Novell Identity Manager Personal Lab
I often find myself in need of an isolated Identity Management solution for development and/or testing purposes. I have built a number of solutions for this over the years but the one I describe here is my favorite to date. This document is not intended to be a step by step build document but rather a high level guide for building your own isolated environment.
When I’m not pursuing trout I often find myself in need of an isolated Identity Management solution for development and/or testing purposes. I have built a number of solutions for this over the years but the one I describe here is my favorite to date. This document is not intended to be a step by step build document but rather a high level guide for building your own isolated environment.
The products I am using in this solution are as follows:
Novell eDirectory 8.8.3
Novell Identity Manager 3.6.1
Novell Identity Manager 3.6.1 User Application w/ Provisioning
Novell SUSE Linux Enterprise Server 10 SP2
I’m a Mac guy so I stated by installing VMWare Fusion on my MacBook Pro. I allocated 1GB of RAM to the virtual machine and I did a base install of SUSE Linux Enterprise Server 10 SP2 (SLES). I have found that the solution runs well enough in 1GB of RAM. After installing SLES the next step will be to install Novell eDirectory. eDirectory can be installed as root or non-root. I chose to install it as root for this solution. It just makes things easier. If you choose you may install the solution as non-root as well. eDirectory will install it’s files under /opt/novell/eDirectory. Once you have completed the installation you will need to configure an instance. I prefer to use the ndsmanage utility for this. It’s located at /opt/novell/eDirectory/bin/ndsmanage. I do not place my instances under the /opt/novell directory. I normally create a new location such as /edir to place my eDirectory instances. For this solution I configure two eDirectory instances. I configure mine as follows:
SFBIDV /etc/sfbidv/sfbidv.conf NCP port 524 LDAP port 389 & 636 HTTP port 8028 HTTPS port 8030
SFBLDAP /etc/sfbldap/sfbldap.conf NCP port 525 LDAP port 390 & 637 HTTP port 8029 HTTPS port 8031
Only the first instance of eDirectory will start automatically upon reboot of the server. It is started with the /etc/init.d/ndsd script. You can configure the second instance to behave the same by following a number of TIDs on Novell’s website or you can do it manually with the ndsmanage utility. Remember if you installed as root you must be logged in as root to start and stop the instances. This is easily done with a sudo statement. Also I do install iManager on the server as well. It runs on ports 8080 and 8443 on Tomcat.
You’ll want to setup a tree structure for each of the trees. I typically work with something like the following:
After you have installed eDirectory the next step is to install Novell Identity Manager into each of the new trees. I configure driverset objects under the ou=idm,ou=services,o=sfb container. I don’t partition the driverset separately for this solution. I like to configure an eDirectory to eDirectory driver to communicate between the two trees. This is easily done by crossing the ports on the drivers. When configuring the drivers I set the up as follows <ip address>:8196:8197 on one side and <ip address>:8197:8196 on the other. This will allow the two drivers involved in an eDir to eDir connection to communicate with each other on the same TCP/IP address.
I also go ahead and configure the UserApplication driver at this time. You can install this on either tree, you’ll only need one. I normally install it against the IDV. In addition to the UserApplication driver I also like to install a Entitlements Service Driver, a WorkOrder driver, and maybe a loopback driver. When I install the User Application I configure a MySQL instance on the server. I also like to configure a separate database on the MySQL server and install a JDBC driver in the IDV to communicate with the database. But I don’t install that driver until after I setup the database.
Next you may wish to install the Novell Identity Manager User Application. I typically install MySQL before I run the UserApp install (the UserApp installation has a MySQL installation with it). I configure UserApp to use MySQL and JBoss. You will want to change the ports that JBoss is listening on since it will conflict with the Tomcat server that is already running on the server (you can also configure Tomcat differently if you wish). I run JBoss on 8081 and 8444.
In addition to these components I will sometimes setup an Apache server where I can create a little website that uses PHP to front my MySQL database that I have my IDM driver configured to communicate with. I do this just because I can and it makes the solution a little “slicker.” You can also just use SQuirreL to insert and modify records in the database. I run SQuirreL on my Mac and just login to the MySQL database from my Mac instead of running it inside of the VM.
That’s basically it. You can add additional components if you wish but I have found that this gives me the components I need to test out a number of scenarios in a controlled environment. Hopefully you will find it as useful an environment as I have. Good luck and happy provisioning.