Symantec Identity Manager - Linux Install Guide
search cancel

Symantec Identity Manager - Linux Install Guide

book

Article ID: 33190

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

This guide will assist you in properly installing CA Identity Manager (IDM) on Linux Operating Systems.

 

Environment

Component: Identity Manager 14.X

Resolution

Instructions: 


IDM 14.3 related link
IDM 14.4 related link:

     NOTE: You can use newer versions of the packages.
     NOTE: If you wish to use Provisioning Manager, you will need to download CA IdentityMinder 14.x Server components for Windows and install Provisioning Manager on a Windows OS.

 

  • Login into the system as root
  • Make sure /tmp filesystem is not mounted with noexec flag

  • Prior to running each of the installers, execute the following commands:
    • mv /dev/random /dev/random.orig
    • ln -s /dev/urandom /dev/random
    • chkconfig iptables off
    • service iptables stop
    • vi /etc/selinux/config
      • SELINUX=permissive
    • setenforce 0

  • Install CA Directory
    • Install required prerequisite packages
      • yum install tcsh
    • Create CA Directory User Store (Only use this step if your User store will be CA Directory) (EXAMPLE ONLY)
      • Get a copy of NeteAuto.ldif from the Identity Manager samples and upload it to the "Your Own Path" directory
      • su - dsa
      • dxnewdsa mydsa 11389 dc=security,dc=com
      • dxserver stop mydsa
      • dxloaddb mydsa "Your Own Path"/NeteAuto.ldif
      • dxserver start mydsa
      • dxserver status

    • Install Provisioning Directory
      • Install required prerequisite packages
        • yum install glibc.i686
        • yum install libXext.i686
        • yum install libXtst.i686
        • yum install ncurses-devel.i686
        • yum install ksh
  •  
      • Make a temporary directory, and download the IM 12.6/14.x installer (tar file) to that directory
      • tar -xvf GEN01140749E.tar
      • cd Provisioning/ProvisioningDirectory
      • ./setup -console
        • to get past the license agreement, hold down the enter key for a while, then enter "q" to quit, then enter "Y"
        • when prompted for the provisioning server host, enter:  yourHostName
        • Please configure your shared secret password (Save in a secure location, you will need this password in the future)

  • Configure SEMMNI parameter in kernel
    • vi /etc/sysctl.conf
    • Add the following at the end of the file:
      • kernel.sem = 250 32000 32 260
    • /sbin/sysctl -p

  • Install Provisioning Server
    • Install required prerequisite packages
      • yum install compat-libstdc++.i686
      • yum install libstdc++.i686
      • yum install libidn.i686
      • yum install libgcc.i686

    • From the temporary directory where you unzipped the IM 12.6.x/14.x installer:
      • cd Provisioning/ProvisioningServer
      • ./setup -console
        • to get past the license agreement, hold down the enter key for a while, then enter "q" to quit, then enter "Y"
        • when prompted for the directory server host, enter:  yourHostName
        • Please configure your shared secret password (Save in a secure location, you will need this password in the future)
        • for the username, enter:  etaadmin or your desired name (Save in a secure location, you will need this in the future)
        • for the connectors you  wish to select, enter: *
  • Install Connector Server
    • Install required prerequisite packages
      • yum install glibc.i686
      • yum install libX11.i686
      • yum install libxcb.i686
      • yum install libXtst.i686
      • yum install libXau.i686
      • yum install libXi.i686
      • yum install libXext.i686
      • yum install nss-softokn-freebl.i686
      • yum install libXmu.i686
      • yum install libXft.i686
      • yum install libXpm.i686
    • From the temporary directory where you unzipped the IM 12.6.x/14.x installer:
      • cd Provisioning/ConnectorServer
      • ./setup -console
        • to get past the license agreement, hold down the enter key for a while, then enter "q" to quit, then enter "Y"
        • when asked whether to register the connection to the provisioning server, enter "Y"
        • when prompted for the provisioning server host, enter:  yourHostName
        • for the username, enter: etaadmin or your desired name (Save in a secure location, you will need this in the future)
        • Please configure your shared secret password (Save in a secure location, you will need this password in the future)
  • 4016: IM Installation
    • Login as root
    • Configure /etc/hosts as needed
    • Install required prerequisite packages
        • yum install glibc.i686
        • yum install libXext.i686
        • yum install libXtst.i686
        • yum install ncurses-devel.i686
        • yum install ksh
    • JDK(example)
      • NOTE: JAVA 1.7u72 has a bug please avoid this version.
      • Download JDK 1.7u79 (jdk-7u79-linux-x64.tar.gz) to the /opt folder
        • 1.8.x depending on IDM version.
      • tar -xvf jdk-7u79-linux-x64.tar.gz
      • Upload Unlimited JCE Policy (UnlimitedJCEPolicyJDK7.zip) to the /opt folder
      • unzip UnlimitedJCEPolicyJDK7.zip
        • if using 1.8 you will need the corresponding JCE file
      • copy the two jar files to /opt/jdk1.7.0_71/jre/lib/security
    • JBOSS (example)
      • Upload JBoss EAP 6.4 (jboss-eap-6.4.0.zip) to the /opt folder
      • unzip jboss-eap-6.4.0.zip
    • Install IM Server (example)
      • From the temporary directory where you unzipped the IM 12.6/14.x installer:
        • ./ca-im-12.6.x-linux.bin -i console
          • to get past the license agreement, hold down the enter key, then enter "Y"
          • when prompted for which options to select enter:  1,3
          • when prompted for the app server, choose your application server, and enter the path to where application server is installed
          • when prompted for the jdk, select option 1, and enter the path to where the jdk is installed, including "/bin/java"
          • when prompted for the database, select either SLQ or Oracle, and enter the necessary parameters.
          • when prompted to enter a username enter: imadmin or your any admin account name of your choice (Save in a secure location, you will need this in the future)
          • Please configure your shared secret password (Save in a secure location, you will need this password in the future)
    • After installation completes:
      • Start up your application server and confirm functionality.

 

Additional Information:

Here is a list of common errors and resolutions:

  • EXEC(err): -bash: /src/CADirectory/dxserver/samples/impd-main/setup.sh: /bin/csh: bad interpreter: No such file or directory (When installing provisioning directory)  

Resolution: 

Confirm that you have installed csh / reinstall csh

 

  • Checking operating system...

    Checking kernel parameters for required minimum values...

    Cannot find version information for existing installation. Installation procedure aborted.

    Resolution: 

    Check your eCSinstall and confirm you are not experiencing any kernel value problems if not try removing the following file and reinstall.

    /etc/.ecspath

 

  • An earlier version of CA Identity Manager has been detected (12.6.5.0.386), but

    the Installer is unable to locate the installation files

    Please uninstall the previous version of CA Identity Manager and rerun.

    Resolution:

    In the path /var exists some hide files that you need to erase:

    .com.zerog.registry.xml and another file with the name : .CA_configuration_settings find and delete those.

 

  • Custom Action:

                              Status: ERROR

                              Additional Notes: ERROR - Command failed: Invoking Framework Installer

    Return Value: /tmp/498449.tmp/install_fw.sh: line 1: /home/nambiar/install/idm_install\Framework\iamfw.exe: No such file or directory

    Stdout: {2}

    Stderr: {3}

    Cause / Resolution:

    If you did not untar the file locally before and used winscp or filezilla to transfer the file the binary sometimes gets messed up. Please completely delete your install media, and execute tar -xvf IDM media.tar locally on the machine.

  • All below errrors:

    Execute Script/Batch file: Installing IAM Framework                          
    Status: ERROR                          
    Additional Notes: ERROR - Error while attempting to execute the installation script

    Custom Action:                          
    Status: ERROR                          
    Additional Notes: ERROR - Command failed: Invoking Framework Installer
    Return Value: For more details see log files under <user install dir>\IAM Suite\Identity Manager\install_config_info
    Stdout: {2}
    Stderr: {3}

    Execute Script/Batch file: SharedSecretEncrypt                          
    Status: ERROR                          
    Additional Notes: ERROR - Error while attempting to execute the installation script

    Execute Script/Batch file: Delete Temp Encryption tool from tools/JasperKeyGen Folder                          
    Status: ERROR                          
    Additional Notes: ERROR - Error while attempting to execute the installation script

    Execute Script/Batch file: Create log folder                          
    Status: ERROR                          
    Additional Notes: ERROR - Error while attempting to execute the installation script

    Resolution:

    Makre sure /tmp filesystem has no noexec flag set.
Powered by Wolken Software