Identity Management

Monday, May 4, 2009

Deployment Identity Manager 8.1

Click on the following link !

*** Deployment Identity Manager 8.1***

Wednesday, March 18, 2009

Directory Server Enterprise Edition upgrade from 6.2 to 6.3.1 - OpenSolaris 2008.11

first backup(using ZFS snapshot for example)

stop cacao

-bash-3.00# cacaoadm stop

stop web console

-bash-3.00# smcwebserver stop

stop the DS instances

for example :

-bash-3.00# /var/opt/SUNWdseeInstances/DS62/stop-slapd

apply the patch

My DSEE is running in a zone and is located in /opt/SUNWdsee.
It is not very clear in the doc as they reference /local.

To Upgrade Directory Server Enterprise Edition to 6.3.1 Using ZIP Distribution

If you enter the wrong dierctory, you will end up with 2 versions of the software ! A 6.2 and a 6.3. It is not a big problem but your instances will not be upgraded !

-bash-3.00# pwd
/root/126749-05(extract the files)

This is the patch for X86.

-bash-3.00# ./dsee_deploy install -i /opt/SUNWdsee

Do you accept the license terms ? : yes
Check availability of port 11162
Checking running Directory Server instances
Checking running Directory Proxy Server instances
Unzipping sun-ldap-base.zip ...
Unzipping sun-ldap-dsrk6.zip ...
Unzipping sun-ldap-dsrk-man.zip ...
Unzipping sun-ldapcsdk-tools.zip ...
Unzipping sun-ldapcsdk-dev.zip ...
Unzipping sun-ldap-ljdk.zip ...
Unzipping sun-ldap-jre.zip ...
Unzipping sun-ldap-shared.zip ...
Unzipping sun-ldap-shared-l10n.zip ...
Unzipping sun-ldap-directory.zip ...
Unzipping sun-ldap-directory-l10n.zip ...
Unzipping sun-ldap-directory-config.zip ...
Unzipping sun-ldap-directory-man.zip ...
Unzipping sun-ldap-directory-dev.zip ...
Unzipping sun-ldap-mfwk.zip ...
Unzipping sun-ldap-cacao.zip ...
Unzipping sun-ldap-console-agent.zip ...
Unzipping sun-ldap-console-cli.zip ...
Unzipping sun-ldap-console-common.zip ...
Unzipping sun-ldap-console-var.zip ...
Unzipping sun-ldap-jdmk.zip ...
Unzipping sun-ldap-directory-client.zip ...
Unzipping sun-ldap-directory-client-l10n.zip ...
Unzipping sun-ldap-proxy.zip ...
Unzipping sun-ldap-proxy-l10n.zip ...
Unzipping sun-ldap-proxy-man.zip ...
Unzipping sun-ldap-proxy-client.zip ...
Unzipping sun-ldap-proxy-client-l10n.zip ...
Unzipping sun-ldap-console-gui.zip ...
Unzipping sun-ldap-console-gui-help.zip ...
Unzipping sun-ldap-console-gui-l10n.zip ...
Unzipping sun-ldap-console-gui-help-l10n.zip ...
Creating WAR file for Console

Configuring Cacao at /opt/SUNWdsee/dsee6/cacao_2
Setting Cacao parameter jdmk-home with default value [/opt/SUNWdsee/dsee6/private]
Setting Cacao parameter java-home with default value [/opt/SUNWdsee/jre]
Setting Cacao parameter nss-lib-home with default value [/opt/SUNWdsee/dsee6/private/lib]
Setting Cacao parameter nss-tools-home with default value [/opt/SUNWdsee/dsee6/bin]
Registering DSCC agent into cacao
Starting Cacao if necessary
Registering JESMF agent into Cacao
Making a copy of dsee_deploy
Making a copy of listrunnings
You can now start your Directory Server Instances
You can now start your Directory Proxy Server Instances

restart the services.

-bash-3.00# smcwebserver status
Sun Java(TM) Web Console is stopped

-bash-3.00# cacaoadm status
default instance is DISABLED at system startup.
default instance is not running.

-bash-3.00# cacaoadm start
Error when trying to start SMF service: [svc:/application/management/common-agent-container-1:default].
Please check the SMF log file for more information: [/var/svc/log/application-management-common-agent-container-1:default.log].

This problem was solved rebooting the zone !

-bash-3.00# reboot
Connection to europortal.vegworld.org closed by remote host.
Connection to europortal.vegworld.org closed.

rudy:~$ ssh -l root -X europortal.vegworld.org
Password:
Last login: Wed Mar 18 17:13:15 2009 from 192.168.1.100
Sun Microsystems Inc. SunOS 5.10 Generic January 2005

-bash-3.00# cacaoadm start
-bash-3.00# smcwebserver start
Starting Sun Java(TM) Web Console Version 3.1 ...
The console is running

start DSEE instance(s)

-bash-3.00# /var/opt/SUNWdseeInstances/DS62/start-slapd

-bash-3.00# more /var/opt/SUNWdseeInstances/DS62/logs/errors

BEFORE

[18/Mar/2009:16:37:43 +0100] - Sun-Java(tm)-System-Directory/6.2 B2007.192.2248
(32-bit) starting up

AFTER

[18/Mar/2009:17:16:43 +0100] - Sun-Java(tm)-System-Directory/6.3.1 B2008.1121.05
30 (32-bit) starting up

-Rudy-

Friday, February 27, 2009

Using IDM 8.0 - part 5 - Administering Identity Manager

This is a screenshot of http://identity-manager-80.catalogne.org:8080/idm/login.jsp

Using IDM 8.0 - part 4 - Documentation

IDM_Release_Notes_8-0.pdf
IDM_Resource_Reference_8-0.pdf
IDM_SPE_Deployment_8-0.pdf
IDM_Technical_Deployment_Overview_8-0.pdf
IDM_Administration_8-0.pdf
IDM_Tuning_Troubleshooting_8-0.pdf
IDM_DeploymentTools_8-0.pdf
IDM_Upgrade_8-0.pdf
IDM_Installation_8-0.pdf
IDM_Workflows_Forms_Views_8-0.pdf

You can get the doc in the same location that the software(sun.com).

Using IDM 8.0 - part 3 - Software

Identity Manager 8.0

IDM_8_0_0_0.zip

MySQL 5 (on OpenSolaris 2008.11)

mysql-5.1.31-solaris10-i386.tar

Apache Tomcat 6

apache-tomcat-6.0.18.zip

Java Activation Framework

jaf-1_0_2-upd2.zip
and more specifically activation.jar to be copied into /opt/apache-tomcat-6.0.18/webapps/idm/WEB-INF/lib

Java Mail

javamail-1_4_1.zip
and more specifically mail.jar to be copied into /opt/apache-tomcat-6.0.18/webapps/idm/WEB-INF/lib

Open Message Queue

mq4_3-installer-SunOS_X86.zip
and more specifically jms.jar to be copied into /opt/apache-tomcat-6.0.18/webapps/idm/WEB-INF/lib

MySQL jdbc driver

mysql-connector-java-5.1.6-bin.jar to be copied into /opt/apache-tomcat-6.0.18/webapps/idm/WEB-INF/lib

The 4 jars(activation.jar, mail.jar, jms.jar and mysql-connector-java-5.1.6-bin.jar) were archived for later use.

Using IDM 8.0 - part 2 - Displaying the waveset database

Displaying the contents of waveset

Using IDM 8.0 - part 1 - Starting and Stopping MySQL and Tomcat

Starting MySQL

root@identity-manager-80:~# cd /opt/mysql-5.1.31
root@identity-manager-80:/opt/mysql-5.1.31# bin/mysqld_safe --user=mysql
090227 15:22:19 mysqld_safe Logging to '/opt/mysql-5.1.31/data/identity-manager-80.err'.
090227 15:22:19 mysqld_safe Starting mysqld daemon with databases from /opt/mysql-5.1.31/data

Comment(s) :

It seems not possible to start mysql
with /opt/mysql-5.1.31/bin/mysqld_safe --user=mysql
a cd is necessary in /opt/mysql-5.1.31
or maybe using a environment variable ?

Starting Identity Manager(Tomcat)

-Edit catalina.sh and and define the JAVA_HOME environment variable or define the variable into your environment.
JAVA_HOME=/usr/jdk/latest

root@identity-manager-80:~# /opt/apache-tomcat-6.0.18/bin/catalina.sh run
Using CATALINA_BASE: /opt/apache-tomcat-6.0.18
Using CATALINA_HOME: /opt/apache-tomcat-6.0.18
Using CATALINA_TMPDIR: /opt/apache-tomcat-6.0.18/temp
Using JRE_HOME: /usr/jdk/latest
Feb 26, 2009 1:39:11 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/jdk/instances/jdk1.6.0_12/jre/lib/i386/server:/usr/jdk/instances/jdk1.6.0_12/jre/lib/i386:/usr/jdk/instances/jdk1.6.0_12/jre/../lib/i386:/usr/jdk/packages/lib/i386:/lib:/usr/lib
Feb 26, 2009 1:39:11 PM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Feb 26, 2009 1:39:11 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 637 ms
Feb 26, 2009 1:39:11 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Feb 26, 2009 1:39:11 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.18
Feb 26, 2009 1:39:12 PM org.apache.catalina.loader.WebappClassLoader validateJarFile
INFO: validateJarFile(/opt/apache-tomcat-6.0.18/webapps/idm/WEB-INF/lib/j2ee.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class
Constructing Startup Servlet...
Initializing Startup Servlet...
Defining system properties...
StartupServlet: programmatically derived waveset.home=file:/opt/apache-tomcat-6.0.18/webapps/idm/
StartupServlet: Defining properties from web.xml
Starting: Identity Server...
...Finished starting Startup Servlet
Feb 26, 2009 1:39:18 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Feb 26, 2009 1:39:18 PM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Feb 26, 2009 1:39:18 PM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/12 config=null
Feb 26, 2009 1:39:18 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 7312 ms

Stopping MySQL

root@identity-manager-80:~# cd /opt/mysql-5.1.31/
root@identity-manager-80:/opt/mysql-5.1.31# bin/mysqladmin -u root shutdown

Stopping Tomcat

root@identity-manager-80:~# /opt/apache-tomcat-6.0.18/bin/shutdown.sh
Using CATALINA_BASE: /opt/apache-tomcat-6.0.18
Using CATALINA_HOME: /opt/apache-tomcat-6.0.18
Using CATALINA_TMPDIR: /opt/apache-tomcat-6.0.18/temp
Using JRE_HOME: /usr/jdk/latest

What does happen if mysql is not running ?

Identity Manager does not work at all(of course !)
Starting: Identity Server...
com.waveset.util.ConfigurationError:
==> com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure

Last packet sent to the server was 0 ms ago.
...
...
...

URLs to access Identity Manager :

http://identity-manager-80.catalogne.org:8080/idm/login.jsp
http://identity-manager-80.catalogne.org:8080/idm/user/login.jsp

*configurator/configurator*---renamed to config
config/secret---don't use it
*administrator/administrator*---renamed to admin
admin/secret---don't use it

users to be used(for security reason)
myconfig/password
myadmin/password

Two new users were created. myconfig and myadmin and the original configurator and administrator were renamed to config and admin. The password of config and admin were changed.