, 2012 Information that is only valid for certain countries and does not apply to Germany, Austria and Switzerland has been reproduced in the original text in this publication. It is possible that not all products listed in this translation are announced and available in Germany; Before making any decisions, it is advisable to contact the responsible IBM office. Change to the text are reserved. Published by: TSC Germany Kst May 2012

5 Preface You will need the information in this document in order to develop solutions with components that are part of the IBM Tivoli Directory Integrator. Audience This guide is intended for those who develop, install, and maintain solutions with IBM Tivoli Directory Integrator. The Tivoli Directory Integrator components are designed for network administrators who are responsible for managing user directories and other resources. This document assumes that you have practical experience installing and using IBM Tivoli Directory Integrator. You should also be familiar with the concepts and management of the systems to which the developed solutions are connected. Depending on the specific solution, this could be one of the following products, systems, and concepts, among others: v IBM Directory Server v IBM Tivoli Identity Manager v IBM Java Runtime Environment (JRE) or Sun Java Runtime Environment v Microsoft Active Directory v Operating systems Windows and UNIX v Security management v Internet protocols, e. B. HTTP, HTTPS, and TCP / IP v Lightweight Directory Access Protocol (LDAP) and directory services v Supported user registry v Authentication and authorization v SAP ABAP application server Publications Refer to the descriptions in the IBM Tivoli Directory Integrator library and reference literature for references to publications that contain information that is important to you. After you have found the publications that are relevant to you, you can use the online access instructions to find them. IBM Tivoli Directory Integrator Library The Tivoli Directory Integrator Library contains the following publications: IBM Tivoli Directory Integrator Getting Started Version This publication provides a brief tutorial and introduction to Tivoli Directory Integrator Help you become familiar with IBM Tivoli Directory Integrator. IBM Tivoli Directory Integrator Version Installation and Administration Guide This publication provides complete information about installation, migrating from a previous version, configuring the logging facility, and the security model that the feriii

6 is based on the IBM Tivoli Directory Integrator Server API. It also provides information on how to implement and manage solutions. IBM Tivoli Directory Integrator Version User's Guide This publication provides information about using IBM Tivoli Directory Integrator, as well as instructions for designing solutions using the Tivoli Directory Integrator developer tool (ibmditk) and running predefined solutions from the command line (ibmdisrv). It also provides information on the interfaces and concepts used, as well as on the creation of production lines. IBM Tivoli Directory Integrator V7.1.1 Reference Guide This publication provides detailed information about each of the components of IBM Tivoli Directory Integrator (connectors, functional components, parsers, and so on) that make up the building blocks of the assembly line. IBM Tivoli Directory Integrator Version Problem Determination Guide This publication provides information about the tools, resources, and procedures in IBM Tivoli Directory Integrator 7.1.1 to help you identify and resolve problems. IBM Tivoli Directory Integrator Version Messages Guide This publication contains a list of all informational, warning, and error messages related to the IBM Tivoli Directory Integrator IBM Tivoli Directory Integrator Version Password Synchronization Plug-ins Guide This publication contains comprehensive information about installing and configuring the following five IBM plug-ins for password synchronization: Windows Password Synchronizer, Sun Directory Server Password Synchronizer, IBM Tivoli Directory Server Password Synchronizer, Domino Password Synchronizer and Password Synchronizer for UNIX and Linux. It also includes configuration instructions for the LDAP and JMS password stores. IBM Tivoli Directory Integrator Version Release Notes This release contains descriptions of new features and late-breaking information about IBM Tivoli Directory Integrator 7.1.1 that could not be included in the documentation. Reference literature For reference information about IBM Tivoli Directory Integrator, see the following publications: v IBM Tivoli Directory Integrator uses the Oracle JNDI client. For information about this JNDI client, see the Java Naming and Directory Interface Specification at v The Tivoli Software Library contains a variety of Tivoli publications such as: B. White papers, data sheets, demos, redbooks and sales releases. The Tivoli software library is available on the Web at. v The Tivoli Software Glossary defines many of the terms used in Tivoli software. The Tivoli Software Glossary is available at glossary / tivoliglossarymst.htm. It is only available in English. Accessing Publications Online The publications for this product are available online in Portable Document Format (PDF) and / or Hypertext Markup Language (HTML) from the Tivoli Software Library at. To find a specific product release in the library, you must click the link for the product manuals on the left side of the library page. Then, on the Tivoli Software Information Center page, find and click the name of the product you want. iv Administrator's Guide

7 The information available is organized by product and includes readme files, installation, user and administrator manuals, and reference manuals for developers, as required. Note: To ensure that PDF publications print correctly, select Fit to page in the Adobe Acrobat print window (accessed by clicking File> Print). Accessibility The accessibility feature assists users with physical disabilities such as B. Limited mobility or limited vision when using information technology products successfully. Tivoli Directory Integrator supports accessible tools that announce the elements of the user interface and make it easier to navigate. After installation, you can use the keyboard instead of the mouse to access the functions of the graphical user interface. Accessibility Features The following are the main accessibility features available in Tivoli Directory Integrator: v Keyboard only is supported. v Support for interfaces widely used by screen readers. v Buttons that can be perceived separately using the sense of touch; no activation of buttons by simply touching them. v Status and information are not represented by colors alone. v Documentation in an accessible format is provided. Keyboard Navigation This product uses the standard Microsoft Windows navigation keys to perform common Windows operations, such as accessing the File menu and performing copy, paste, and delete operations. Tivoli Directory Integrator keyboard shortcuts are used for actions specific to Tivoli Directory Integrator. Keyboard shortcuts have been provided for all actions where required. Interface information The accessibility features of the user interface and documentation include the following: v To change fonts, colors, and contrast settings in the Configuration Editor: 1. Enter Alt-W to access the Configuration Editor Window menu. Use the down arrow to select User Preferences ... and press Enter. 2. On the Appearance tab, select the settings for colors and fonts to change the fonts for any functional area in the configuration editor. 3. Under Folders for view and editor, select the colors for the configuration editor. When choosing colors, you can also change the contrast. v Steps to customize keyboard shortcuts specific to IBM Tivoli Directory Integrator: 1. Enter Alt-W to access the Configuration Editor Window menu. Use the down arrow to select User Preferences ... 2. Use the down arrow to select the General category, use the right arrow to open it, and then use the down arrow to find Keys. Under the Scheme selector there is a field that contains the entry "Enter filter text". In the filter text field, enter Tivoli Directory Integrator. All keyboard shortcuts specific to Tivoli Directory Integrator are now displayed. Preface v

8 3. Assign a key assignment to the Tivoli Directory Integrator commands you want. 4. Click Apply to save the change. The configuration editor is a special instance of an Eclipse workbench. For details on the accessibility features of applications built with Eclipse, see help.eclipse.org/help33/topic/org.eclipse.platform.doc.user/concepts/accessibility/accessmain.htm. v The information center and its publications are enabled for accessibility through the JAWS screen reader and IBM Home Page Reader. All functions of the documentation can be carried out using either the mouse or the keyboard. Third-party software The IBM Tivoli Directory Integrator installer uses the IA 2010 SP1 installation technology. The IBM Tivoli Directory Integrator installer uses accessibility features that are independent of the product itself. The installation program supports three user interface modes: Graphical user interface (GUI) In the GUI mode, only keyboard operation is supported; the use of a speech output program is possible. To get the most out of a screen reader, use the Java Access Bridge and run the installer with a Java Access Bridge-enabled JVM. Example: install_tdiv711_win_x86.exe LAX_VM "java-directory / jre / bin / java.exe" The JVM used should be Java 6 JRE. Console In console mode, only keyboard operation is supported; all displays and user options are presented as text that screen readers can easily read. Console mode is the recommended installation method for accessible access. Unattended In unattended mode, user actions are performed via a response file; no user interaction is required. Accessibility reference information Refer to the IBM Accessibility Center at for more information on IBM's commitment to providing information in an accessible format. Contacting IBM Software Support Before you contact IBM Tivoli Software Support about a problem, refer to IBM Systems Management information and the information on the Tivoli software website at the following address: If you need additional help , contact software support. To do this, follow the instructions in the IBM Software Support Handbook, which is available from the following Web site: vi Administrator's Guide

9 This publication contains the following information: v Registration and participation requirements for getting support v Telephone numbers and addresses for the country you are in v List of information you need to gather before contacting customer support A Visit 01.ibm.com/support/docview.wss?rs=697&uid=swg Preface vii for a list of the most frequently required documents and valuable resources for answering your questions about IBM Tivoli Directory Integrator

10 viii Administrator's Guide

11 Table of Contents Preface iii Audience iii Publications iii IBM Tivoli Directory Integrator Library ... iii Reference Literature iv Accessing Publications Online ..... iv Accessibility Features v Accessibility Features v Keyboard Navigation v Interface Information v Third-Party Software vi Accessibility Reference Information Operation vi Contacting IBM Software Support ... vi Chapter 1. Introducing IBM Tivoli Directory Integrator editions Chapter 2. Installation instructions for IBM Tivoli Directory Integrator Installation preparation Disk space requirements Storage requirements Platform requirements Components in IBM Tivoli Directory Integrator. 4 Additional prerequisites Install IBM Tivoli Directory Integrator Start suitable installation program Use the platform-specific TDI installation program Execute the installation with the graphical installation program Execute the installation from the command line Space requirements for temporary files during the installation Execute the unattended installation Steps for the installation completion Install local help files AMC in customized ISC SE Implement instance or Tivoli Integrated Portal (with integrated ISC). 52 Installing or updating with the Eclipse update manager Steps to complete the installation Uninstalling Starting the uninstallation program Performing an unattended uninstallation Default installation locations Chapter 3. Update Installer .registry file Installing fixes Rolling back Troubleshooting Chapter 4. Supported platforms Virtualization support Chapter 5. Migration Migrating files to another location Which files do not need to be modified for use in a different location ?. 67 Which files have to be modified so that they can be used in a different location? Which files shouldn't be used in a different location under normal circumstances? Migrating files with encrypted data .. 69 Migrating files to a newer version Migration with support from the installation program Migration with support from a tool .. 70 Manual migration Backing up important data Configuration settings from AMC 7.x to another AMC implementation migrate EventHandler to corresponding Convert Assembly Line TCP Server Connector Mailbox Connector JMX Connector SNMP Server Connector IBM Directory Server Change Log Connector HTTP Server Connector LDAP Server Connector Change Detection Connector for Sun Directory Active Directory Change Detection Connector 90 z / os-ldap-Change Log Connector DSMLv2 -SOAP Server Connector Migrate B-Tree Tables and B-Tree Connector to System Storage Cloudscape Database Migrate to Derby Files "global.properties" and "solution.properties" with the migration tool migrate property files of password plug-ins with migrate using the migration tool Chapter 6. Si Security and TDI Introduction Managing Keys, Certificates and Keystore Background Listing the Contents of a Keystore Creating Keys Support for Secure Sockets Layer (SSL) SSL configuration of TDI components as a server ix

12 SSL configuration of TDI components as client SSL client authentication SSL configuration for IBM Tivoli Directory Integrator and Microsoft Active Directory Summary of the properties for SSL activation and PKCS # 11 support Example of SSL Remote Server API Introduction Server Configuring the API Server API access options SSL remote access to Server API Server API authentication Server API authorization Server audit functions Security for Tivoli Directory Integrator server instance Stash file Security modes for the server Working with encrypted TDI configuration files Standard TDI encryption of the File "global-.properties" or "solution.properties" Encryption of properties in external property files TDI encryption utility Security for TDI system memory Various functions for configuration files 142 Configuration parameter type "password" Password protection for components Output of attributes as unv Prevent ciphertext during tracing Encryption of TDI server hooks Remote configuration editor and SSL Use remote configuration editor Overview of configuration files and properties for security Security for the web administration console Other security aspects HTTP basic authentication Special aspects for SSL in Lotus Domino Certificates for TDI web service Suite MQe authentication with mini certificates Chapter 7. Reconnect rules engine Introduction Reconnect rules Configuring custom rules Examples Exceptions notes General reconnect configuration Chapter 8. System queue System queue configuration Apache ActiveMQ parameters Parameters for WebSphere MQe Parameters for WebSphere MQ parameters for Microbroker parameters for JMS script driver Example for configuration of the system queue Security and Aut authentication MQe configuration utility MQe queue security by authenticating MQe messages. Support for DNS names in the MQe queue configuration. High availability configuration for MQe. Transport of password changes. Functions in the MQe configuration utility for remote configuration. Chapter 9. Encryption and FIPS mode Configuring Tivoli Directory Integrator to run in FIPS mode Symmetric cipher support 169 Configuring SSL and PKI certificates Encrypting and decrypting with the CryptoUtils utility Working with certificates Using encryption keys on hardware devices Accessing devices with IBMPCKS11 and using SSL Store keys and certificates. Enable or disable population. Manage encryption artifacts (keys, certificates, keystores, encrypted files). Changed encryption key Changed ID Encryption Key or Keystore Password Expired Encryption Certificate Chapter 10. TDI Server API Configuration Server ID Password Protected Configuration Exception Server RMI Configuration Load Timeout Interval 185 Chapter 11. Properties Working with Properties Performing Migration Using Properties and the tdimiggbl Tool Global Properties Solution Properties Java Properties System Properties Chapter 12. System Stores Property Stores Password Stores User Property Stores x Administrator's Guide

13 Non-system storage relational database management system Oracle MS SQL Server IBM DB2 for z / os DB2 for other operating systems Use IBM SolidDB Derby as system storage Configure Derby instances Start Derby in network mode Enable user authentication in system storage Create instructions for system storage tables Back up Derby databases Troubleshooting for Derby Cloudscape configuration prior to version 6.0 (property files) For more information Chapter 13. Command Line Options Configuration Editor Server CLI - tdisrvctl Utility Command Line Reference Chapter 14. Logging and Debugging 225 Script-Based Logging Logging with Log4J Standard Class Log Levels and Log Level Control 230 Log4J Standard Parameters Create your own log strategies Chapter 15. Tracing and First Failure Data Capture Enhancements to Tracing About Tracing Tracing Configure trace levels dynamically. Useful JLOG parameters. Chapter 16. Touchpoint Server Touchpoint Concepts Touchpoint Server Touchpoint Provider Touchpoint Type Touchpoint Instance Touchpoint Template Resource Persistence Touchpoint Scheme Touchpoint Server Communication Protocol Touchpoint Configuration Touchpoint Instance Communication Protocol Scheme for touchpoint status entry Property sheet definitions XML schema positions Procedure in the event of an error Configuration Authentication Examples Example included in delivery Example steps for creating a touchpoint instance with a JDBC connector Chapter 18. Tombstone Manager Introduction Configuring Tombstones Configuration editor configuration display Assembly line configuration display Tombstone Manager Chapter 19 Various Support Options for TDI as a Service IBM Tivoli Directory Integrator as a Windows Service Table of Contents xi

14 Introduction Installing and uninstalling the service Starting and stopping the service Logging Configuring the IBM Tivoli Directory Integrator as a Linux / UNIX service Implementation methods Customizing the "/ etc / inittab" file IBM Tivoli Directory Integrator as z / os service 338 USS process Normally started z / os-task IBM Tivoli Directory Integrator as i5 / os-service 340 command line support Chapter 20. z / os environment support Post-installation configuration using MQe as system queue Standard encoding other than IBM JDK 5.0 not in location "/ usr / lpp / java / j5.0 "344 Running Tivoli Directory Integrator Reading License Files Using Remote Configuration Editor on z / os Processing Configuration and Property Files Using ASCII Mode Configuring TDI Task for Logging to SYSOUT File Appendix A. Glossary of Terms in IBM Tivoli Directory Integrator Appendix B .Examples of property files Log4J.properties jlog.properties derby.pro perties global.properties Appendix C. Monitoring with external tools Monitoring TDI with ITM Brief description of the ITM architecture Importing existing agent configuration into ITM Agent Builder 6.2 Creating Tivoli Directory Integrator agents for ITM with ITM Agent Builder 6.2 Generating ITM agents Configuring ITM agents TDI -Monitoring data Sending customized notifications to ITM 399 Limitations Monitoring TDI with OMNIbus Introduction Configuring the properties file for the EIF test monitor Determining the evaluation of events Working with the file "EventPropertyFile.properties" Sending customized notifications to OMNIbus Appendix D. Notices Trademarks xii Administrator's Guide

15 Chapter 1. Introduction For an overview of general IBM Tivoli Directory Integrator concepts, see "IBM Tivoli Directory Integrator Concepts" in the IBM Tivoli Directory Integrator Version User's Guide. For more detailed information about the concepts of IBM Tivoli Directory Integrator, see the IBM Tivoli Directory Integrator V7.1.1 Reference Guide. Editions of IBM Tivoli Directory Integrator IBM Tivoli Directory Integrator is offered in two different editions, for which different license agreements apply: Identity Edition IBM Tivoli Directory Integrator Identity Edition contains the whole range of connectors, parsers, functional components, password interceptor plug-ins and various others Components. Licensing is on a per user basis. General Purpose Edition IBM Tivoli Directory Integrator General Purpose Edition differs from Identity Edition in that it does not include all components. The following specific identity management components are not available in this edition: v Connector for Windows Users and Groups vz / OS Change Log Connector v IDS Change Log Connector v Change Log Connector for Sun Directory v Change Detection Connector for Active Directory v ITIM DSMLv2 Connector v TAM Connector v JMS password store connector v SAP R / 3 user registry connector v LDIF parsers v SPMLv2 parsers v Password interceptor plug-ins The examples that refer to these components are also not included in this edition. This edition is licensed on a processor basis. 1

16 2 Administrator Guide

17 Chapter 2. Installation instructions for IBM Tivoli Directory Integrator Pre-installation The Tivoli Directory Integrator installation program uses InstallAnywhere technology Before installing, read the following sections and ensure that your system meets the minimum requirements. Disk space requirements The IBM Tivoli Directory Integrator installation program requires 450 MB of temporary disk space during installation, plus the following additional disk space for the TDI components that remain on the computer after installation: v Windows 32-bit: 629 MB v Windows 64-bit : 665 MB v Linux 32-bit: 577 MB v Linux 64-bit: 595 MB v Linux PPC: 410 MB v zlinux s390: 421 MB v AIX: 609 MB v AIX PPC 64-bit: 430 MB v Solaris SPARC: 652 MB v Solaris Opteron: 492 MB v HP-UX Itanium: 788 MB v i5os: 350 MB The exact amount of disk space required depends on the components selected for installation. The above values ​​refer to a full installation using the "Custom" option. In order to calculate the required disk space precisely, add up the required disk space of all components that you want to install. The disk space required for each TDI component is specified under Components in IBM Tivoli Directory Integrator on page 4. A typical installation generally uses 30MB less than the list above. Memory requirements The IBM Tivoli Directory Integrator installation program requires 512 MB of main memory. The exact amount of main memory required after installation depends on the components that are being installed. To calculate the required memory requirements, add up the memory requirements of all components that you want to install. The memory requirements for each Tivoli Directory Integrator component are listed under Components in IBM Tivoli Directory Integrator on page 4. Memory requirements for a standard installation: 484 MB Memory requirements for a user-defined installation with all components: 868 MB 3

18 Platform requirements Refer to Chapter 4, Supported Platforms, on page 63. Components in IBM Tivoli Directory Integrator The following components (with a few exceptions) are available and selectable as part of the IBM Tivoli Directory Integrator installation: Runtime Server These are is a rule engine used to implement and run Tivoli Directory Integrator integration solutions. v Disk space requirements: 48 MB v Disk space requirements: Each server instance requires a minimum of 256 MB. NOTE: Depending on the size and complexity of the solution being created, more memory may be required. Configuration editor This is a development environment for creating, debugging and expanding TDI integration solutions. Note: The IBM Tivoli Directory Integrator configuration editor is not supported on the following operating systems: v HP-UX Integrity * v Solaris Opteron vz / os v i5 / os v Linux PPC v Linux 390 * With HP-UX Integrity, you can Install the Eclipse plug-in for the Tivoli Directory Integrator configuration editor in an existing Eclipse workbench (see below for more details). If you do not choose this method or if you are using one of the other platforms, read the information in the sections Using the Remote Configuration Editor on page 141 and Using the Remote Configuration Editor on z / os on page 345. Required disk space for the configuration editor for the respective supported operating system : v Microsoft Windows: 139 MB v Linux: 139 MB v AIX 139 MB v Solaris 138 MB memory requirements for the configuration editor for the supported operating system: 128 MB. Configuration Editor Update Site (Eclipse Configuration Editor Update Site) Use the Configuration Editor Update Site folder to install the Tivoli Directory Integrator Configuration Editor into an existing Eclipse installation. Use the Eclipse software update tool and this folder as the local update site. The configuration editor update site is only supported when deployed on Eclipse. Note: The IBM Tivoli Directory Integrator Configuration Editor update site is not supported on the following operating systems: 4 Administrator's Guide

19 v Solaris Opteron vz / os v i5 / os v Linux PPC v Linux 390 For more information, see Using the Remote Configuration Editor on page 141 and Using the Remote Configuration Editor on z / os on page 335. The configuration editor update site has the following requirements: v Disk space requirements: 6 MB v Memory footprint: N / A Java API Documentation This is complete HTML documentation of the TDI internals. It contains basic reference material for scripting in solutions and for developing custom components. v Disk space requirements: 48 MB v Disk space requirements: Not applicable Examples Certain Tivoli Directory Integrator functions or components are highlighted in a series of brief and illustrative example configurations. v Required disk space: 3 MB v Memory requirements: Not applicable Help system version (for local provision of TDI help; online by default) You can use the IBM help system of the user interface based on Eclipse technology (Built on Eclipse), the was previously called "IBM Eclipse Help System" or "IEHS", install it locally and use this system as an alternative to the global online help service. This option requires the Tivoli Directory Integrator help files to be downloaded and deployed manually after installation. Disk space requirements by platform: v Windows: 24 MB v Linux: 18 MB v AIX: 18 MB v Solaris: 18 MB v HP-UX: 18 MB v i5 / os: 18 MB memory requirements: 128 MB (256 MB or more is recommended ) Note: You have to increase the main memory according to the size of the documentation plug-ins. Example: If the documentation is 100 MB in size, you must provide at least 80 MB of additional memory. If your platform meets the above requirements, you can continue with the download and installation instructions listed in Installing Local Help Files on page 50. Integrated Web Platform (includes Integrated Solutions Console Standard Edition) Version Tivoli Directory Integrator includes an integrated, simple web server platform, sometimes referred to as "LWI". This server platform is based on the architecture of Eclipse and Open Services Gateway Initiative (OSGI); it supports running web applications. Chapter 2. Installation Instructions for IBM Tivoli Directory Integrator 5

20 and web services. The runtime provides a secure infrastructure with low memory requirements and minimal configuration. The integrated web platform includes Integrated Solution Console Standard Edition (ISC SE), which is used as the standard alternative to implementing Administration and Monitoring Console (AMC) in an existing ISC installation. The integrated web platform provides a simple, OSGI-based infrastructure for hosting web applications and web services that has the following characteristics: v Minimal storage requirements v Minimal configuration v Compatibility with ISC based on OSGI For AMC installation in the integrated web platform 94 MB or more required on each of the following supported operating systems: v Windows v Linux v AIX v Solaris v HP-UX memory footprint: 512 MB or more is recommended. Note: For the i5 / os platform, the embedded web application server must already be installed on the target computer. For details, see Installing IBM Tivoli Directory Integrator on i5 / os on page 13. Administration and Monitoring Console (AMC) This is a browser-based application for monitoring and managing active Tivoli Directory Integrator servers. AMC runs in the Integrated Solutions Console (ISC). In previous releases, AMC was provided as a servlet application that was implemented on an integrated or existing instance of WebSphere Application Server (WAS). v Disk space requirements: 74 MB v Disk space requirements: 128 MB Tivoli Directory Integrator supports Integrated Solutions Console Standard Edition and Tivoli Integrated Portal 2.1 (with integrated ISC). The following additional components are installed automatically and cannot be selected: JRE (Java Runtime Environment) 6.0 SR9 This is a subset of the Java Development Kit (JDK) that consists of the central executable files and other files that make up the Java standard platform . The JRE includes the Java Virtual Machine (JVM), core classes, and support files.Note: The JRE that is used for any of the installed Tivoli Directory Integrator packages is independent of any system-wide JRE or JDK that may be installed on your system. The JRE is installed regardless of which features are selected. The uninstallation program requires the JRE, which is why it is always installed. Disk space requirements by platform: v Windows: 120 MB v Linux: 91 MB v AIX: 94 MB v Solaris: 149 MB v HP: 245 MB 6 Administrator's Guide

21 Memory requirements: N / A Password Synchronization Plug-ins All supported platforms: 8 MB Other settings This component contains the license package, the uninstallation program, the update program, and the Tivoli Directory Integrator overhead. The Tivoli Directory Integrator license pack contains the license files for Tivoli Directory Integrator. Required disk space by platform: v Windows: 20 MB v Linux: 20 MB v AIX: 20 MB v Solaris 19 MB v HP-UX: 20 MB v i5 / os: 20 MB Memory requirements: Not applicable Other requirements Root or administrator rights Please note the following differences between an installation of Tivoli Directory Integrator with administrative rights and an installation without administrative rights: v Any user who installs Tivoli Directory Integrator must have write access to the specified location when installing. v Non-administrative users have different Configuration Editor shortcuts than administrative users. v For non-administrator users, the AMC Service and Register Server as a Service windows do not appear when installing Tivoli Directory Integrator. v After Tivoli Directory Integrator has been installed using a specific non-root user ID, the same user ID must be used for any further maintenance of that installation, such as uninstalling or migrating to newer versions. Security Enhanced Linux (SELinux) RedHat Linux (RHEL) is equipped with a security function called "Security Enhanced Linux" ("SELinux" for short). SELinux offers security that protects the host from certain destructive attacks. RHEL version 4.0 shipped a less secure version of SELinux that was disabled by default. However, in version 5.0 of RHEL, SELinux is enabled by default. It has been found that the SELinux defaults in RHEL 5.0 prevent Java from running properly. If you try to run the Tivoli Directory Integrator installer for RHEL 5.0 you might receive an error that is similar to the following output: #. / Install_tdiv711_linux_x86.bin Initializing Wizard ... Verifying JVM ... No Java Runtime Environment (JRE) was found on this system. This error occurs because the Java Runtime Environment (JRE), which InstallAnywhere 2010 extracts to the / tmp directory, does not have the permissions required to run it. To avoid this error: 1. Disable SELinux: setenforce 0. Chapter 2. Installation Instructions for IBM Tivoli Directory Integrator 7

22 2. Run the Tivoli Directory Integrator installation program. 3. Activate SELinux again: setenforce 1. To activate or deactivate SELinux, you can also edit the configuration file / etc / selinux / config. The default settings for the / etc / selinux / config file look something like the following lines: # This file controls the state of SELinux on the system. # SELINUX = can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX = enforcing # SELINUXTYPE = type of policy in use. Possible values ​​are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE = targeted If SELINUX is modified to either SELINUX = permissive or SELINUX = disabled, the Tivoli Directory Integrator installation program is allowed to run. Both modifications of the SELINUX property (either in SELINUX = permissive or in SELINUX = disabled) affect the security level for the host. The Tivoli Directory Integrator installation program uses a JRE in the install_dir / jvm location that does not work with the default SELinux settings. The installation program tries to work around the problems with the default SELinux settings by attempting to change the security permissions on the Tivoli Directory Integrator JRE that are blocking the installation program. The Tivoli Directory Integrator installation program issues a command that changes the security permissions on the Tivoli Directory Integrator JRE so that it can be executed. The Tivoli Directory Integrator installation program issues the following command to do this: chcon -R -t textrel_shlib_t install_dir / jvm / jre Note: If the installation program cannot issue the chcon command or an error occurs when issuing the command, you must edit the permissions manually . Errors similar to the following output indicate that the chcon command did not run properly: V7.1.1] #. / Ibmdisrv Failed to find VM aborting V7.1.1] #. / Ibmditk Failed to find VM aborting V7 .1.1] # bin / amc / start_tdiamc.sh Failed to find VM - aborting Authentication of AMC under UNIX / Linux With some UNIX platforms (e.g. SLES 10) AMC in ISC SE is not always able to Authenticate users if correct credentials are provided. This behavior occurs when AMC is running under a non-root user ID and the operating system uses a password database (for example, a / etc / shadow file). For more information about this problem and a workaround, see "Authentication failure on UNIX when LWI runs as non-root user" in the IBM Tivoli Directory Integrator Version Problem Determination Guide. 8 Administrator Guide

23 Installing IBM Tivoli Directory Integrator With the Tivoli Directory Integrator installation program you can either fully install Tivoli Directory Integrator, install only the required Tivoli Directory Integrator components, or upgrade a previous version of Tivoli Directory Integrator (for versions 6.0, 6.1 , 6.1.1, 7.0 or 7.1) or add components to an existing Tivoli Directory Integrator installation. Note: The IBM Tivoli Directory Integrator configuration editor is not supported on the following operating systems: v HP-UX Integrity * v Solaris Opteron vz / os v i5 / os v Linux PPC v Linux 390 * With HP-UX Integrity, you can Install the plug-ins for the configuration editor in an existing Eclipse workbench (for more information, see Platform requirements on page 4). If you do not choose to do this or if you are using one of the other platforms, see Using the Remote Configuration Editor on page 141 and Using the Remote Configuration Editor on z / os on page 345 for additional information about using the product with a locally installed configuration editor . The Tivoli Directory Integrator installation uninstalls a previous version. However, files created by the user are not removed by the uninstallation. After the reinstallation is complete, the user-created files will still be available. Configuration files such as global.properties and am_config.properties are migrated to Tivoli Directory Integrator, preserving any custom changes made to the configuration. The Tivoli Directory Integrator installation continues to use the components that were available in previous versions of Tivoli Directory Integrator: v Administration and Monitoring Console (AMC) v Configuration Editor v Samples v IBM user interface help system based on Eclipse technology (Built on Eclipse) v Java API documentation v Runtime server Note: Throughout this publication, IBM Tivoli Directory Integrator Version Installation and Administration Guide, the variable tdi_install_dir is the installation directory location selected by the user on the target location display during installation. Refer to Default Installation Locations on page 52 for information on the locations where Tivoli Directory Integrator is typically installed. Chapter 2. Installation Instructions for IBM Tivoli Directory Integrator 9

24 Starting the appropriate installation program You can use one of the following methods to start the IBM Tivoli Directory Integrator installation program: Starting the installation program from the launchpad The Tivoli Directory Integrator launchpad provides basic introductory installation information, as well as links to more detailed information on a variety of installation, migration, and post-installation topics . You can also start the Tivoli Directory Integrator installation program from the launchpad. Notes: 1. The launchpad is not available on z / os and i5 / os. 2. A supported web browser must be installed and configured to use the launchpad. If it does not, you will not be able to use the launchpad. However, you can also use the platform-specific installer directly. For instructions on using the Tivoli Directory Integrator installer, see Using the Platform-Specific TDI Installer on page 13. Note: 1. Open the Tivoli Directory Integrator launchpad by entering the following command at the command prompt: v For Windows platforms: Launchpad.bat v For all other platforms: Launchpad.sh Use the menu on the left side of the launchpad to navigate the launchpad windows. Click a menu option to view information about that option. Note on the figures: For technical reasons, the figures shown in this manual may differ from the user environment used or may only be available in English. The following menu options are available: Welcome! The Welcome! Window The installation contains links to the following destinations: v IBM Tivoli Directory Integrator website v Version documentation v Support website v Tivoli Directory Integrator Newsgroup 10 Administrator's Guide

25 The following options on the left are Tivoli Directory Integrator launchpad windows: Release Notes This window contains a list of some of the new and improved components available in this release and links to documentation about the release. Required Information This window contains links to information about platform support and hardware requirements. Installation Scenarios This window describes the TDI components that are available for installation. During the installation, you can install some or all of these components. The window also includes a description of the Password Synchronization Plug-ins components that are available for installation. Migration Information This window provides a link to information about migrating from Tivoli Directory Integrator Version 6.0, 6.1.X, 7.0, or 7.1 to Version. It also contains information about migrating the Derby system store. Installing IBM Tivoli Directory Integrator This window contains links to the IBM Tivoli Directory Integrator installer, as well as links to documentation for installation, migration, and supported platforms. For instructions on using the IBM Tivoli Directory Integrator installer, see Using the Platform-Specific TDI Installer on page 13. Chapter 2. Installation Instructions for IBM Tivoli Directory Integrator 11

26 Installing the IBM Tivoli Directory Integrator Password Synchronization Plug-ins This window contains links to the installer for the IBM Tivoli Directory Integrator Password Synchronizer Plug-ins component, as well as links to documentation for the installation and supported platforms. Note: This window is not available on Linux PPC and Linux 390 platforms. Exit Exits the launchpad without performing an installation. 2. In the installation window, click the IBM Tivoli Directory Integrator Installer option. This will start the installation program. For instructions on using the installation program, see Using the Platform-Specific TDI Installation Program on page 13. Starting the Installation Program Directly You can start the installation program directly by using the installation executable: 1. Locate the tdi_installer directory on the product CD the executable file for the installation for your platform (under i5 / os this directory is called TDI_INST). Windows Intel install_tdiv711_win_x86.exe Windows 64-bit AIX install_tdiv711_win_x86_64.exe install_tdiv711_aix_ppc.bin AIX 64-bit Linux install_tdiv711_aix_ppc_64.bin install_tdiv711_linux_x86.bin Linux 64-bit PowerPC Linux install_tdiv711_linux_x86_64.bin install_tdiv711_ppclinux.bin z / os Linux install_tdiv711_zlinux.bin Solaris Sparc install_tdiv711_solaris_sparc .bin Solaris (Intel) install_tdiv711_solaris_x86_64.bin HP-UX Integrity install_tdiv711_hpux_ia64.bin i5 / os INST_TDI.SH 2. Double-click the executable file or type the name of the executable file at the command prompt. This will start the installation program. For information on using the installer, see Using the Platform-Specific TDI Installer on page 13. After you have started the installer (either from the launchpad or by starting the platform-specific installer directly), you can begin the process described in the Platform-Specific TDI - Using the installation program is described on page 13. 12 Administrator Guide

Note: Non-administrative users can install Tivoli Directory Integrator with the following caveats: 1) Users installing Tivoli Directory Integrator must have write access to the installation location. 2) For users without administrator rights, the "AMC service" and "Register server as a service" windows are not displayed. 3) The configuration editor shortcuts for non-administrator users are different from the configuration editor shortcuts for administrators. Using the platform-specific TDI installer The Tivoli Directory Integrator platform-specific installer is started from either the launchpad or the command line. The Tivoli Directory Integrator installer can be used to install a new copy of Tivoli Directory Integrator, add a component to an existing Tivoli Directory Integrator instance, or upgrade from a previous Tivoli Directory Integrator version. The default installation location on your computer for Tivoli Directory Integrator varies by platform. During the installation, the installation program logs its actions in files located in the system's directory for temporary files (usually / tmp or / var / tmp on UNIX platforms). Preparing for installation Note: The configuration editor is not available under the "i5 / os" operating system. In addition, the Configuration Editor and the Configuration Editor update site are not supported by Tivoli Directory Integrator on the following operating systems: v HP-UX Integrity v Solaris Opteron vz / os v Linux PPC v Linux 390 For information on developing solutions without a local configuration editor, see Using the Remote Configuration Editor on page 141. Installing IBM Tivoli Directory Integrator on i5 / os Tivoli Directory Integrator supports installation on i5 / os. A graphical user interface (launchpad) is not supported on the i5 / os platform. i5 / os supports the -console option for command line installation. For more information, see Running the installation from the command line on page 46. The following Tivoli Directory Integrator components are not available on i5 / os and are not listed as installable components during an installation with the -console option: v Configuration Editor This component is the Tivoli Directory Integrator integrated development environment (IDE). For more on this, read the information in the section Using the remote configuration editor under z / os on page 345. v Update site of the configuration editor (Eclipse update site) Via this Eclipse update site, which is used to maintain the configuration editor, the customer can install the configuration editor in an existing Eclipse workbench if the stand-alone RCP applications are not to be used. Before installing Tivoli Directory Integrator, the i5 / os operating system on which Tivoli Directory Integrator will run must have certain software installed. Chapter 2. Installation Instructions for IBM Tivoli Directory Integrator 13

28 versions of program temporary fixes (PTFs): For i5 / os V6R1, the installer will verify that the following is installed: 1.Product 5761JV1, option 11 (J2SE bit) 2. PTF group SF99562, level 19 or higher (Java) 3. Product 5761DG1, * BASE (IBM HTTP Server for i5 / os; contains LWI) 4. PTF group SF99115, level 18 or higher (LWI, AMC role and SSL fix) With i5 / os V7R1, the installation program checks whether the following is installed: 1. Product 5761JV1, option 11 (J2SE bit) 2. PTF group SF99572, level 08 or higher (Java) 3. Product 5770DG1, * BASE (IBM HTTP Server for i5 / os; contains LWI) 4. PTF group SF99368, level 07 or higher (LWI, AMC role and SSL fix) Version of Java Virtual Machine ( JVM): Tivoli Directory Integrator requires IBM JVM J9 32-bit for all i5 / os versions. If the J9 JVM 32-bit is not found or if the minimum PTF group level is not present, the following error message is displayed: The installation could not find the IBM J9 VM (32-bit). IBM J9 VM is required for this product. Install this JVM and then try the operation again. If you receive this message, cancel the installation, install the IBM J9 VM, and start the installation again. If you select the "Integrated Web Platform" component, the installation checks whether LWI (v7r1 or v6r1) is available on the target system. If the PTFs or products are not found, the following error message is displayed: The installer could not find the i5 / os product or the appropriate fixes required for the integrated web platform. You can continue with the installation without the embedded web platform component, or you can exit the installation now and review the installation log to determine the list of missing prerequisites. Installation: Note: The installation program and the uninstallation program under i5 / os are called "INST_T-DI.SH" and "uninstaller.sh" respectively. To start the installation on i5 / os: 1. Locate the executable file for the installation on i5 / os in the TDI_INST directory on the product CD. The launchpad is not available on i5 / os. When installing on i5 / os, the location /QIBM/ProdData/IBM/TDI/V7.1.1 is used by default on your computer. 2. In order for the Tivoli Directory Integrator installation program to be extracted from a tar image, you must set the environment variable "QIBM_CCSID" on i5 / os to the value 819, that is, the command export QIBM_CCSID = 819, before you execute the tar image of the Tivoli Unzip the Directory Integrator installer. Another difference with i5 / os is in the Tivoli Directory Integrator "solution directory" display. Under i5 / os there is a special position for user data. As a result, you will not have the option to use the solution directory as the installation directory. Instead, there is an option to use the TDI user product directory. 14 Administrator Guide

29 Performing the Installation Using the Graphical Installer Display Sequence During Installation Initialization Preparation Display You can access the installer executable from the command line or (Windows only) by double-clicking the executable. The following screen appears, followed by a welcome screen: Note: The welcome screen may also contain a drop-down list of language choices if the underlying system supports multiple languages. (The default is English.) Chapter 2. Installation Instructions for IBM Tivoli Directory Integrator 15

30 16 Administrator Guide

31 Chapter 2. Installation Instructions for IBM Tivoli Directory Integrator 17

32 Welcome screen This is the welcome screen for the installation program. This is the default display provided by the InstallAnywhere installer. In this display you can continue the installation by selecting the Next button or exit the installation program by selecting the Cancel button. Display for missing J9 PTF (only with i5 / os) Under i5 / os, the TDI installation checks whether the IBM J9 32-bit JVM is installed. If this JVM is not found, an error message is displayed: The installation could not find the IBM J9 VM (32-bit). IBM J9 VM is required for this product. Install this JVM and then try the operation again. At this point you have to cancel the installation. If the JRE verification is successful, you will not receive this indication. 18 Administrator Guide

33 Information display for previous TDI installations This display informs you that it may take some time before previous versions of TDI are recognized. Chapter 2. Installation Instructions for IBM Tivoli Directory Integrator 19

34 If a previous version is found, you will be given a number of upgrade options. 20 Administrator Guide

35 License display The license display is provided by the IBM license tool. This display is displayed when a new TDI version is installed or when an older TDI version is upgraded. Chapter 2. Installation Instructions for IBM Tivoli Directory Integrator 21

36 Display for target position Notes: 1. This display is not displayed when upgrading from TDI 6.0, TDI 6.1, TDI 6.1.1, TDI 7.0 or TDI 7.1. It is also not called when you add components to an existing instance of TDI. 2. The display for the target position shows the last entered value if you continue with the other displays in the wizard and return to this display later. 3. Non-ASCII characters and the following characters are not supported in the installation path: "; 22 Administrator's Guide

37 Installation type display A "Standard" installation includes the runtime server, the configuration editor, the Javadocs, the examples and AMC. The configuration editor update site, the IBM help system for the user interface based on Eclipse technology (Built on Eclipse) and the "Password Synchronization Plug-ins" component are not included in this installation. If you select the Standard option, the component selection display is skipped. In addition, the product package components for the integrated web platform and ISC are automatically installed. The display for the ISC directory is skipped. Chapter 2. Installation Instructions for IBM Tivoli Directory Integrator 23

38 Component Selection Display Use this display to indicate which components are to be installed. If necessary, each component can be installed individually. The only exception is that selecting the configuration editor will select the server because the configuration editor is a sub-component of the server. If a component is not supported on the respective platform, it is not listed in the display for the component selection. Note: The Configuration Editor component is not available on zlinux, Linux PPC, Solaris Opteron, HP IA64, and i5 / os. The Configuration Editor Update Site component is not available on zlinux, Linux PPC, Solaris Opteron, and i5 / os. The Password Synchronization Plug-ins component is not available on IBM Tivoli Directory Integrator General Purpose Edition, zlinux, Linux PPC, Solaris Opteron, HP-UX IA64 and i5 / os. The following list provides an overview of each component: Runtime Server This is a rule engine that is used to implement and run TDI integration solutions. Configuration Editor This is a development environment for creating, debugging, and 24 Administrator's Guide

39 expansion of TDI integration solutions. (It is not available under zlinux, Linux PPC, Solaris Opteron, HP-UX and i5 / os.) This component cannot be installed without installing the runtime server. Configuration Editor update site The Eclipse update site was used as a template for this component. It contains the files required to install the configuration editor in an existing Eclipse installation and is also used for maintenance. (It is not available on zlinux, Linux PPC, Solaris Opteron and i5 / os.) Javadocs This is complete HTML documentation of the TDI internals. It contains basic reference material for scripting in solutions and for developing custom components. Examples Certain TDI functions or components are highlighted in a series of brief and illustrative example configurations. IBM Built on Eclipse (Eclipse) technology-based user interface, version (local help) You can use the Built on Eclipse (Eclipse) -based IBM user interface help system, previously called "IEHS", Install locally and use it as an alternative to the global online help service. This option requires the Tivoli Directory Integrator help files to be downloaded and deployed manually after installation. Integrated web platform This is the package for version 8.1 of the integrated web platform. This version includes ISC SE. Administration and Monitoring Console This is a browser-based application for monitoring and managing active Tivoli Directory Integrator servers. Password Synchronization Plug-ins These are the TDI plug-ins for password synchronization. (This component is not available on IBM Tivoli Directory Integrator General Purpose Edition or on zlinux, Linux PPC, Solaris Opteron, HP-UX, and i5 / os.) Chapter 2. Installation Instructions for IBM Tivoli Directory Integrator 25

40 Display with missing requirements for integrated web platform (only for i5 / os) If the installation program detects that the requirements for the integrated web platform are missing under i5 / os and the component "Integrated web platform" has been selected (either in the display for user-defined components or by If you select Standard Installation), the following message is displayed: The installation program could not find the i5 / os product or the corresponding temporary fixes required for the integrated web platform. You can continue with the installation without the integrated web platform component, or you can exit the installation now and review the installation log to find the list of missing prerequisites. At this point, you can either go back and deselect the "Integrated Web Platform" component in the display for the custom components, or you can exit the installation program and ensure that the corresponding products are installed. Display for TDI solution directory This display is only shown when the server component is selected. Here the user can decide where the default solution directory should be located, in which the server and the configuration editor perform searches. The solution directory is a static directory that contains the solutions created and executed by the user. By default, the option to set the user's home directory as the solution directory is selected on this panel. Starting with TDI, for Windows and UNIX platforms, you must specify a valid solution directory when you select the Select directory to use radio button. The Universal Naming Convention (UNC) path is supported for the solution directory during installation. Under i5 / os (only when installing with the -console option), the Use installation directory option is replaced by an option that uses the TDI user product directory. The i5 / os platform has a special position for user data (/ QIBM / UserData). The installation directory is not suitable for this. Note: This display is not displayed when upgrading from TDI 6.0, TDI 6.1, TDI 6.1.1, TDI 7.0 or TDI 7.1. 26 Administrator Guide

41 If you want to add components and the server component is already installed, this display is not shown. Server Port Configuration Screen This screen is only displayed if a new instance of TDI is to be installed and the server installation has been selected as a component, or if it is an upgrade installation. In this display 4 different server port numbers are requested from you. Default values ​​are already given for these ports. The installation program checks whether you have entered a valid and available port number (see Server Port Configuration). Chapter 2. Installation Instructions for IBM Tivoli Directory Integrator 27

42 Display for registering the server as a system service This display is only called up if a new instance of TDI is to be installed and the installation of the server has been selected as a component or if it is an upgrade installation. In addition, it is only displayed if you have administrator rights. If the check box is selected, only the SERVER will be registered as a service for that operating system. The check box is deselected by default. The two text fields are only activated when the check box is selected. The first text field is intended for the service name. The second text field contains the port number that the server uses to run as a system service. Whenever possible, the installation program tries to provide a valid default value for the service name (for details on this process, refer to the information on registering the server as a Windows service or as a UNIX process). If the installation program cannot determine a valid service name, the field is empty. You cannot proceed with the installation until you have entered a valid service name. 28 Administrator Guide

43 Display for TDI-AMC implementation This display is only output if a user-defined installation group and also the installation of the AMC component has been selected. You need to select the ISC instance in which you want AMC to be implemented. You can select the implementation of AMC in the ISC package supplied with TDI or in an ISC instance already installed on the target machine, or you can specify that AMC should be implemented at a later point in time. When selecting an already installed ISC instance, the user must select a directory that contains the Integrated Web Platform (LWI) or WAS, for example C: \ Program Files \ IBM \ WebSphere \ AppServer or C: \ dev \ IBM \ TDI \ lwi. If you did not select the "Integrated Web Platform" component for installation, this option is grayed out. Notes: 1. If you want to add components and the AMC component is already installed, this display will be skipped. 2. When implementing AMC in WAS, the role "TDI AMC Admin" (TDI-AMC administrator) is not automatically assigned, unlike when implementing it in the integrated web platform. This role must be assigned manually by the ISC console administrator. Chapter 2. Installation Instructions for IBM Tivoli Directory Integrator 29

44 ISC Ports Indicator This indicator is displayed for either a standard installation or a custom installation if you have chosen to implement AMC in an embedded instance of ISC. The ISC instance could be an instance of the embedded ISC that ships with Tivoli Directory Integrator, or an ISC instance that already exists on the target system. If you are implementing AMC in a customized SE instance, the default values ​​used for the HTTP port and the HTTPS port are determined as follows: In the files for_tdi_selected_isc / conf / overrides / *. Properties, look for the first occurrence of the com .ibm.pvc.webcontainer.port and com.ibm.pvc.webcontainer.port.secure and use the associated values. If any of these properties are not defined in the ".properties" files in this directory, look for them in the file for_tdi_selected_isc / conf / config.properties. If the HTTP port is not found, port 80 is used by default. If the HTTPS port is not found, port 443 is used by default. The help port has the same value as the HT-TP port. If you implement AMC in a customized AE instance, the default values ​​used for the HTTP port and the HTTPS port are determined as follows (except under i5 / os, where the default values ​​are used): 30 Administrator Manual

45 Look for files named "serverindex.xml" in the following directory: for_tdi_selected_isc \ profiles \ appsrv01 \ config \ cells \ * \ nodes \ *. Look in these files for the HTTP port for XML blocks that are similar to the following block: For the HTTPS port, look for blocks that are similar to the following: The installation program searches for a tag "specialenpoints" that contains the value WC_adminhost or WC_adminhost_secure for "endpointname" and uses the assigned port values ​​from the embedded tags "endpoint".If the HTTP port cannot be determined using this method, the value 9060 is used. If the HTTPS port cannot be determined, the value 9043 is used by default. The value of the HTTP port is set as the value for the help port. The displayed values ​​are the standard values ​​for the integrated ISC SE instance. The entry of ports already in use is not permitted in the display. In this case, a warning will be displayed asking you to select a different port value. Chapter 2. Installation Instructions for IBM Tivoli Directory Integrator 31

46