advertisement
Chapter 9. Verifying and troubleshooting the installation
This section describes how to correct problems with the Tivoli Identity Manager installation. It also explains how to verify that the Tivoli Identity Manager Server and its prerequisite processes are running correctly.
You can test whether the database, the directory server, and other programs that the Tivoli Identity Manager Server uses are correctly configured and are in full communication with each other.
Correcting problems with starting the installation
If you cannot start the Tivoli Identity Manager installation program, check these requirements: v
Is there enough real memory available to run the installation program? For more information, refer to the
IBM Tivoli Identity Manager Information Center
.
v Are the correct operating system levels, patches, and space requirements provided for the hardware and software prerequisites? For more information, refer to the
IBM Tivoli Identity Manager Information Center
.
v
Does the installation program have the correct file permissions to run?
Administrative privileges are required.
v
Is your firewall preventing processes that are active during installation from accessing external resources? For example, if you have a firewall that prevents ldapsearch from connecting to the directory server, the Tivoli Identity Manager installation fails.
v
If the installation is on a UNIX or Linux system, do you have the correct permissions and display variables set?
A common mistake is to log in to the desktop, omit disabling access control, and then telnet or SSH to a remote host on which you intend to install the Tivoli
Identity Manager Server. To correct this problem, complete these tasks:
1.
Run this command at the command shell of your desktop to disable access control for the X Server: xhost +
2.
After you telnet or SSH to the remote host, run this command to set the
DISPLAY environment variable: export DISPLAY=
hostname
:0.0
The value of
hostname
is the host name or IP address of your local desktop computer.
Tivoli Identity Manager configuration errors
Check the Tivoli Identity Manager activity summary log file
(itim_install_activity.log). If a non-fatal error is reported and it involves DBConfig, ldapConfig, or system configuration, you can use stand-alone Tivoli Identity
Manager configuration utilities to recover. For more information about these
utilities, see Chapter 7, “Configuring the Tivoli Identity Manager Server,” on page
© Copyright IBM Corp. 2009
95
Verifying the installation
This section describes verifying whether the database, the directory server, and other programs that the Tivoli Identity Manager Server uses are correctly configured and are in full communication with the Tivoli Identity Manager Server.
Ensuring that the WebSphere Application Server is running
The WebSphere Application Server on which the Tivoli Identity Manager application is deployed needs to be running.
To determine whether the WebSphere Application Server is running, enter this command: v
Windows operating systems:
WAS_PROFILE_HOME
\bin\serverStatus.bat -all v
UNIX or Linux operating systems:
WAS_PROFILE_HOME
/bin/serverStatus.sh -all
If you do not find the process running, run this command to start the server: v
Windows operating systems:
–
WAS_PROFILE_HOME
\bin\startServer.bat
server_name
v
UNIX or Linux operating systems:
–
WAS_PROFILE_HOME
/bin/startServer.sh
server_name
The value of
server_name
is the name of the WebSphere Application Server. For example, server1
.
Additionally, examine the log files in the logs directory for entries that indicate the status of server1. For example, examine the log files in the
WAS_PROFILE_HOME
\ logs\server1 directory.
Verifying that the Tivoli Identity Manager Server is running
To verify that the Tivoli Identity Manager Server and related processes are running, complete these steps:
1.
Ensure that the WebSphere Application Server is running.
Start the WebSphere administrative console. On a browser, enter this Web address: http://
hostname
:
port
/ibm/console
The value of
hostname
is the fully qualified host name or the IP address of the computer on which the WebSphere Application Server is running. The value of
port
is the port number for the WebSphere administrative HTTP transport. The default value is 9060.
2.
On the WebSphere administrative console, click
Applications > Enterprise
Applications
and verify that the Tivoli Identity Manager Server is running. If the Tivoli Identity Manager Server is not running, select the application, and then click
Start
.
If the Tivoli Identity Manager Server does not start, examine the following log files: v
WAS_PROFILE_HOME
\logs\
server_name
\SystemOut.log
The value of
profile_name
is the name of the WebSphere Application Server profile running Tivoli Identity Manager.
The value of
servername
is typically server1 for single-server environments.
v
TIVOLI_COMMON_DIRECTORY
\CTGIM\logs\trace.log
96
IBM Tivoli Identity Manager Server: Installation and Configuration Guide
In this directory, also examine the msg.log file. Installing Tivoli Identity
Manager Server defines the value of
TIVOLI_COMMON_DIRECTORY
.
3.
Log on to the Tivoli Identity Manager Server using the WebSphere embedded
HTTP transport. For example, at a browser window, enter this command: http://
hostname
:
port
/itim/console
The value of
hostname
is the fully qualified host name or the IP address of the computer on which the WebSphere Application Server is running. The value of
port
is the port number of the WebSphere virtual host. The default port number is 9080. The port number can be removed if an HTTP server is used as the front-end proxy.
The browser displays the Tivoli Identity Manager login window. To log in to
Tivoli Identity Manager, enter the Tivoli Identity Manager Server administrator user ID ( itim manager
) and password (immediately after installation, the value is secret
).
4.
After a first, successful login, the login window immediately prompts you to change the administrator password. Ensure that your password change is successful.
Note:
It is recommended you create a backup administrator user ID with the same access rights as the "itim manager
″ user ID.
5.
If continued attempts fail to log on to Tivoli Identity Manager, determine whether the SystemOut.log file contains errors about referencing Tivoli Identity
Manager properties files.
Ensure that the
ITIM_HOME
\data directory contains the properties files.
Additionally, ensure that the WebSphere Application Server also references the
ITIM_HOME
\data directory. Complete these steps: a.
On the WebSphere administrative console, click
Servers > Application
Servers
.
b.
Select a server such as server1 and under
Server Infrastructure > Java and
Process Management,
click Process Definition.
c.
In the Process Definition, click
Java Virtual Machine
.
d.
Ensure that the Classpath field specifies the {
ITIM_HOME
}\data directory.
6.
If continued attempts fail, examine the status of the Tivoli Identity Manager middleware.
v
“Testing the database connection” on page 98
v
“Ensuring that the directory server is operational” on page 101
Checking the Tivoli Identity Manager bus and messaging engine
Before starting the Tivoli Identity Manager Server, use the WebSphere administrative console to check the status of the bus and messaging engine.
To check the bus and messaging engine, complete these steps:
1.
Start the WebSphere administrative console.
http://
hostname
:
port
/ibm/console
The value of
hostname
is the fully qualified host name or the IP address of the computer on which the WebSphere Application Server is running. The value of
port
is the port number for the WebSphere administrative HTTP transport. The default value is 9060.
2.
Click
Service Integration > Buses
.
3.
If the bus has been set, you see the itim_bus. Click
itim_bus
.
4.
In the Topology section, click
Messaging engines
.
Chapter 9. Verifying and troubleshooting the installation
97
For a single-server installation, you see an engine named
nodename.servername
itim_bus and the status of the engine is started.
For a cluster installation, you see n+1 messaging engines, where n is the number of Tivoli Identity Manager cluster members. An additional messaging engine is used for the Tivoli Identity Manager messaging cluster. All these engines need to be started.
If a message engine is not started, click the messaging engine name, and under the
Additional Properties section, click
Message store
to see the data source JNDI name. From this JNDI name, you can link the Tivoli Identity Manager data source defined under the Resources section and test the data source connection. If the
data source connection test fails, see “Testing the database connection” for more
information about how to resolve the issue. If the connection test succeeds, examine the
WAS_PROFILE_HOME
\logs\
server_name
\SystemOut.log file to determine the reason that the messaging engine cannot be started.
Verifying that the database is running correctly
Testing the database connection
Before starting the Tivoli Identity Manager Server, use the WebSphere administrative console to test the database connection. Complete these steps:
1.
Start the WebSphere administrative console.
http://
hostname
:
port
/ibm/console
The value of
hostname
is the fully qualified host name or the IP address of the computer on which the WebSphere Application Server is running. The value of
port
is the port number for the WebSphere administrative HTTP transport. The default value is 9060.
2.
Click
Resources > JDBC > Data Sources
.
3.
Select
ITIM Data Source
.
4.
Click
Test Connection
. A message appears that indicates the test result.
Repeat these steps for the
ITIM Bus DataSource
, and for clusters, additionally test the
ITIM BUS Shared DataSource
.
If any connections do not work, complete these steps:
1.
The CLASSPATH definition of the JDBC provider is set up during the Tivoli
Identity Manager installation. Verify that the CLASSPATH value is correct.
Complete these steps: a.
Start the WebSphere administrative console.
http://
hostname
:
port
/ibm/console
The value of
hostname
is the fully qualified host name or the IP address of the computer on which the WebSphere Application Server is running. The value of
port
is the port number for the WebSphere administrative HTTP transport. The default value is 9060.
b.
Click
Resources > JDBC > JDBC Providers > ITIM XA DB2 JDBC
Provider
.
c.
Examine the properties to verify that the CLASSPATH value is correct. For example, its value is like these values for DB2:
$ITIM_DB_JDBC_DRIVER_PATH\db2jcc.jar
$ITIM_DB_JDBC_DRIVER_PATH\db2jcc_license_cisuz.jar
$ITIM_DB_JDBC_DRIVER_PATH\db2jcc_license_cu.jar
98
IBM Tivoli Identity Manager Server: Installation and Configuration Guide
To determine the value of $ITIM_DB_JDBC_DRIVER_PATH, click
Environment > WebSphere Variables
. Scroll through the list to locate the variable and confirm it is correct.
2.
Verify that the DB2 user ID and password are correct. Complete these steps: a.
Start the WebSphere administrative console.
http://
hostname
:
port
/ibm/console
The value of
hostname
is the fully qualified host name or the IP address of the computer on which the WebSphere Application Server is running. The value of
port
is the port number for the WebSphere administrative HTTP transport. The default value is 9060.
b.
Click
Resources > JDBC > Data Sources > ITIM Data Source
.
c.
Examine these fields to verify the correct values: v
Component-managed Authentication Alias
The value is itim-init
.
v
Container-managed Authentication Alias
The value is itim-init
.
d.
Under the Related Items category, click
JAAS - J2C authentication data
Examine the Alias list to ensure that an itim-init entry exists.
1) Click
itim-init
.
2) Verify that the value of the user ID field is identical to the Tivoli
Identity Manager Database User specified in
ITIM_HOME
\data\ enRole.properties file, for example, itimuser. Do not change this value.
3)
Note the password field. If you use this field to reset the password, ensure that the password value that you enter is identical to the value defined in the
ITIM_HOME
\data\enRoleDatabase.properties file.
3.
Ensure that other database settings are correct by checking the status of the
DB2 service listening port (typically 50000, 50002, or 60000) by using a utility such as netstat. The system etc directory contains a file called services which contains the actual port number being used. For more information, see
“Determining the correct service listening port and service name” on page 17.
4.
If DB2 is not listening on the port and you are using IPv6 and UNIX/Linux to connect to DB2, you might need to modify your /etc/hosts file. Complete these steps: a.
On the machine running IPv6, append these two lines to your /etc/hosts file:
IPv4_address hostname
IPv6_address hostname
For example, if the
hostname
is myhost
, the
IPv6_address
is
0000:ffff:ffff:0000:20e:cff:fe50:39c8 and the
IPv4_address
is
192.168.4.4
, then you need to append these two lines in the /etc/hosts file.
b.
Log in as the DB2 instance owner and restart the DB2 server by issuing the following commands: db2stop db2start c.
Ensure that DB2 is running on the IPv6 address by issuing the following command: netstat -an | grep db2port
For example, if the db2 is running on the port 50000, then you see the following line as the output:
Chapter 9. Verifying and troubleshooting the installation
99
tcp 0 0 :::50000 :::* LISTEN
Troubleshooting SQL Server 2005 issues
When the itim manager account logs in for the first time the user is typically prompted to change the password. This prompt might not work in case of SQL
Server 2005. In order to resolve this issue, complete these steps:
1.
After installing Tivoli Identity Manager, log in to the SQL Server 2005 host computer.
2.
Launch the Microsoft SQL Server Management Studio.
3.
Expand the SQL server in the object explorer.
4.
Expand
Databases
and move to the master database.
5.
Expand
Security > Schemas
.
6.
Right click
DBO
and click
Properties
7.
Click
Permissions
, click
Add
, and browse to add the required users.
8.
Grant all permissions to these required users and click
OK
.
9.
Restart the server, disconnect, and reconnect with user sa in mixed authentication mode.
Data Base Configuration is too restrictive for MS SQL Server
If Tivoli Identity Manager is configured with MSSQL Server 2005 as the Tivoli
Identity Manager database, you might receive the following message in trace.log
file. The error might occur the first time you access the Tivoli Identity Manager server after you perform the DBConfig operation javax.transaction.xa.XAException: java.sql.SQLException:
Failed to create the XA control connection.
Error: EXECUTE permission denied on object 'xp_sqljdbc_xa_init', database 'master', schema 'dbo'..
To resolve this issue, complete following steps:
Note:
In this task,
itimuser
is the database user configured for ITIM database, and
itimdb
is the name of the database configured for Tivoli Identity Manager.
1.
Stop the application server.
2.
Launch the Microsoft SQL Server Management Studio.
3.
Expand the SQL server in the object explorer.
4.
Expand Databases and delete
itimdb
.
5.
Delete the
itimuser
schema from master database: a.
Expand
Databases
>
System Databases
>
master
>
Security
>
Schemas
.
b.
Delete
itimuser
.
6.
Delete
itimuser
, ITIML000, ITIML001, and so forth login from
Security
>
Logins
.
7.
Create Database. SeeChapter 2, “Installing and configuring a database,” on page
8.
Perform
dbConfig
.
9.
Start the application server.
Note:
If name of the database or database user is changed, perform
runConfig
and restart the application server.
100
IBM Tivoli Identity Manager Server: Installation and Configuration Guide
Verifying that the directory server is properly running
Ensuring that the directory server is operational
This section describes the steps to ensure that the installed directory server for
Tivoli Identity Manager is running.
To determine whether the IBM Tivoli Directory Server is running, complete these steps: v On Windows systems, click
Start > Programs > Administrative Tools >
Services
. Locate the directory server entry, such as IBM Tivoli Directory Server
Instance V6.2 - ldapdb2
Ensure that the directory server service is started. If the service has not started, select it, and then select
Action > Start
from the main menu of the Services window.
v
On UNIX/Linux systems, ensure that the ibmslapd process is running. Enter this command: ps -ef | grep ibmslapd
The ps (process) command searches for processes. The grep command selects the processes that contain a string. The parameters in this example include:
-e
Select all processes.
-f
Display a full listing.
If the IBM Tivoli Directory Server is running, a process ID (PID) number is returned. If a PID number is not returned, the server must be restarted. First, stop the server: ibmslapd -I <instancename> -k
Restart the server: ibmslapd -I <instancename> v If the IBM Tivoli Directory Server is running, you must ensure that the IBM
Tivoli Directory Server is not in configuration mode only. Enter this command: ldapsearch -s base -b " " objectclass=* ibm-slapdisconfigurationmode
If the IBM Tivoli Directory Server is not in configuration mode, the value of the ibm-slapdisconfigurationmode parameter is FALSE. The ldapsearch command opens a connection to an LDAP server, binds, and performs a search. The -s parameter specifies the scope of the search to be base, one, or sub, which searches the base object, one level, or subtree. The -b parameter uses
searchbase
as the starting point for the search, instead of the default.
If problems continue, examine the ibmslapd.log file for messages that indicate whether the directory server is completely or partially started. The location of the log file depends on the IBM Tivoli Directory Server version:
Windows:
ITDS_INSTANCE_HOME
\logs\ibmslapd.log. For example, the file is in the
C:\idsslapd-ldapdb2\logs directory.
UNIX/Linux:
ITDS_INSTANCE_HOME
/etc/ibmslapd.log. On Linux, for example, the file is in the /home/ldapdb2/idsslapd-ldapdb2/etc/logs directory.
Checking the Web browser operation
This section describes potential problems associated with the Web browser.
Chapter 9. Verifying and troubleshooting the installation
101
Ensuring that the browser registers the Java plug-in
Tivoli Identity Manager uses applets that require the Java plug-in, which is provided by the Java 2 Runtime Environment, Standard Edition (JRE). The Java plug-in provides a connection between browsers and the Java platform, and enables applets to run within a browser. For more information about the version of the Java plug-in that Tivoli Identity Manager supports, refer to the
Tivoli Identity
Manager Information Center
.
If the Java plug-in is not installed on your system, or is not at a supported level, the browser prompts you to install the plug-in. For more information about these steps, refer to the
Tivoli Identity Manager Information Center
.
Microsoft Internet Explorer: Enabling active scripting
For Microsoft Internet Explorer, ensure that the Active Scripting item is enabled in the Scripting section of the Internet Options. Complete these steps:
1.
Click
Tools > Internet Options
on the main menu.
2.
On the Security tab, click the
Internet
icon, and then click the
Custom Level
button.
3.
In the Scripting, Active Scripting area, select
Enable
.
4.
Click
OK
.
5.
In the Internet Options window, click
OK
.
Using a supported browser
You might not be able to log on to Tivoli Identity Manager for various reasons. For example, you could be using an unsupported Web browser. For a list of supported browsers, refer to the
Tivoli Identity Manager Information Center
.
Avoiding two Web browser sessions on the same computer
Do not start two separate browser sessions from the same client computer. The two sessions are regarded as one session ID, which causes problems with data.
Troubleshooting Tivoli Identity Manager within WebSphere Application
Server
The Tivoli Identity Manager application runs within the WebSphere Application
Server as an enterprise application. The Tivoli Identity Manager installation program uses the WebSphere command-line interface (wsadmin) to deploy the
Tivoli Identity Manager application onto the WebSphere Application Server.
Deploying the Tivoli Identity Manager application also performs certain configuration steps on the WebSphere Application Server.
When the deployment completes, the Tivoli Identity Manager files are in these directories: v
WAS_PROFILE_HOME
\installedApps\
cellname
\ITIM.ear
v
WAS_PROFILE_HOME
\config\cells\
cellname
\applications\ITIM.ear
If the deployment fails, check the installation log files under
ITIM_HOME
\ install_logs\ starting with the itim_install_activity.log, and examine the setupEnrole.stdout log file.
102
IBM Tivoli Identity Manager Server: Installation and Configuration Guide
Correcting connection scripting errors
If the log data indicates a failure to establish a SOAP connection to the WebSphere
Application Server configuration manager, or some type of WebSphere Application
Server scripting error, complete these steps:
1.
Resolve the problem that prevents the connection to the WebSphere Application
Server or the problem described as a scripting error. For more information, refer to the WebSphere documentation.
2.
Run one of the following commands to deploy the Tivoli Identity Manager
Server onto the WebSphere Application Server: v
If WebSphere administrative security and application security is on, run this command (this command is one line):
ITIM_HOME
\bin\setupEnrole.exe install server:
name
user:
user_id
password:
pwd
ejbuser:
ejb_user_id
The value of
server_name
is the name of the WebSphere Application Server on which the Tivoli Identity Manager application is deployed. The value of
user_id
is the WebSphere administrator user ID, such as wasadmin
. The value of
pwd
is the password for the WebSphere administrator user ID, such as wasadmin
. The value of
ejb_user_id
is the Tivoli Identity Manager EJB user ID, which uses the WebSphere Application Server administrator user ID by default.
v If WebSphere administrative security and application security is off, enter this command:
ITIM_HOME
\bin\setupEnrole.exe install server:
name
Correcting timeout errors
If the log data indicates that the failure is due to a timeout error, continue the
Tivoli Identity Manager installation process.
If the Tivoli Identity Manager installation program has completed, delete the following directories if they exist: v
WAS_PROFILE_HOME
\installedApps\
cellname
\ITIM.ear
v
WAS_PROFILE_HOME
\config\cells\
cellname
\applications\ITIM.ear
Run one of the following commands to deploy the Tivoli Identity Manager Server onto the WebSphere Application Server: v
If WebSphere administrative security and application security is on, run this command:
– Windows operating systems:
ITIM_HOME
\bin\setupEnrole.exe install server:
name
user:
user_id
password:
pwd
ejbuser:
ejb_user_id
– UNIX or Linux operating systems:
ITIM_HOME
/bin/setupEnrole.sh install server:
name
user:
user_id
password:
pwd
ejbuser:
ejb_user_id
The value of
server_name
is the name of the WebSphere Application Server on which the Tivoli Identity Manager application is deployed. The value of
user_id
is the WebSphere administrator user ID, such as wasadmin
. The value of
pwd
is the password for the WebSphere administrator user ID, such as wasadmin
. The value of
ejb_user_id
is the Tivoli Identity Manager EJB user ID, which uses the
WebSphere Application Server administrator user ID by default.
v
If WebSphere administrative security and application security is off, enter this command:
– Windows operating systems:
Chapter 9. Verifying and troubleshooting the installation
103
Log files
ITIM_HOME
\bin\setupEnrole.exe install
server:name
– UNIX or Linux operating systems:
ITIM_HOME
/bin/setupEnrole.sh install
server:name
Determining the port number of the default host
If you have multiple instances of WebSphere Application Server running on the same computer, the port number might be a different value. To determine the port number of the default host, complete these steps:
1.
Log in to the WebSphere Application Server administrative interface.
2.
Click
Server > Application servers
.
3.
Click the server which hosts the Tivoli Identity Manager application cluster member.
4.
Under the Communications section, click the
Ports
link.
5.
Find the port number listed next to the WC_defaulthost port name. This port number is the one used to connect to Tivoli Identity Manager.
When the system configuration is complete, you can find the log files in Table 5 in
the directories specified.
Table 5. Installation log file names and directories
File names
log.txt
Description and location
Installation log file for WebSphere
Application Server.
v itim_install.stdout
v itim_install.stderr
Located in the system temp directory.
Standard out and error log files for Tivoli
Identity Manager.
Located in the system root directory.
Located in the
ITIM_HOME
\install_logs directory.
v dbConfig.stdout
v ldapConfig.stdout
v itim_installer_debug.txt
v runConfigFirstTime.stdout
v runConfig.stdout
v setupEnrole.stdout
v StartStopWas.stdout
v itim_install_activity.log
trace.log
msg.log
cfg_itim_mw.log
Located in the
TIVOLI_COMMON_DIRECTORY
\
CTGIM\logs\ directory.
The Tivoli Common Directory is the central location for all serviceability-related files, such as log files and first-failure capture data.
Located in the System %TEMP% directory.
The middleware configuration utility log file.
104
IBM Tivoli Identity Manager Server: Installation and Configuration Guide
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
advertisement
Table of contents
- 5 Contents
- 9 Preface
- 9 Who should read this book
- 9 Publications and related information
- 9 Tivoli Identity Manager library
- 11 Prerequisite product publications
- 12 Related publications
- 12 Accessing publications online
- 13 Accessibility
- 13 Support information
- 13 Conventions used in this book
- 13 Typeface conventions
- 14 Definitions for HOME and other directory variables
- 16 Operating system differences
- 17 Chapter 1. Overview of the Tivoli Identity Manager environment
- 17 Tivoli Identity Manager components
- 17 Database server products
- 18 Directory server products
- 18 IBM Tivoli Directory Integrator
- 19 WebSphere Application Server
- 19 An HTTP server and WebSphere Web Server plug-in
- 19 Tivoli Identity Manager Server
- 19 Tivoli Identity Manager adapters
- 20 Configuration options
- 20 Single-server configuration
- 20 Cluster configuration
- 21 Overview of the installation
- 22 Planning activities for deployments at large sites
- 25 Chapter 2. Installing and configuring a database
- 25 Before you install the database product
- 26 Installing and configuring IBM DB2 Database
- 26 Recording user data
- 26 Recording user names and passwords on UNIX and Linux systems
- 27 Recording user names and passwords on Windows systems
- 27 Verifying the installation
- 28 Installing the required fix packs
- 28 Configuring IBM DB2 Database
- 29 Running the middleware configuration utility
- 31 Configuring DB2 silently
- 31 Manually configuring the DB2 server
- 33 Determining the correct service listening port and service name
- 34 Tuning the DB2 Database for performance
- 34 Configuring TCP KeepAlive settings
- 34 Changing the DB2 application heap size
- 34 Installing and configuring the Oracle database
- 35 Before you create a database
- 35 Multiple instances of Tivoli Identity Manager with an Oracle Database server
- 36 Installing the Oracle database server
- 36 Configuring the init.ora file
- 37 Setting environment variables
- 37 Backing up an existing database
- 37 Installing the Oracle JDBC driver
- 37 Creating the Tivoli Identity Manager database
- 39 Tuning the Oracle database for performance
- 39 Enabling XA recovery operations
- 39 Configuring TCP KeepAlive settings
- 39 Starting the Oracle product and the listener service
- 40 Installing and configuring SQL Server 2005 on the Windows operating system
- 40 Preparing to install SQL Server 2005
- 40 Installing SQL Server 2005
- 41 Configuring SQL Server 2005
- 41 Configuring SQL Server 2005 for XA transactions
- 41 Installing the SQL Server JDBC driver
- 41 Verify the security configuration for SQL Server 2005
- 41 Creating the Tivoli Identity Manager database
- 43 Chapter 3. Installing and configuring a directory server
- 43 Before you install the directory server product
- 43 Installing and configuring IBM Tivoli Directory Server
- 43 Installing IBM Tivoli Directory Server
- 44 Installing the required fix packs
- 45 Configuring IBM Tivoli Directory Server
- 45 Running the middleware configuration utility
- 47 Configuring IBM Tivoli Directory Server silently
- 48 Verifying successful suffix object configuration
- 48 Manually configuring the referential integrity plug-in on the IBM Tivoli Directory Server
- 51 Manually tuning the IBM Tivoli Directory Server database
- 52 Sun Enterprise Directory Server
- 52 Installing Sun Enterprise Directory Server
- 52 Configuring Sun Enterprise Directory Server
- 55 Chapter 4. Optionally installing IBM Tivoli Directory Integrator
- 55 Before you install the directory integrator product
- 55 Installing IBM Tivoli Directory Integrator
- 55 Installing IBM Tivoli Directory Integrator
- 55 Installing the required fix packs
- 56 Installing agentless adapters
- 57 Chapter 5. Installing and configuring WebSphere Application Server
- 57 Before you install WebSphere Application Server
- 57 Installing the WebSphere Application Server product
- 58 Installing WebSphere Application Server in a single-server environment
- 59 Installing WebSphere Application Server in a cluster environment
- 60 Install the WebSphere Application Server deployment manager
- 61 Install the WebSphere Application Server product on each node member
- 62 Manually federate a WebSphere Application Server node member
- 62 Verify the federation of nodes within the cell
- 63 Create the WebSphere clusters for the Tivoli Identity Manager application
- 63 Optionally installing and configuring IBM HTTP Server and WebSphere Web Server plug-in
- 64 Change TCP KeepAlive settings on WebSphere Application Server
- 64 Tuning WebSphere Application Server for performance
- 64 Disable Performance Monitoring Infrastructure (PMI) tracking
- 67 Chapter 6. Installing Tivoli Identity Manager
- 67 Installing Tivoli Identity Manager in a single-server configuration
- 67 Before you begin
- 68 Starting the installation wizard
- 69 Completing the installation wizard pages
- 71 Responding to major installation actions
- 75 Verifying that the Tivoli Identity Manager Server is operational
- 76 Installing Tivoli Identity Manager in a cluster configuration
- 76 Before you begin
- 78 Overview of the installation program in a cluster configuration
- 78 Starting the installation wizard
- 79 Completing the installation wizard pages
- 82 Responding to major installation actions
- 85 Starting clusters
- 86 Verifying that the Tivoli Identity Manager Server is operational
- 87 Optional post-installation tasks
- 87 Optionally installing a language pack
- 88 Optionally installing adapter profiles
- 89 Changing cluster configurations after Tivoli Identity Manager is installed
- 89 Expanding a cluster using a new computer
- 89 Removing cluster members
- 91 Chapter 7. Configuring the Tivoli Identity Manager Server
- 91 Configuring the Tivoli Identity Manager database
- 91 Completing the database configuration windows
- 92 Manually starting the DBConfig database configuration tool
- 92 Configuring the directory server
- 93 Completing the directory server configuration windows
- 93 Manually running the ldapConfig configuration tool
- 93 Configuring commonly used system properties
- 94 General tab
- 95 Directory tab
- 95 Database tab
- 96 Logging tab
- 96 Mail tab
- 97 UI tab
- 98 Security tab
- 98 Manually starting the system configuration tool
- 99 Manually installing agentless adapters and adapter profiles
- 99 Installing agentless adapters
- 99 Installing agentless adapter profiles
- 100 Modifying system properties during normal operation
- 101 Modifying system properties with the system configuration tool
- 101 Modifying system properties manually
- 101 Modifying system properties with the Tivoli Identity Manager GUI
- 103 Chapter 8. Performing a silent installation and configuration of Tivoli Identity Manager
- 104 Before you begin
- 104 Performing a silent installation in a single-server environment
- 105 Performing a silent installation in a cluster environment
- 108 Configuring the database silently
- 108 Configuring the directory server silently
- 108 Configuring the system silently in a single-server environment
- 109 Configuring the system silently in a cluster environment
- 111 Chapter 9. Verifying and troubleshooting the installation
- 111 Correcting problems with starting the installation
- 111 Tivoli Identity Manager configuration errors
- 112 Verifying the installation
- 112 Ensuring that the WebSphere Application Server is running
- 112 Verifying that the Tivoli Identity Manager Server is running
- 113 Checking the Tivoli Identity Manager bus and messaging engine
- 114 Verifying that the database is running correctly
- 114 Testing the database connection
- 116 Troubleshooting SQL Server 2005 issues
- 116 Data Base Configuration is too restrictive for MS SQL Server
- 117 Verifying that the directory server is properly running
- 117 Ensuring that the directory server is operational
- 117 Checking the Web browser operation
- 118 Ensuring that the browser registers the Java plug-in
- 118 Microsoft Internet Explorer: Enabling active scripting
- 118 Using a supported browser
- 118 Avoiding two Web browser sessions on the same computer
- 118 Troubleshooting Tivoli Identity Manager within WebSphere Application Server
- 119 Correcting connection scripting errors
- 119 Correcting timeout errors
- 120 Determining the port number of the default host
- 120 Log files
- 121 Chapter 10. Upgrading to Tivoli Identity Manager Version 5.1
- 121 Description of the upgrade process
- 122 Processes and settings that the upgrade process preserves
- 123 Processes and settings that are not preserved, or require manual upgrade
- 124 Before you begin
- 126 Upgrading from Tivoli Identity Manager Version 4.6 or 5.0 to Version 5.1 or Version 5.1 on Websphere Application Server 6.1 t
- 126 Upgrading a single-server configuration
- 129 Upgrading a cluster configuration
- 132 Clearing the service integration bus
- 132 Determining that the WebSphere MQ message queue is empty
- 133 Preserving customized data manually
- 133 Manually applying Java security
- 133 Customizing logos and style sheets
- 133 Preserving WebSphere Application Server customizations
- 134 Migrating notification templates
- 135 Updating XML Text Template Language (XTTL) contents
- 138 Updating notification template style
- 139 Manually upgrading the access control items
- 139 Configuring Crystal
- 141 Chapter 11. Uninstalling Tivoli Identity Manager
- 141 What is not removed
- 141 Before you begin
- 142 Steps to uninstall Tivoli Identity Manager
- 142 Verifying that the Tivoli Identity Manager Server is uninstalled
- 142 Manually removing components
- 142 Manually removing the Tivoli Identity Manager Server from the WebSphere Application Server
- 143 Stopping and removing the Tivoli Identity Manager messaging engine
- 143 Removing other Tivoli Identity Manager configuration settings from the WebSphere Application Server
- 144 Removing the JDBC providers and data sources.
- 144 Removing the JMS queue connection factories, queues, and activation specifications.
- 144 Removing object cache instances
- 145 Removing security settings
- 145 Removing core group policies (cluster environments only)
- 145 Removing shared libraries
- 145 Removing the JVM classpath
- 146 Removing WebSphere variables
- 146 Manually removing other files or directories
- 146 Reinstalling Tivoli Identity Manager
- 146 Ensuring that Tivoli Identity Manager objects are removed from the Sun Enterprise Directory Server
- 147 Appendix A. Mapping Tivoli Identity Manager application modules to IBM HTTP Server
- 149 Appendix B. Configuring security for Tivoli Identity Manager
- 149 Configuring security for the directory server
- 149 Configuring SSL for IBM Tivoli Directory Server
- 149 Configuring SSL for Sun Enterprise Directory Server
- 149 Configuring the SSL client to trust the LDAP server certificate
- 150 Installing the self-signed certificate in the JSSE truststore
- 150 Configuring Tivoli Identity Manager to use SSL when communicating with the LDAP server
- 151 Defining the truststore and password as a custom property on the JVM
- 151 Running ldapConfig and runConfig with SSL
- 152 Running Fix pack installation or upgrading from previous versions with SSL configured between Tivoli Identity Manager and LDA
- 152 Running the utilities that access the LDAP server with SSL
- 153 Configuring security for WebSphere Application Server
- 153 Mapping an administrative user to a role
- 154 Updating the system user and the EJB user
- 154 Enabling Java 2 security by creating and modifying policy files
- 154 Creating the library.policy file to enable Java 2 security
- 155 Ensuring that the was.policy file exists
- 155 Running Java 2 security on single-node deployments
- 155 Running Java 2 security on multi-node deployments
- 155 Synchronizing the nodes in the cell
- 155 Increasing the timeout interval
- 156 Enabling FIPS compliance for WebSphere Application Server
- 157 Running the cipher migration tool
- 159 Appendix C. Installation images and fix packs
- 159 Installation images
- 159 Setting the SOAP timeout interval before installing fix packs
- 159 Obtaining fix packs
- 161 Appendix D. Worksheets
- 167 Appendix E. Notices
- 168 Trademarks
- 171 Glossary
- 177 Index
- 177 Special characters
- 177 Numerics
- 177 A
- 177 B
- 177 C
- 178 D
- 180 E
- 180 F
- 180 G
- 180 H
- 180 I
- 181 J
- 181 K
- 181 L
- 182 M
- 182 N
- 182 O
- 182 P
- 184 Q
- 184 R
- 184 S
- 185 T
- 185 U
- 186 V
- 186 W