IBM Tivoli Identity Manager: Novell Netware Agent Installation Guide

IBM Tivoli Identity Manager

Novell Netware Agent Installation GuideVersion 4.5.5

SC32-1158-03

��

Note:Before using this information and the product it supports, read the information in Appendix C, “Notices”, on page 43.

First Edition (August 2003)

This edition applies to version 4.5.0 of this agent and to all subsequent releases and modifications until otherwiseindicated in new editions.

© Copyright International Business Machines Corporation 2003. All rights reserved.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

Contents

Preface . . . . . . . . . . . . . . . vWho should read this book . . . . . . . . . vPublications . . . . . . . . . . . . . . v

Tivoli Identity Manager Agent library . . . . . vRelated publications . . . . . . . . . . . vAccessing publications online . . . . . . . vi

Accessibility . . . . . . . . . . . . . . viContacting software support . . . . . . . . . viConventions used in this book . . . . . . . . vi

Chapter 1. Overview . . . . . . . . . 1Basic Installation . . . . . . . . . . . . . 1Chapter Descriptions . . . . . . . . . . . 1

Chapter 2. Agent Installation . . . . . . 3Requirements . . . . . . . . . . . . . . 3Information Worksheet . . . . . . . . . . . 3

Step 1: Installing the Agent . . . . . . . . 4Step 2: Activating the Agent as a Service . . . . 4Step 3: Configuring the Agent . . . . . . . 4Step 4: Installing the Agent’s Certificate . . . . 4Step 5: Installing the Agent’s Profile . . . . . 4Step 6: Configuring the Agent for EventNotification. . . . . . . . . . . . . . 4Step 7: Configuring the Agent’s Forms. . . . . 4

Step 1: Installing the Agent . . . . . . . . . 4Step 2: Activating the Agent as a Service . . . . . 5Step 3: Configuring the Agent . . . . . . . . 6Step 4: Installing the Agent’s Certificate . . . . . 6Step 5: Installing the Agent’s Profile . . . . . . 6Step 6: Configuring the Agent for Event Notification 7Step 7: Configuring the Agent’s Forms. . . . . . 7

Chapter 3. Agent Profile Installation. . . 9Requirements . . . . . . . . . . . . . . 9Installing the Agent Profile . . . . . . . . . 9Verifying the Agent Profile is Installed . . . . . 10

Chapter 4. Agent ParametersModification . . . . . . . . . . . . 13Accessing the Agent Configuration Tool Main Menu 13Viewing Configuration Settings . . . . . . . . 14Changing Protocol Configuration Settings . . . . 14

Adding a Protocol . . . . . . . . . . . 15Removing a Protocol . . . . . . . . . . 15Configuring a Protocol . . . . . . . . . 15

Setting Event Notification . . . . . . . . . 17Setting Attributes to be Reconciled . . . . . 19Modifying an Event Notification Context . . . 20

Changing the Configuration Key . . . . . . . 21

Changing Activity Logging Settings . . . . . . 22Changing Registry Settings . . . . . . . . . 24

Modifying Non-encrypted Registry Settings . . 24Multi-instance Settings . . . . . . . . . 24

Changing Advanced Settings . . . . . . . . 25Viewing Statistics . . . . . . . . . . . . 26Accessing Help and Additional Options . . . . . 26

Chapter 5. Certificate Installation . . . 29Overview of SSL and Digital Certificates . . . . 29

Basic Configuration for Server-to-Agent SSL . . 30Clustered Tivoli Identity Manager Configuration 30

Accessing the Certificate Configuration Tool MainMenu . . . . . . . . . . . . . . . . 30Generating a Private Key and Certificate Request. . 32

Example of Certificate Request Script . . . . . 33Example of request.pem File. . . . . . . . 33

Installing the Certificate from a File . . . . . . 34Installing the Certificate and Key from a PKCS12File . . . . . . . . . . . . . . . . . 34Viewing Installed Certificates . . . . . . . . 34Viewing CA Certificates . . . . . . . . . . 34Installing a CA Certificate . . . . . . . . . 35Deleting a CA Certificate . . . . . . . . . . 35Viewing Registered Certificates . . . . . . . . 35Registering a Certificate . . . . . . . . . . 35Unregistering a Certificate . . . . . . . . . 36

Appendix A. Agent Variables . . . . . 37Variable Descriptions . . . . . . . . . . . 37Variables by Novell Netware Agent Actions . . . 39

System Login Add . . . . . . . . . . . 39System Login Change . . . . . . . . . . 39System Login Delete . . . . . . . . . . 40System Login Suspend . . . . . . . . . 40System Login Restore . . . . . . . . . . 40Reconciliation . . . . . . . . . . . . 40

Appendix B. Additional InstallationOptions . . . . . . . . . . . . . . 41Installation Options. . . . . . . . . . . . 41

Batch File Option . . . . . . . . . . . 41Console Option . . . . . . . . . . . . 41Setup Arguments . . . . . . . . . . . 41

Agent Removal . . . . . . . . . . . . . 41

Appendix C. Notices . . . . . . . . . 43Trademarks . . . . . . . . . . . . . . 44

Index . . . . . . . . . . . . . . . 47

© Copyright IBM Corp. 2003 iii

iv IBM Tivoli Identity Manager: Novell Netware Agent Installation Guide

Preface

The Tivoli Identity Manager Novell Netware Agent (Novell Netware Agent)enables connectivity between the IBM Tivoli Identity Manager Server and anetwork of systems running the Novell Netware Client. After the agent is installedand prepared, Tivoli Identity Manager manages access to Novell Netware resourceswith your site’s security system. This manual describes how to install and preparea Novell Netware Agent.

Who should read this bookThis manual is intended for security administrators responsible for installingsoftware on their site’s computer systems. Readers are expected to understandsecurity administration concepts. The person completing the installation procedureshould also be familiar with their site’s system standards. Readers should be ableto perform routine security administration tasks.

PublicationsRead the descriptions of the Tivoli Identity Manager library, and the relatedpublications to determine which publications you might find helpful. After youdetermine the publications you need, refer to the instructions for accessingpublications online.

Tivoli Identity Manager Agent libraryThe publications in the Tivoli Identity Manager Agent library are:v Online user assistance for Tivoli Identity Manager

Provides integrated online help topics for all Tivoli Identity Manageradministrative tasks.

v Tivoli Identity Manager Policy and Organization Administration Guide

Provides topics for Tivoli Identity Manager administrative tasks.v Tivoli Identity Manager Server Configuration Guide

Provides configuration information for single-server and cluster Tivoli IdentityManager configurations.

Related publicationsInformation related to Tivoli Identity Manager is available in the followingpublications:v The Tivoli Software Library provides a variety of Tivoli publications such as

white papers, datasheets, demonstrations, redbooks, and announcement letters.The Tivoli Software Library is available on the Web at:http://www.ibm.com/software/tivoli/library/

v The Tivoli Software Glossary includes definitions for many of the technical termsrelated to Tivoli software. The Tivoli Software Glossary is available, in Englishonly from the Glossary link on the left side of the Tivoli Software Library Webpage:http://www.ibm.com/software/tivoli/library

© Copyright IBM Corp. 2003 v

http://www.ibm.com/software/tivoli/library/


Accessing publications onlineThe IBM publications for this product are available online in Portable DocumentFormat (PDF) or Hypertext Markup Language (HTML) format, or both at theTivoli Software Library:

http://www.ibm.com/software/tivoli/library

To locate product publications in the library, click the Product manuals link on theleft side of the Library page. Then, locate and click the name of the product on theTivoli Software Information Center page.

Product publications include release notes, installation guides, user’s guides,administrator’s guides, and developer’s references.

Note: To ensure proper printing of PDF publications, select the Fit to page checkbox in the Adobe Acrobat Print window (which is available when you clickFile →Print).

AccessibilityThe product documentation includes the following features to aid accessibility:v Documentation is available in both HTML and convertible PDF formats to give

the maximum opportunity for users to apply screen-reader software.v All images in the documentation are provided with alternative text so that users

with vision impairments can understand the contents of the images.

Contacting software supportBefore contacting IBM Tivoli Software support with a problem, refer to the IBMTivoli Software support Web site at:

http://www.ibm.com/software/sysmgmt/products/support/

If you need additional help, contact software support using the methods describedin the IBM Software Support Guide at the following Web site:

http://techsupport.services.ibm.com/guides/handbook.html

This guide provides the following information:v Registration and eligibility requirements for receiving supportv Telephone numbers and e-mail addresses, depending on the country in which

you are locatedv A list of information you should gather before contacting customer support

Conventions used in this bookThis reference uses several conventions for special terms and actions and foroperating system-dependent commands and paths.

The following typeface conventions are used in this book:

Bold Bold text indicates selectable window buttons, field entries, andcommands appearing in this manual except from within examplesor the contents of files.

vi IBM Tivoli Identity Manager: Novell Netware Agent Installation Guide


http://www.ibm.com/software/sysmgmt/products/support/

http://techsupport.services.ibm.com/guides/handbook.html

Monospace Text in monospace type indicates the contents of files or the outputfrom commands.

italic Italic text indicates context-specific values such as:v path namesv file namesv user namesv group namesv system parametersv environment variables

Preface vii

viii IBM Tivoli Identity Manager: Novell Netware Agent Installation Guide

Chapter 1. Overview

This installation guide provides all of the basic information necessary to install andconfigure the Novell Netware Agent components. This chapter provides a simpleoverview of the installation process and a brief overview of the information ineach chapter.

Basic InstallationThe following lists the basic procedures necessary to install, configure, and run theagent:v Install the agent software.v Activate the Novell Netware Agent as a service on the agent’s system.v Configure the agent’s communication protocols to enable the Novell Netware

Agent to communicate with the Tivoli Identity Manager Server.v Install the agent’s profile on the Tivoli Identity Manager Server.v Configure the Tivoli Identity Manager Server to recognize the agent as a service.

Chapter DescriptionsThe Novell Netware Agent Installation Guide contains information pertinent to theproper installation and configuration of the Novell Netware Agent in the followingchapters and appendices:

Chapter 1, “Overview” Provides an overview of this document and the basicprocedures necessary to install and configure this agent.

Chapter 2, “AgentInstallation”

Contains detailed information about installing the agent. Thischapter also contains additional steps required to configurethe agent properly.

Chapter 3, “Agent ProfileInstallation”

Contains detailed information about installing the agent’sprofile on the Tivoli Identity Manager Server. Installing theagent’s profile on the Tivoli Identity Manager Server allowsthe Tivoli Identity Manager Server to recognize the agent. Ifthe agent profile is not installed on the Tivoli IdentityManager Server, the Tivoli Identity Manager Server will notbe able to manage access to the Novell Netware servers withNDS.

Chapter 4, “AgentParameters Modification”

Contains information about using the agentCfg tool. TheagentCfg tool provides an easy way to configure variousproperties specific to the agent, such as communicationprotocols, logging settings, and so on.

Chapter 5, “CertificateInstallation”

Contains information about using the CertTool tool. TheCertTool tool provides an easy way to request, install, andregister certificates for use with the agent.

Appendix A, “AgentVariables”

Contains information about the agent variables.

Appendix B, “AdditionalInstallation Options”

Contains information about uninstalling the agent.

Appendix C, “Notices” Contains legal notices for this agent.

© Copyright IBM Corp. 2003 1

2 IBM Tivoli Identity Manager: Novell Netware Agent Installation Guide

Chapter 2. Agent Installation

This chapter describes the procedure to install and configure the Novell NetwareAgent software. Each step includes a short procedure that completes one aspect ofthe overall agent installation process. You must complete the steps in the orderthey are listed.

RequirementsThe following table identifies hardware, software, and authorization requirementsto install the Novell Netware Agent. Verify that all of the requirements have beenmet before installing the Novell Netware Agent.

Table 1. Requirements to install the agent

System The agent must be installed on a server with a 32-bitx86-based microprocessor, at least 128 MB of memory, andat least 100 MB of free disk space.

Operating System Windows NT® 4.0 with SP 6 or Windows 2000 Serverwith SP 2 must be installed and operational on the systemwhere the agent will be installed.

Novell Netware Client One of the following versions of Novell Netware Clientmust be operational on the workstation where the agent isinstalled:

v 4.x

v 5.x

Network Connectivity The agent must be installed on a system that cancommunicate with the Tivoli Identity Manager Serverthrough a TCP/IP network.

For security purposes, the agent should be installed on aWindows NT file system.

System AdministratorAuthority

The person completing the Novell Netware Agentinstallation procedure must have system administratorauthority to complete the steps in this chapter.

Server Communication Communication between the Tivoli Identity ManagerApplication Server and the Novell Netware Client shouldbe tested with a low-level communications ping beforeinstalling any IBM® software. This makes troubleshootingeasier if you encounter installation problems.

Information WorksheetUse the following worksheet to document information required to install andconfigure the Novell Netware Agent. Complete this worksheet before starting theinstallation procedure. The worksheet includes default values used by the agentand identifies the information you need to modify during installation.

Make a copy of the worksheet for each server where you are installing the NovellNetware Agent. For example, if you have five Windows Servers where you areinstalling the Novell Netware Agent, you need five copies of the worksheet.


Step 1: Installing the AgentThe Tivoli Identity Manager Novell Netware Agent installation files are availablefor download from IBM’s Web site. Contact your IBM account representative forthe Web address and download instructions.

Install the Novell Netware Agent using the provided executable installationprogram. The default Novell Netware Agent destination directory is theC:\Tivoli\Agents\NetwareAgent directory. For more information, see “Step 1:Installing the Agent”.

Step 2: Activating the Agent as a ServiceStart the Novell Netware Agent as a service and configure it to start automatically.For more information, see “Step 2: Activating the Agent as a Service” on page 5.

Step 3: Configuring the AgentConfigure the agent’s communication protocol to use the DAML protocol tocommunicate with the Tivoli Identity Manager Server. For more information, see“Step 3: Configuring the Agent” on page 6.

Step 4: Installing the Agent’s CertificateInstall the agent’s certificate. This certificate is used by the DAML protocol duringcommunication with the Tivoli Identity Manager Server. For more information, see“Step 4: Installing the Agent’s Certificate” on page 6.

Step 5: Installing the Agent’s ProfileInstall the agent’s profile on the Tivoli Identity Manager Server. For moreinformation, see “Step 5: Installing the Agent’s Profile” on page 6.

Step 6: Configuring the Agent for Event NotificationConfigure the Novell Netware Agent for event notification. This step is optional.For more information, see “Step 6: Configuring the Agent for Event Notification”on page 7.

Step 7: Configuring the Agent’s FormsConfigure the agent’s forms on the Tivoli Identity Manager Server. For moreinformation, see “Step 7: Configuring the Agent’s Forms” on page 7.

Step 1: Installing the AgentAn executable installation program is provided for the Novell Netware Agent.When you run the installation program, you can accept the default settings orselect new values.

The Tivoli Identity Manager Novell Netware Agent installation files are availablefor download from IBM’s Web site. Contact your IBM account representative forthe Web address and download instructions.

To install the agent, do the following:1. Download the Novell Netware Agent installation zip file from IBM’s Web site.2. Extract the contents of the Novell Netware Agent installation zip file into a

temporary directory.


3. Select Run... from the Start menu and type the path to the temporary directoryfollowed by Setup.exe. For example:C:\Temp\Setup.exe

The Welcome dialog window appears.4. Click Next.

The License Agreement window opens.5. Read the license agreement and decide whether to accept its terms. If you do,

click Accept.6. Click Next.

The Select Destination Directory dialog window appears.

7. Accept the default or select an alternate destination path and click Next.The Install Summary dialog window appears.

8. Click Next.The agent components are installed and the Installation Completed dialogwindow appears.

9. Click Finish.

Step 2: Activating the Agent as a ServiceThe Novell Netware Agent is installed on the Windows server and automaticallystarts whenever the server is rebooted. However, the service is not active afterinstallation. Select the Novell Netware Agent service to start the Novell NetwareAgent software on the target platform.

InstallShieldInstallShield

Click Next to install < > to this directory, orclick Browse to install to a different directory.

agentname

Directory Name:

Installer

C:\tivoli\agents\< >agentname

Browse...

CancelNext >< Back

Figure 1. Select Destination Directory dialog window

Chapter 2. Agent Installation 5

Step 3: Configuring the AgentThe Novell Netware Agent uses the DAML protocol to ensure securecommunication with the Tivoli Identity Manager Server. Default protocol valuesare provided. However, you must configure the DAML protocol for your site’ssystems. See “Changing Protocol Configuration Settings” on page 14 for moreinformation.

Note: A certificate must be installed for the DAML protocol. Refer to Chapter 5,“Certificate Installation”, on page 29 for more information about installingcertificates.

If you are only installing one instance of the agent for use with one service on theTivoli Identity Manager Server, the following properties must be configured:v Event Notification Context

The event notification context allows the Tivoli Identity Manager Server torecognize the Novell Netware Agent during an event notification. An EventNotification Context must be defined for this agent. See “Modifying an EventNotification Context” on page 20 for more detailed information about adding anew context.

v DAML ProtocolThe agent name uses the DAML protocol to ensure secure communication withthe product name. Default protocol values are provided. However, you mustconfigure the DAML protocol for your site’s systems. See “Changing ProtocolConfiguration Settings” on page 14 for more information.

Note: A certificate must be installed for the DAML protocol. See Chapter 5,“Certificate Installation”, on page 29 for more information about installingcertificates.

Step 4: Installing the Agent’s CertificateA certificate must also be installed for the DAML protocol. You must obtain aproduction certificate from a well-known Certificate Authority or create your owncertificate using your own Certificate Authority. The Novell Netware Agent doesnot come prepackaged with a certificate. See Chapter 5, “Certificate Installation”,on page 29 for more information about installing certificates.

When you install the new certificate, you will also need to install the newCertificate Authority on the Tivoli Identity Manager Server. Refer to the TivoliIdentity Manager Server Configuration Guide for more information.

Note: You must configure the DAML protocol before installing your certificate.Stop and restart the agent after the certificate is installed.

Step 5: Installing the Agent’s ProfileBefore an agent can be added as a service to the Tivoli Identity Manager Server,the server must have a service profile to recognize the agent as a service. SeeChapter 3, “Agent Profile Installation”, on page 9 for more information oninstalling the agent’s profile on the Tivoli Identity Manager Server.

Note: If this is an upgrade of an existing agent, the new agent schema will not bereflected immediately. The Tivoli Identity Manager system stores the agentschema in memory. However, this cache is periodically refreshed and the


new agent schema will be reflected after the cache is refreshed. Re-boot theTivoli Identity Manager system to refresh the agent schema immediately.

Step 6: Configuring the Agent for Event NotificationYou can choose to configure event notification for agents configured to use theDAML protocol. Complete this step only if you want to monitor agent attributesfor changes that will trigger event notifications.

Note: This step is optional. The agent can accept requests from the Tivoli IdentityManager Server whether you configure event notification or not.

To do this, identify the Tivoli Identity Manager Server.1. Select Configure Protocol from the Agent Protocol Configuration Menu.

For more information, see “Changing Protocol Configuration Settings” onpage 14.

2. Select DAML as the protocol to configure.3. Select SRV_NODENAME.4. Specify the IP address or fully-qualified hostname that identifies the Tivoli

Identity Manager Server and press Enter.The Protocol Properties menu reappears and displays your new settings.

5. Select SRV_PORTNUMBER.6. Specify the port number the Tivoli Identity Manager Server uses to connect to

the agent and press Enter.The Protocol Properties menu reappears and displays your new settings.

7. Select SRV_USERNAME.8. Specify the username the Tivoli Identity Manager Server uses to connect to the

agent and press Enter.The Protocol Properties menu reappears and displays your new settings.

9. Select SRV_PASSWORD10. Specify the password for the username the Tivoli Identity Manager Server

uses to connect to the agent and press Enter.The Protocol Properties menu reappears and displays your new settings.

Step 7: Configuring the Agent’s FormsConfigure the agent’s service maintenance and account maintenance forms on theTivoli Identity Manager Server. Refer to the Tivoli Identity Manager Policy andOrganization Administration Guide for more information.

Chapter 2. Agent Installation 7

Chapter 3. Agent Profile Installation

Before an agent can be added as a service to the Tivoli Identity Manager Server,the server must have a service profile to recognize the agent as a service. TheNovell Netware Agent comes with a second installation script that installs theagent’s profile on the Tivoli Identity Manager Server as a service profile.

This chapter describes the procedure to install and configure the Novell NetwareAgent profile on the Tivoli Identity Manager Server. Each step includes a shortprocedure that completes one aspect of the overall profile installation process. Youmust complete the steps in the order they are listed.

Notes:

1. If you intend to install multiple agent profiles on the Tivoli Identity ManagerServer, it is important that you install them one at a time. You must wait for asingle profile installation to complete before starting the next profileinstallation.

2. If you are upgrading the agent software, you must also upgrade the agentprofile on the Tivoli Identity Manager Server.

3. In a WebLogic Application Server cluster, the agent profile must be installed onevery managed server. If the agent profile is not installed on every member ofthe cluster, the managed server that did not have the agent profile installed willnot recognize the agent as a service if the other managed servers becomeunavailable.

4. In a WebSphere Application Server cluster, you should install the agent profileon the computer on which Network Deployment Manager is installed, althoughthe agent profile can be installed on any server in the cluster. The profileinformation is pushed into the directory and becomes available to all clustermembers.

RequirementsThe following table identifies hardware, software, and authorization requirementsto install the Novell Netware Agent profile on the Tivoli Identity Manager Server.Verify that all the requirements have been met before installing the Novell NetwareAgent profile.

Table 2. Requirements before installing an agent profile

Server The Tivoli Identity Manager Server must be installed andrunning before the agent’s profile can be installed.

System Administrator Authority The person completing the Novell Netware Agent profileinstallation must have root access to the Tivoli IdentityManager Server to complete the procedures in thischapter.

Installing the Agent Profile1. Log in to the Tivoli Identity Manager Server as root.2. Download the Novell Netware Agent installation zip file from IBM’s Web site

and extract the contents of the zip file into a temporary directory.


Note: Contact your IBM account representative for the Web address anddownload instructions for agent installation files.

3. Complete one of the following:v For a Tivoli Identity Manager Server installed on a UNIX® platform:

– Change the working directory to the temporary directory where youextracted the agent installation files.# cd /tmp

where tmp is the path of the directory containing the agent installationfiles.

– Run the Novell Netware Agent profile installation script that isappropriate for your operating system.# ./netwprofile_<operating system>.bin

where <operating system> is the name of your operating system, such asaix, solaris, or hpxxxx.

A graphical user interface appears.v For Tivoli Identity Manager Servers installed on Windows:

Select Run... from the Start menu, type the path to the temporary directorywhere you extracted the agent installation followed by netwprofile.exe. Forexample:C:\temp\netwprofile.exe


The Select Tivoli Identity Manager Home Directory screen appears.5. Type the Tivoli Identity Manager Server home directory in the text field and

click Next. You can also select the directory by clicking Browse... and browsingto the correct directory.You must install the agent profile in the same home directory in which theTivoli Identity Manager Server is installed.

Note: If the installation program cannot determine whether the Tivoli IdentityManager Server home directory that you entered is correct, the ITIM NotFound dialog window is displayed.

The Install Summary dialog window appears.6. Click Next.

The Installation Progress dialog window appears.Upon successful installation, the Applying Schema Updates window appears,and any schema updates will be applied.The Install Complete dialog window appears after installation is complete.

7. Click Finish to conclude the installation process.

Verifying the Agent Profile is InstalledTo ensure that the agent profile installed correctly, navigate to the directory whereagent profile files are installed. If the agent profile installation was successful, anagent profile directory will be created in the remote_resources folder. Examples areprovided below:


For Windows:C:\itim\data\remote_resources\nt40profile\

For UNIX:/itim/data/remote_resources/nt40profile/

Chapter 3. Agent Profile Installation 11

Chapter 4. Agent Parameters Modification

This chapter describes how to use agentCfg, the provided agent configurationprogram, to view or modify Novell Netware Agent parameters. All modificationsmade to settings with this tool take effect immediately.

Accessing the Agent Configuration Tool Main MenuThe following procedure describes how to access the main menu of the agentCfgtool for Novell Netware Agent parameters.1. Select Programs from the Start menu, select Accessories, and then select

Command Prompt.The DOS Command Prompt window appears.

2. Change to the agent’s bin directory.Type the following, if the Novell Netware Agent directory is in the defaultlocation:cd \Tivoli\Agents\NetwareAgent\bin

3. Type agentCfg -agent NetwareAgent at the prompt.Enter configuration key for Agent ’NetwareAgent’:

You can also use agentCfg to view or change configuration settings from aremote computer. See the table in “Accessing Help and Additional Options” onpage 26 for procedures on using the -hostname argument.

4. Type the configuration key for the Novell Netware Agent.The default configuration key is agent. See “Changing Protocol ConfigurationSettings” on page 14 for procedures to change the configuration key.The Main Configuration menu appears.

NetwareAgent 4.5.5 Agent Main Configuration Menu-------------------------------------------A. Configuration Settings.B. Protocol Configuration.C. Event NotificationD. Change Configuration Key.E. Activity Logging.F. Registry Settings.G. Advanced Settings.H. Statistics

X. Done

Select menu option:

This chapter includes a section for each of the following main functions:v For option A, see “Viewing Configuration Settings” on page 14v For option B, see “Changing Protocol Configuration Settings” on page 14v For option C, see “Setting Event Notification” on page 17v For option D, see “Changing the Configuration Key” on page 21v For option E, see “Changing Activity Logging Settings” on page 22v For option F, see “Changing Registry Settings” on page 24v For option G, see “Changing Advanced Settings” on page 25


v For option H, see “Viewing Statistics” on page 26

Viewing Configuration SettingsThe following procedure describes how to view the Novell Netware Agentconfiguration settings.1. Type option A (Configuration Settings) at the main menu prompt.

The configuration settings for the Novell Netware Agent appear. The followingis a sample of the Novell Netware Agent configuration settings.

Configuration Settings-------------------------------------------Name : NetwareAgentVersion : 4.5.5ADK Version : 4.27ERM Version : 4.27enRole Version : 4.0License : NONEAsynchronous ADD Requests : TRUE (Max.Threads:3)Asynchronous MOD Requests : TRUE (Max.Threads:3)Asynchronous DEL Requests : TRUE (Max.Threads:3)Asynchronous SEA Requests : TRUE (Max.Threads:3)Available Protocols : DAML, FTPConfigured Protocols : DAMLLogging Enabled : TRUELogging Directory : C:\Tivoli\Agents\NetwareAgent\LogLog File Name : NetwareAgent.logMax. log files : 3Max.log file size (Mbytes) : 1Debug Logging Enabled : TRUEDetail Logging Enabled : FALSE

Press any key to continue

2. Press any key to return to the main menu.

Changing Protocol Configuration SettingsThe agent can communicate with the Tivoli Identity Manager Server using DAMLor FTP. By default, agents are configured to use DAML as the communicationprotocol. Procedures provided in this section contain instructions for modifyingDAML protocol configuration settings. Configuring the agent to use FTP requiresadditional configuration not provided in this section.

The following procedure describes how to change the Novell Netware Agentprotocol configuration settings. This section also describes the purpose of theprovided functions.1. Type B (Protocol Configuration) at the main menu prompt.

The Protocol Configuration menu appears. The configured and availableprotocols for your server display above the menu options. The DAML protocolis configured and available by default for the Novell Netware Agent.


Agent Protocol Configuration Menu-----------------------------------Available Protocols: DAML, FTPConfigured Protocols: DAMLA. Add Protocol.B. Remove Protocol.C. Configure Protocol.

X. Done

Select menu option

2. See the following procedure that corresponds with the option that you want toselect:v For option A, see “Adding a Protocol”v For option B, see “Removing a Protocol”v For option C, see “Configuring a Protocol”

Type X to return to the main menu.

Adding a Protocol1. Type A (Add Protocol) at the Protocol Configuration menu prompt.

The Add New Protocol menu appears and displays protocols that are availableon your server. If there are no protocols to add, the Protocol Configurationmenu reappears.

2. Type the menu option letter of the protocol that you want to add.The Protocol Configuration menu reappears. The protocol that you addedappears as a Configured Protocol. See the procedure for “Configuring aProtocol” to modify the default configuration settings for the protocol that youadded.

Removing a Protocol1. Type B (Remove Protocol) at the Protocol Configuration menu prompt.

The Remove Protocol menu appears and displays all protocols that have beenadded. If there are no protocols to remove, the Protocol Configuration menureappears.

2. Type the menu option letter of the protocol that you want to remove.The Protocol Configuration menu reappears and the protocol that you removedis no longer listed as a configured protocol. However, the protocol remains asan available protocol that can be added again.

Configuring a Protocol1. Type C (Configure Protocol) at the Protocol Configuration menu prompt.

The Configure Protocol menu appears.2. Type the menu option letter of the protocol that you want to configure.

The Protocol Properties menu for the configured protocol appears with protocolproperties.

Note: The properties on your menu may be different from the ones shown.

The following is an example of the DAML protocol properties:

Chapter 4. Agent Parameters Modification 15

DAML Protocol Properties--------------------------------------------------------------------A. PORTNUMBER 45580 ;Protocol Server port number.B. USERNAME ****** ;Authorized user name.C. PASSWORD ****** ;Authorized user password.D. SRV_NODENAME 192.168.6.40 ;Event Notif. Server name.E. SRV_PORTNUMBER 443 ;Event Notif. Server port number.F. SRV_USERNAME ****** ;Event Notif. user name.G. SRV_PASSWORD ****** ;Event Notif. Server password.H. VALIDATE_CLIENT_CE FALSE ;Require client certificate.

X. Done

Select menu option:

3. Type the menu option letter of the protocol property that you want toconfigure.See the table below for additional information about the menu options for theDAML protocol.

Table 3. Menu options for the DAML protocol

Type this Option To Accomplish this

A (PORTNUMBER) The following prompt appears:

Modify Property ’PORTNUMBER’:

Type a different port number, for example, 7004

This is the port number the Tivoli Identity ManagerServer uses to connect to the agent.

B (USERNAME) The following prompt appears:

Modify Property ’USERNAME’:

Type a username, for example, admin

This is the username the Tivoli Identity ManagerServer uses to connect to the agent.

C (PASSWORD) The following prompt appears:

Modify Property ’PASSWORD’:

Type a password, for example, *******

This is the password for the username the TivoliIdentity Manager Server uses to connect to the agent.

D (SRV_NODENAME) The following prompt appears:

Modify Property ’SRV_NODENAME’:

Type a server name, for example, 192.168.6.152

This is the DNS name or IP address of the TivoliIdentity Manager Server.

E (SRV_PORTNUMBER) The following prompt appears:

Modify Property ’SRV_PORTNUMBER’:

Type a different port number to access the TivoliIdentity Manager Server, for example, 7004

This is the port number the agent uses to connect tothe Tivoli Identity Manager Server.


Table 3. Menu options for the DAML protocol (continued)


F (SRV_USERNAME) The following prompt appears:

Modify Property ’SRV_USERNAME’:

Type a different username, for example, admin

This is the username the agent uses to connect to theTivoli Identity Manager Server.

G (SRV_PASSWORD) The following prompt appears:

Modify Property ’SRV_PASSWORD’:

Type a different password, for example, *****

This is the password for the username the agent usesto connect to the Tivoli Identity Manager Server.

H (VALIDATE_CLIENT_CE) The following prompt appears:

Modify Property ’VALIDATE_CLIENT_CE’:

Type TRUE to require the Tivoli Identity ManagerServer to send a certificate when communicating withthe agent.

Type FALSE to allow the Tivoli Identity ManagerServer to communicate with the agent without acertificate.Note: You must configure options D through H ofthe CertTool if you set this option to TRUE.

4. Change the value and press Enter.The Protocol Properties menu reappears and displays your new settings.

Note: Press Enter to return to the Protocol Properties menu without modifyingthe selected value.

Setting Event NotificationThe following procedure describes how to set Event Notification for the TivoliIdentity Manager Server. Event Notification updates the Tivoli Identity ManagerServer with changes to the Tivoli Identity Manager Server at set intervals.

Note: The example menu shows all the options displayed when Event Notificationis enabled. If Event Notification is disabled, not all of the options aredisplayed.

1. Type C (Event Notification) at the main menu prompt.The Event Notification Menu appears.


Event Notification Menu--------------------------------------------------------------* Reconciliation interval : 1 day(s)* Next Reconciliation time : 23 hour(s) 56 min(s). 23 sec(s).* Configured Contexts : Jupiter, dd309A. EnabledB. Time interval between reconciliations.C. Set Processing cache size. (currently: 50 Mbytes)D. Start event notification now.E. Set attributes to be reconciled.F. Reconciliation process priority. (current: 1)G. Add Event Notification Context.H. Modify Event Notification Context.I. Remove Event Notification Context.J. List Event Notification Contexts.

X. Done

Select menu option:

2. Type the menu option letter of the Event Notification option that you want tochange.

Note: Option A must be enabled in order for the values of the other options totake affect.

Table 4. Event notification options


A If this option is enabled, the agent updates the Tivoli IdentityManager Server with changes to the agent at regular intervals.

When the option is set to:

v disabled, it automatically changes to enabled

v enabled, it automatically changes to disabled

B (Time intervalbetween reconciliations)

The following prompt appears:

Enter new interval([ww:dd:hh:mm:ss])[00:01:00:00:00]:

Type a different reconciliation interval.

Press Enter to return to the Agent Activity Logging menuwithout changing the value.

C (Set processing cachesize)


Enter new cache size[5]:

Type a different value to change the processing cache size.


D (Start eventnotification now)

If this option is selected, event notification is started.

E (Set attributes to bereconciled)

The Event Notification Entry Types menu appears. See “SettingAttributes to be Reconciled” on page 19 for more information.


Table 4. Event notification options (continued)


F (Reconciliationprocess priority)


Enter new thread priority [1-10]:

Type a different thread value to change reconciliation processpriority.


G (Add EventNotification Context)


Context name :

Type the new context name and press Enter. The new context isadded.

H (Modify EventNotification Context)

A menu listing the available contexts appears. See “Modifying anEvent Notification Context” on page 20 for more information.

I (Remove EventNotification Context)

The Remove Context menu appears. Select the context to removeand the following prompt appears:

Delete context context1? [no]:

Press Enter to exit without deleting the context or type Yes andpress Enter to delete the context.

J (List EventNotification Contexts)

The Event Notification Contexts are displayed in the followingformat:

Context Name : Context1Target DN :erservicename=context1,o=IBM,ou=IBM,dc=com--- Attributes for search request ---{search attributes listed}-----------------------------------------------

3. Press Enter if you changed the value for option B, C, E or F.The Event Notification menu reappears and displays your new settings.

Note: The other options are changed automatically when you type thecorresponding menu option letter.

Setting Attributes to be ReconciledSetting attributes to be reconciled consists of selecting attributes that will triggerevent notifications when their values change. Attributes that change frequently(password age or last successful logon, for example) can be omitted.1. Type E (Set attributes to be reconciled) at the Event Notification Menu.

The Event Notification Entry Types menu appears.

Event Notification Entry Types-------------------------------------------A. USERB. GROUPX. DoneSelect menu option:

2. Type A for attributes returned during a user reconciliation or type B forattributes returned during a group reconciliation.


The Event Notification Attribute Listing for the selected reconciliation typeappears.

Note: The default setting lists all attributes the agent supports.

Event Notification Attribute Listing-------------------------------------(a) ** (b) ** (c) **(d) ** (e) ** (f) **(g) ** (h) ** (i) **(j) ** (k) ** (l) **(m) ** (o) ** (q) **(r) ** (s) ** (t) **

(p)rev page 1 of 3 (n)ext-----------------------------

X. DoneSelect menu option:

3. Type the letter option of the attribute to exclude from an event notification.Attributes that are marked with the asterisks are returned during the eventnotification. Attributes that are not marked with asterisks are not returnedduring the event notification.

Modifying an Event Notification Context1. Type H (Modify Event Notification Context) at the Event Notification menu.

The Modify Context Menu appears.

Modify Context Menu------------------------------A. Context1B. Context2C. Context3X. DoneSelect menu option:

2. Select the desired context.The Modify Context menu for the selected context appears.

A. Set attributes for searchB. Target DN:C. Delete Baseline DatabaseX. DoneSelect menu option:

See “Adding Search Attributes for Event Notification” for option A.

See “Configuring the Target DN for Event Notification Contexts” on page 21 foroption B.

See “Removing the Baseline Database for Event Notification Contexts” onpage 21 for option C.

Adding Search Attributes for Event Notification1. Type A (Set attributes for search) at the desired context’s Modify Context menu.

The Reconciliation Attribute Passed to Agent menu appears.


Reconciliation Attributes Passed to Agent for Context: Context1--------------------------------------------------------------------------------------------------------A. Add new attributeB. Modify attribute valueC. Remove attributeX. DoneSelect menu option:

2. Select the desired option and complete the requested information at theprompts.The Reconciliation Attributes Passed to Agent menu reappears with thechanges displayed.

Configuring the Target DN for Event Notification Contexts1. Type B (Target DN) at the desired context’s Modify Context menu.

The following prompt appears:Enter Target DN:

2. Type the target DN for the context and press Enter.The target DN for the event notification context must be in the followingformat:erservicename=nameofservice,o=organizationname,ou=tenantname,dc=com

Each element of the DN is defined as follows:

erservicenameName of the target service used by the product name.

o Name of the organization in the product name.

ou Name of the tenant in which the organization is located. If the productname is an enterprise installation, this is the name of the organization.

dc=comRoot of the directory tree.

The selected context’s Modify Context menu reappears with the new target DNlisted.

Removing the Baseline Database for Event Notification ContextsThis option is only available after a context is created and a reconciliation is run onthe context to create a Baseline Database file.

Type C (Delete Baseline Database) at the desired context’s Modify Context menu.

The selected context’s Modify Context menu reappears with the Delete BaselineDatabase option removed.

Changing the Configuration KeyThe following procedure describes how to change the Novell Netware Agentconfiguration key. You use this key as a password to access the configuration toolfrom the selected agent.1. Type D (Change Configuration Key) at the main menu prompt.2. Change the value and press Enter.

Enter new configuration key for Agent ’NetwareAgent 4.5.5’:


Press Enter to return to the Main Configuration menu without changing theconfiguration key. The default configuration key is agent.

Note: Enter a configuration key that you can easily remember.

A message appears:Configuration key successfully changed.

The configuration program exits and the main prompt reappears.

Changing Activity Logging SettingsThe following procedure describes how to change the Novell Netware Agentactivity logging settings. When you enable logging, Tivoli Identity Managermaintains a log file of all transactions in a dated archive log file, NetwareAgent.log.1. Type E (Activity Logging) at the main menu prompt.

The Agent Activity Logging menu appears. The following sample shows thedefault activity logging settings.

Agent Activity Logging Menu-------------------------------------A. Activity Logging (Enabled).B. Logging Directory (current: C:\Tivoli\Agents\NetwareAgent\Log).C. Activity Log File Name (current: NetwareAgent.log).D. Activity Logging Max. File Size ( 1 mbytes)E. Activity Logging Max. Files ( 3 )F. Debug Logging (Enabled).G. Detail Logging (Disabled).H. Base Logging (Disabled).X. DoneSelect menu option:

2. Type the menu option letter of the activity logging option that you want tochange.

Note: Option A (Activity Logging) must be enabled in order for the values ofthe other options to take effect.

Table 5. Event notification options


A (Activity Logging) Set this option to enabled and Tivoli Identity Manager maintainsa log file of all transactions in a dated archive log file.




B (Logging Directory) Type a different value for the logging directory, for example,C:\Log. When the logging option is enabled, details about eachaccess request are stored in the logging file that is located in thisdirectory.



Table 5. Event notification options (continued)


C (Activity Log FileName)

Type a different value for the log file name. When the loggingoption is enabled, details about each access request are stored inthe logging file.


D (Activity LoggingMax File Size)

Type a new value, for example, 10. The oldest data is archivedwhen the log file reaches the maximum file size. File size ismeasured in megabytes. Activity log file size can exceed diskcapacity.


E (Activity LoggingMax Files)

Type a new value up to 100, for example, 5. The agentautomatically deletes the oldest activity logs beyond the specifiedlimit.


F (Debug Logging) If this option is set to enabled, the agent includes the debugstatements in the log file of all transactions.




G (Detail Logging) If this option is set to enabled, the agent maintains a detailed logfile of all transactions.Note: The detail logging option should be used for diagnosticpurposes only. When the detail logging option is on, theapplication’s performance can be adversely affected.




H (Base Logging)If this option is set to enabled, the agent maintains a log file ofall transactions in the ADK and library files.




3. Press Enter if you changed the value for option B, C, D, or E.The Agent Activity Logging menu reappears and displays your new settings.

Note: The other options are changed automatically when you type thecorresponding menu option letter.


Changing Registry SettingsThe following procedure describes how to change the Novell Netware Agentregistry settings.1. Type F (Registry Settings) at the main menu prompt.

The Registry menu appears.

NetwareAgent 4.5.5 Agent Registry Menu-------------------------------------------A. Modify Non-encrypted registry settings.B. Modify encrypted registry settings.C. Multi-instance settings.X. DoneSelect menu option:

2. See the following procedures on modifying registry setting.

Modifying Non-encrypted Registry Settings

Note: There are no encrypted registry settings for this agent.1. Type A (Modifying Non-encrypted Registry Settings) at the Registry menu

prompt.The Non-encrypted Registry settings menu appears.

Agent Registry Items---------------------------

01. ENROLE_VERSION ’4.0’--------------------------------

Page 1 of 1

A. Add new attributeB. Modify attribute valueC. Remove attributeX. DoneSelect menu option:

2. Type one of the following options:v A) Add new attributev B) Modify attribute valuev C) Remove attributev X) Done

3. Type the registry item name, and press Enter.4. Type the registry item value, if you selected option A or B, and press Enter.

The non-encrypted registry settings menu reappears and displays your newsetting(s).

Multi-instance SettingsThis option allows you to configure multi-instance settings.

Note: This option is only valid if the agent can support multi-instances.1. Type C (Multi-instance Settings) at the Registry Menu prompt.

The Novell Netware Agent Instance Class Menu appears.


NetwareAgent 4.5.5 Agent Instance Class Menu--------------------------------------------------------------------------------------------------------------A. Select instance class.X. Done.

2. Type one of the available options.3. Type the requested information and press Enter.

The Novell Netware Agent Instance Class Menu reappears and displays yournew settings.

Changing Advanced SettingsThe following procedure describes how to change the Novell Netware Agentthread count settings for the following types of requests:v System Login Addv System Login Changev System Login Deletev Reconciliation

These settings determine the maximum number of requests that the NovellNetware Agent processes concurrently.1. Type G (Advanced Settings) at the main menu prompt.

The Advanced Settings menu appears. The following sample shows the defaultthread count settings.

NetwareAgent 4.5.5 Advanced Settings Menu-------------------------------------------A. Single Thread Agent (current:TRUE)B. ADD max. thread count. (current:3)C. MODIFY max. thread count. (current:3)D. DELETE max. thread count. (current:3)E. SEARCH max. thread count. (current:3)F. Allow User EXEC procedures (current:FALSE)G. Archive Request Packets (current:FALSE)H. UTF8 Conversion support (current:TRUE)I. Pass search filter to agent (current:FALSE)J. Thread Priority Level (1-10) (current:4)X. DoneSelect menu option:

2. Type the menu option letter of the advanced setting that you want to change.

Note: The UTF8 Conversion support setting must be set to FALSE to supportWestern European character sets.

Table 6. Menu options for the DAML protocol


A (Single Thread Agent) Forces the agent to allow only one request at a time.

B (ADD max. thread count) Controls how many simultaneous ADD requests canrun at one time.

C (MODIFY max. thread count) Controls how many simultaneous MODIFY requestscan run at one time.

D (DELETE max. thread count) Controls how many simultaneous DELETE requestscan run at one time.


Table 6. Menu options for the DAML protocol (continued)


E (SEARCH max. thread count) Controls how many simultaneous SEARCH requestscan run at one time.

F (Allow User EXEC procedures) Determines whether the agent allows pre- andpost-exec functions. Enabling this option is apotential security risk. This option is disabled bydefault.

G (Archive Request Packets) Instructs the agent to retain copies of the requestpackets in an archive. This option is specific to theFTP protocol and is used primarily for debuggingpurposes. By default, request packets are deletedonce they have been read unless this option isenabled.

H (UTF8 Conversion support) This option is no longer used.

I (Pass search filter to agent) Provides filtering functionality for search requests byissuing a full search to the agent and then filteringthe objects as they are pipelined back to the server.

Currently, this agent does not support processingfilters directly. This option should always be FALSE.

J (Thread Priority Level (1-10)) Sets the thread priority level for the agent.

3. Change the value and press Enter.The Advanced Settings menu reappears and displays your new settings.

Viewing StatisticsThe following procedures describes how to view an event log for the NovellNetware Agent.1. Type H (Statistics) at the main menu prompt.

The activity history for the agent is displayed.

NetwareAgent 4.5.5 Agent Request Statistics--------------------------------------------------------------------Date Add Mod Del Ssp Res Rec

-----------------------------------------------------------------

11/15/02 000001 000000 000000 000000 000000 000001

-----------------------------------------------------------------

X. Done

2. Type X to return to the Main Configuration Menu.

Accessing Help and Additional OptionsThe following describes how to access the agentCfg help menu and use the helparguments.1. Return to the Novell Netware Agent bin directory by completing one of the

following:v Type X from the Main Configuration menu prompt.


v Complete procedures 1 and 2 of “Accessing the Agent Configuration ToolMain Menu” on page 13.

2. Type agentCfg -help at the prompt to view the help menu.The following list of possible commands appears:

-version ; Show version-hostname < value> ; Target nodename to connect to (Default:Local host IP address)-findall ; Find all agents on target node-list ; List available agents on target node-agent <value> ; Name of agent-tail ; Display agent’s activity log-schema ; Display agent’s attribute schema-portnumber <value>; Specified agent’s TCP/IP port number-netsearch <value> ; Lookup agents hosted on specified subnet-confidencetest ; Confidence test-setup ; Confidence test setup-help ; Display this help screen

The following table describes the purpose of the provided arguments.

Table 7. Command argument purposes

-version Use this argument to display the agentCfg version.

-hostname <value> Use the -hostname argument with any of the followingcommands to specify a different host:

v -findall

v -list

v -tail

v -agent

Enter a hostname or IP address as the value.

-findall Use this argument to search and display all possible portaddresses for all agents. Must be used with the -listargument. Add the -hostname argument to search a remotehost.

-list Use this argument to search and display agents found atdefault ports. By default, the argument searches the local hostof the Novell Netware Agent. Use the -hostname argument tosearch a different host.

-agent <value> Use this argument to specify the agent that you want toconfigure. Enter an agent name as the value. Use thisargument with the -hostname argument to modify theconfiguration setting from a remote host. You can also usethis argument with the -tail argument.

-tail Use this argument with the -agent argument to display anagent’s activity log. Add the -hostname argument to displaythe log file for an agent on a different host.

-schema Use this argument with the -agent argument to display anagent’s attribute schema.

-portnumber <value> Use this argument with the -agent argument to specify anagent’s TCP/IP port number.

-netsearch <value> Use this argument with the -agent argument to display allagents installed on the system.

-confidencetest Use this argument to run a test to add, modify, search anddelete a request to the agent. This allows you to verify theagent connection to the managed resource without the TivoliIdentity Manager Server.


Table 7. Command argument purposes (continued)

-setup Use this argument to configure the confidence test.

-help Display the help menu for agentCfg.

3. Type agentCfg and one or more of the supported arguments at the prompt.You must type agentCfg before every argument to run the agent configurationtool.

Table 8. Arguments

Argument Syntax Argument Example

-argument For example, type agentCfg -list

This example lists all agents on the local host IPaddress. Note that the default node for the TivoliIdentity Manager Server is 44970.

Agent(s) installed on node ’127.0.0.1’-----------------------NetwareAgent (44970)

-argument <value> For example, type agentCfg -agent NetwareAgent

This example displays the main menu of theagentCfg tool which is used to view or modify theNovell Netware Agent parameters.

-argument <value>-argument

or

-argument -argument <value>

For example, type agentCfg -list -hostname192.9.200.7

This example lists agents on a host whose IPaddress is 192.9.200.7. Note that the default nodefor the Novell Netware Agent is 44970.

Agent(s) installed on node ’192.9.200.7’------------------NetwareAgent (44970)

-argument <value> -argument <value> For example, type agentCfg -agent NetwareAgent-hostname 192.9.200.7

This example displays the main menu of theagentCfg tool for a host whose IP address is192.9.200.7. Use the menu options to view ormodify the Novell Netware Agent parameters.


Chapter 5. Certificate Installation

This chapter describes how to use the provided certificate management tool(CertTool) to install and configure digital certificates for a Tivoli Identity ManagerAgent. The industry-standard Secure Sockets Layer (SSL) mechanism, which usesdigital certificates for authentication, is used for secure communication between theTivoli Identity Manager Server and an Agent.

For a production environment, you must obtain and use a signed productioncertificate from a well-known Certificate Authority, or from your own CertificateAuthority, to ensure secure communications. The agent does not come prepackagedwith a certificate.

This chapter provides information for managing digital certificates on the TivoliIdentity Manager Agent only. Please refer to the ″Managing Digital Certificates″chapter in the IBM Tivoli Identity Manager System Configuration Guide forinformation about configuring the Tivoli Identity Manager Server for SSL.

Note: If you install, modify, or delete a certificate, you must stop and restart theagent before the changes will take affect.

Overview of SSL and Digital CertificatesA Tivoli Identity Manager deployment must consider the security ofcommunication between all configured components. The industry-standard SecureSockets Layer (SSL) mechanism, which uses digital certificates for authentication, isused for secure communication in a Tivoli Identity Manager deployment.

SSL provides secure connections by allowing two applications connecting over anetwork connection to authenticate each other’s identity. Additionally, SSL providesencryption of the data exchanged between the applications. Authentication allowsa server (one-way) to verify the identity of the application on the other end of anetwork connection. Encryption makes data transmitted over the networkintelligible only to the intended recipient.

Features of SSL include the following concepts:v SSL provides a mechanism for one application to authenticate itself to another

application.v One-way SSL allows one application to be certain of the identity of the other

application.v The application that assumes the ″server″ role possesses and uses a server-side

certificate to prove its identity to the client application.v The application that is presented with a certificate must have in its possession

the root certificate (or certificate chain) of the Certificate Authority (CA) thatsigned the certificate being presented. The root CA certificate, or chain, validatesthe certificate being presented.

v In client connections, the client browser alerts the user when presented with acertificate that is not issued by a recognized Certificate Authority.

Note: Although the agent supports two-way SSL, Tivoli Identity Manager nolonger supports two-way authentication.


Basic Configuration for Server-to-Agent SSLThe following information pertains to a Tivoli Identity Manager deployment oneither the WebSphere or the WebLogic application server. In this scenario, theTivoli Identity Manager Server initiates communication with the agent(server-to-agent) to complete a transaction originating from the browser.

Deployment summary:

v The Tivoli Identity Manager Server and the agent use one-way authenticationover SSL.

v RSA SSL-C or Open SSL is used.

The Tivoli Identity Manager Agent must have a valid signed certificate; the TivoliIdentity Manager Server must have the corresponding CA certificate.

Note: In the diagram below, ″ITIM Server″ refers to the IBM Tivoli IdentityManager Server.

Clustered Tivoli Identity Manager ConfigurationIn a clustered configuration, the Tivoli Identity Manager System uses one WebServer to manage and load balance multiple Tivoli Identity Manager Servers. EachTivoli Identity Manager Server must have a valid CA certificate. All agents musthave associated CA and signed certificates.

Accessing the Certificate Configuration Tool Main MenuThe following procedure describes how to access the main menu of the CertToolutility for Novell Netware Agent certificate parameters.1. Select Programs from the Start menu, select Accessories, and then select

Command Prompt.The Microsoft Windows DOS Command Prompt window appears.

2. Change to the agent’s bin directory.

ITIMApplication Server

Agent

Resource

ITIMServer

One-way SSL

CACert

A

CertA

WebSphereor

WebLogic

Figure 2. Configuration for Server-to-Agent SSL


If the Novell Netware Agent directory is in the default location, type cd\Tivoli\Agents\NetwareAgent\bin.

3. Type CertTool -agent NetwareAgent at the prompt.The Main Configuration menu appears:

Main menu - Configuring agent: NetwareAgent------------------------------

A. Generate private key and certificate requestB. Install certificate from fileC. Install certificate and key from PKCS12 fileD. View current installed certificate

E. List CA certificatesF. Install a CA certificateG. Delete a CA certificate

H. List registered certificatesI. Register certificateJ. Unregister a certificate

X. Quit

Choice:

Obtaining and installing a signed certificate:

The first set of options allows you to generate a Certificate Signing Request(CSR) and install the returned signed certificate for the agent itself. The optionshere are:

A Generate a Certificate Signing Request (CSR) that is sent to theCertificate Authority (CA), and the associated private key.

B Install a certificate from a file. This file must be the signed certificatereturned by the CA in response to the CSR generated by option A.

C Install a certificate from a PKCS12 format file that includes both thepublic certificate and a private key. If options A and B are not used toobtain a certificate, the certificate used must be in PKCS12 format.

D View all certificates installed on the system.

Additional configuration for two-way SSL:

The remaining options only apply if client validation (two-way authentication)is required and enabled.


The second set of options allows installing root CA certificates. The CAcertificates are used by the Tivoli Identity Manager Agent to validate theassociated certificates presented by the Tivoli Identity Manager Servers.

E Show the installed CA certificates. The agent only communicates withTivoli Identity Manager Servers whose certificates are validated by oneof the installed CA certificates.

F Install a new CA certificate so that certificates generated by this CA canbe validated. The CA certificate file can be either in X.509, binary, orPEM encoded formats.

Chapter 5. Certificate Installation 31

G Remove one of the installed CA certificates.

Registering a signed certificate for two-way SSL:

The remaining options only apply if client validation (two-way authentication)is required and enabled.


The third set of options allows the agent to register the Tivoli Identity ManagerServer signed certificate. The Tivoli Identity Manager Server’s signed certificateis then validated by the agent when two-way SSL communication isestablished. If the Tivoli Identity Manager Server’s signed certificate isvalidated by one of the Agent’s CA certificates but not registered with theAgent, the Agent will refuse to communicate with the Tivoli Identity ManagerServer.

H List all registered certificates that will be accepted for communications.

I Register a new certificate. The certificate to be registered should be inBase 64 encoded X.509 format.

J Unregister (remove) a certificate from the registered list.

This chapter includes a section for each of the following main functions:v For option A, see “Generating a Private Key and Certificate Request”.v For option B, see “Installing the Certificate from a File” on page 34.v For option C, see “Installing the Certificate and Key from a PKCS12 File” on

page 34.v For option D, see “Viewing Installed Certificates” on page 34.v For option E, see “Viewing CA Certificates” on page 34.v For option F, see “Installing a CA Certificate” on page 35.v For option G, see “Deleting a CA Certificate” on page 35.v For option H, see “Viewing Registered Certificates” on page 35.v For option I, see “Registering a Certificate” on page 35.v For option J, see “Unregistering a Certificate” on page 36.

Type X to return to the main menu.

Generating a Private Key and Certificate RequestThe following procedure describes how to view the Novell Netware Agentconfiguration settings.1. Type option A (Generate a private key and certificate request) at the main

menu prompt.Enter values for certificate request (press enter to skip value)-------------------------------------------------------------------------

2. Type your organization name and press Enter.Organization:

3. Type the desired organizational unit and press Enter.Organizational Unit:

4. Type the name of the agent you are requesting a certificate for and pressEnter.


Agent Name:

5. Type the contact email address and press Enter.Email:

6. Type the country in which the agent resides and press Enter.Country:

7. Type the state in which the agent resides (if the agent is located in the UnitedStates) and press Enter.State:

Note: Some certificate authorities do not accept two letter abbreviations forstates.

8. Type the name of the city in which the agent resides and press Enter.Locality:

9. Type Y to accept the values displayed or type N to re-enter the values andpress Enter.Accept these values (y/n)?

The key pair and certificate request are generated once the values areaccepted.

10. Type the name of the file to store the PEM certificate request and press Enter.Enter name of file to store PEM cert request (Enter to cancel):

11. Press Enter.The main menu reappears.

You must now request a certificate from a trusted certificate authority.

Example of Certificate Request ScriptThe following is an example of a certificate request:

Enter values for certificate request (press enter to skip value)-----------------------------------------------------------------Organization: ibmOrganizational Unit: engineeringAgent Name: ntagentEmail: [email protected]: USState: CaliforniaLocality: IrvineAccept these values (y/n)? yGenerating key pair and certificate request ...Enter name of file to store PEM cert request (Enter to cancel) : request.pemCertificate request written to request.pem. Press Enter to continue.

Example of request.pem File-----BEGIN CERTIFICATE REQUEST-----MIIB1jCCAT8CAQAwgZUxEjAQBgNVBAoTCWFjY2VzczM2MDEUMBIGA1UECxMLZW5naW5lZXJpbmcxEDAOBgNVBAMTB250YWdlbnQxJDAiBgkqhkiG9w0BCQEWFW50YWdlbnRAYWNjZXNzMzYwLmNvbTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExDzANBgNVBAcTBklydmluZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmR6AcPnwf6hLLc72BmUkAwaXcebtxCoCnnTH9uc8VuMHPbIMAgjuC4s91hPrilG7UtlbOfy6X3R3kbeR8apRR9uLYrPIvQ1b4NK0whsytij6syCySaFQIB6V7RPBatFr6XQ9hpsARdkGytZmGTgGTJ1hSS/jA6mbxpgmttz9HPECAwEAAaAAMA0GCSqGSIb3DQEBAgUAA4GBADxA1cDkvXhgZntHkwT9tCTqUNV9sim8N/U15HgMRh177jVaHJqbN1Er46vQSsOOOk4z2i/XwOmFkNNTXRVl9TLZZ/D+9mGZcDobcO+lbAKlePwyufxKXqdpu3d433H7xfJJSNYLYBFkrQJesITqKft0Q45gIjywIrbctVUCepL2-----END CERTIFICATE REQUEST-----


Installing the Certificate from a FileThe following procedure describes how to install a certificate in the agent registry.This is the certificate you receive from your trusted certificate authority aftersubmitting your certificate request.

Note: If you received the certificate as part of an e-mail message, copy the text ofthe certificate to a text file and copy the certificate file (the text file you justcreated) to the agent’s bin directory.

1. Type B (Install certificate from file) at the main menu prompt.A prompt appears:Enter name of certificate file:

2. Type the name of the certificate file and press Enter.The certificate is installed in the agent registry and the main menu reappears.

Installing the Certificate and Key from a PKCS12 FileThe following procedure describes how to install the certificate and the private keyin the agent registry from a PKCS12 (.pfx) file. This format includes both thecertificate and private key in a password protected file.

Note: Be sure to copy the certificate file to the agent’s bin directory. For example,C:\Tivoli\Agents\<agentname>\bin

1. Type C (Install certificate and key from PKCS12 file) at the main menu prompt.2. Type the name of the PKCS12 file that has the certificate and private key

information and press Enter.Enter name of PKCS12 file:

For example, DamlSrvr.pfx3. Type the password to access the file and press Enter.

Enter password:

The certificate and private key are installed in the agent registry.

Viewing Installed CertificatesYou can list all of the certificates installed on your system using option D (Viewcurrently installed certificates).

Type D (View currently installed certificates) at the main menu prompt.

The installed certificates are listed and the main menu reappears. The following isan example of an installed certificate:The following certificate is currently installed.Subject: c=US,st=California,l=Irvine,o=DAML,cn=DAML Server

Viewing CA CertificatesThe following procedure describes how to list all CA certificates installed on theagent.

Type E (List CA certificates) at the main menu prompt.


The installed CA certificates are listed and the main menu reappears. Thefollowing is an example only.Subject: o=IBM,ou=SampleCACert,cn=TestCAValid To: Wed Jul 26 23:59:59 2006

Installing a CA CertificateThe following procedure describes how to install a CA certificate.1. Type F (Install a CA certificate) at the main menu prompt.

A prompt appears:Enter name of certificate file:

2. Type the name of the certificate file and press Enter.The certificate file is opened and a prompt appears:[email protected],c=US,st=California,l=Irvine,o=IBM,ou=Engineering,cn=EngInstall the CA? (Y/N)

3. Type Y to install the certificate and press Enter.The CA certificate file is installed in the CACerts.pem file.

Deleting a CA CertificateThe following procedures describe how to delete a CA certificate from the agentdirectories.1. Type G (Delete a CA certificate) at the main menu prompt.

A list of all CA certificates installed on the agent is displayed.0 - [email protected],c=US,st=California,l=Irvine,o=IBM,ou=Engineering,cn=Eng1 - [email protected],c=US,st=California,l=Irvine,o=IBM,ou=Support,cn=SupportEnter number of CA certificate to remove:

2. Type the number of the CA certificate you want to remove and press Enter.The CA certificate is deleted from the CACerts.pem file and the main menureappears.

Viewing Registered CertificatesThe following procedures describe how to view a list of all registered certificatesavailable to the agent. Only requests that present a registered certificate will beaccepted by the agent when client validation is enabled.

Type H (List registered certificates) at the main menu prompt.

The registered certificates are displayed and the main menu reappears. Thefollowing is an example only.0 - [email protected],c=US,st=California,l=Irvine,o=IBM,ou=Engineering,cn=Eng1 - [email protected],c=US,st=California,l=Irvine,o=IBM,ou=Support,cn=Support

Registering a CertificateThe following procedures describe how to register a certificate for the agent.1. Type I (Register certificate) at the main menu prompt.

A prompt appears:Enter name of certificate file:

2. Type the name of the certificate file to be registered and press Enter.The subject of the certificate is displayed and a prompt appears.


[email protected],c=US,st=California,l=Irvine,o=IBM,ou=Engineering,cn=EngRegister this CA? (Y/N)

3. Type Y to register the certificate and press Enter.The certificate is registered to the agent and the main menu reappears.

Unregistering a CertificateThe following procedures describe how to unregister a certificate for the agent.1. Type J (Unregister a certificate) at the main menu prompt.

The registered certificates are displayed. The following is an example only.0 - [email protected],c=US,st=California,l=Irvine,o=IBM,ou=Engineering,cn=Eng1 - [email protected],c=US,st=California,l=Irvine,o=IBM,ou=Support,cn=Support

2. Type the number of the certificate file to be unregistered and press Enter.The subject of the selected certificate is displayed.

3. Type Y to unregister the certificate and press Enter.The certificate is removed from the registered certificate list for the agent andthe main menu reappears.


Appendix A. Agent Variables

The Novell Netware Agent consists of files and directories owned by the TivoliIdentity Manager account. The Tivoli Identity Manager-owned files establishcommunication with the Tivoli Identity Manager Server.

Variable DescriptionsThe Tivoli Identity Manager Server communicates with the Novell Netware Agentusing variables included in transmission packets sent over a network. Thecombination of variables, included in the packets, depends on the type of actionthe Tivoli Identity Manager Server requests from the Novell Netware Agent.

The following table is an alphabetical listing of the variables used by the NovellNetware Agent. The table gives a brief description and the data format associatedwith the variable.

Table 9. Variable descriptions

Variable Name Directory Server Attribute Description Data Format

City erNetwCity User’s city Single-valued string

containerId erNetwcontainerId Container in the NDS treewhere the user exists

Single-valued string

Default Server erNetwDefaultServer User’s default server Single-valued string

Department erNetwDepartment A list of this user’s otherknown organizational units

Multi-valued string

Description erNetwDescription A generic description field Multi-valued string

Fax erNetwFax User’s fax number(s) Multi-valued string

FullName erNetwFullName User’s full name Single-valued string

Generational Qualifier erNetwGenerationalQualifier Jr., Sr., for example Single-valued string

GivenName erNetwGivenName User’s first name Single-valued string

GroupDesc description

GroupMembership erNetwGroupMembership The groups this user belongsto


GroupType erNetwGroupType Identifies the attributesassociated with a specificgroup.

Multi-valued string

HomeDirectoryPath erNetwHomeDirPath The path on theHomeDirectoryServer wherethe user’s home directory islocated


HomeDirectoryServer erNetwHomeDirVolume The server which holds theuser’s home directory


Initials erNetwInitials User’s middle initial(s) Single-valued string

Language erNetwLanguage User’s preferred clientlanguages. Preferredlanguage is listed first.

single-valued,comma-delimitedstring.

Location erNetwLocation User’s physical location Multi-valued string


Table 9. Variable descriptions (continued)


LockedByIntruder erNetwLockedByIntruder Flag indicating whether ornot the account issuspended because ofunauthorized accessattempts

Boolean

LoginAllowedTimeMap erNetwLoginAllowedTimeMap Times of the week a user isallowed to log in

String

LoginDisabled erNetwLoginDisabled User’s login privilege(enabled/disabled)

Boolean

LoginExpirationTime erNetwLoginExpirationTime Time and date the user’saccount expires


LoginGraceLimit erNetwGraceLimitLogin The maximum number ofgrace logins allowed beforethe user must changehis/her password.


LoginGraceRemaining erNetwGraceRemainingLogin The user’s remainingnumber of grace logins.


LoginMaximumSimultaneous

erNetwLoginMaximumSimultaneous

The maximum number oflocations the user can log infrom at one time.

Single-valued string(max length:3)

NDSContext erNetwNdsContext Novell branch in which theuser’s account is located.


NdsServer erNetwNdsServer NDS Server name. This isnot the IP address.


NdsTree erNetwNdsTree Name of the NDS treespecified during installation


NdsUsername erNetwNdsUsername Administrator Usernamerequired for logging into theTree


NdsPassword erNetwNdsPassword Password for the user Single-valued string

OtherName erNetwOtherName A list of the user’s otherknown common names


Password erPassword User’s login password Single-valued-string

PasswordAllowChange erNetwPasswordAllowChange Allows the user to changepassword

Boolean

PasswordExpirationInterval

erNetwPwdExpInterval The number of days untilthe user’s password expires


PasswordExpriation Time erNetwPwdExpTime Time and date the user’spassword expires


PasswordMinimum Length erNetwPasswordMinimumLength

Minimum number ofcharacters required forpassword


PasswordRequired erNetwPasswordRequired Account requires password Boolean

PasswordUnique Required erNetwPasswordUnique Required User’s password must bedifferent from any usedbefore

Boolean

PoBox erNetwPoBox User’s post office box Single-valued string


Table 9. Variable descriptions (continued)


Profile erNetwProfile The profile to use for thisuser account


State erNetwState User’s state Single-valued string

StreetAddress erNetwStreetAddress User’s street address Single-valued string

Surname erNetwSurname User’s last name Single-valued string

Telephone erNetwTelephone User’s telephone number(s) Multi-valued string

Title erNetwTitle User’s job title Multi-valued string

UserName erUid User’s login name Single-valued string

UserStatus erAccountStatus User account’s status(suspended/restored)

Boolean

Zip erNetwZip User’s zip code/postal code Single-valued string

Variables by Novell Netware Agent ActionsThe following lists are typical Novell Netware Agent actions by their functionaltransaction group. The lists include more information about required and optionalvariables sent to the Novell Netware Agent to complete that action.

System Login AddA Login Add is a request to create a new user account in the domain with thespecified attributes.

Table 10. Add function

Required Variables Optional Variables

UserName

containerId

Surname

All other supported attributes

System Login ChangeUse the Change function to change one or more attributes for the specified users.

Table 11. Change function

Required Variables Optional Variables

userName

containerId

Surname

All other supported attributes

Appendix A. Agent Variables 39

System Login DeleteThe Delete function removes the specified user from the active directory.

Table 12. Delete function

Required Variables

UserName

containerId

System Login SuspendUse the Suspend function to disable a user account. The user is neither removednor are their attributes modified.

Table 13. Suspend function

Required Variables

UserName

containerId

System Login RestoreUse the Restore function to re-activate a user account that was previouslysuspended. After Restoring, the user can access the system with the same attributesas those before the Suspend function is called.

Table 14. Restore function

Required Variables

UserName

containerId

ReconciliationThe Reconciliation function synchronizes user account information between TivoliIdentity Manager and the agent. The following is a full set of access attributesreturned by reconciliation. An asterisk (*) denotes attributes that are forinformational purposes only.

Table 15. Reconciliation function

Attributes Returned During Reconciliation

All supported attributes


Appendix B. Additional Installation Options

This chapter describes installation options available when installing the agent.

In addition to installation information, instructions are provided to uninstall theagent. Each step includes a short procedure that completes one aspect of theoverall agent uninstall process. You must complete the steps in the order they arelisted.

Installation OptionsSeveral agent installation options are provided to account for disparateenvironments and preferences.

Batch File OptionThe setupconsole.exe file is provided to allow you to install the agent using abatch file. The setupconsole.exe file is different from setup.exe in thatsetupconsole.exe will wait for the java process to complete and return the exitcode. This allows a batch file to branch based on the results of the setup.

Console OptionUse the following command to install the agent from a console or command line:<agent or profile install>.exe -is:javaconsole -console

This performs a console-based installation that does not require a GUI. This isuseful on machines that install through a telnet session.

Setup ArgumentsThis section details arguments that can be used with the agent and agent profileinstallation executables. All of the arguments described here can be used with the-is:javaconsole -console option to use a command line text interface instead of aGUI.

<agent or profile install>.exe -options-record <filename>This command records the options that were selected during the installinto a file.

<agent or profile install>.exe -options-template <filename>This command creates a template file that has fields for all of the optionsthat may be selected during installation. This file can then be edited toinclude the desired responses and played back with the option below.

<agent or profile install>.exe -options-silent <filename>This command plays back the previously recorded file during a silentinstallation where installation is performed with no user interaction.

Agent RemovalThis section describes the Novell Netware Agent uninstall procedures. Give usersadvance warning that the resource will be unavailable prior to removing the agent.If the server is taken offline, Novell Netware Agent requests that are not completedmay not be recoverable when the server is back online.


Complete the following procedure to remove the Novell Netware Agent anddirectories.1. Stop the Novell Netware Agent service.2. Open Windows Explorer and execute uninstaller.exe.


The Novell Netware Agent uninstallation summary dialog window appears.4. Click Next.

The Novell Netware Agent components are deleted.5. Click Finish.

Note: Inspect the directory tree for Novell Netware Agent directories,subdirectories, and files to verify that uninstall is complete. The NovellNetware Agent should no longer appear in the Services dialog window.


Appendix C. Notices

This information was developed for products and services offered in the U.S.A.IBM may not offer the products, services, or features discussed in this document inother countries. Consult your local IBM representative for information on theproducts and services currently available in your area. Any reference to an IBMproduct, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product,program, or service that does not infringe any IBM intellectual property right maybe used instead. However, it is the user’s responsibility to evaluate and verify theoperation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matterdescribed in this document. The furnishing of this document does not give youany license to these patents. You can send license inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBMIntellectual Property Department in your country or send inquiries, in writing, to:

IBM World Trade Asia CorporationLicensing2-31 Roppongi 3-chome, Minato-kuTokyo 106-0032, Japan

The following paragraph does not apply to the United Kingdom or any othercountry where such provisions are inconsistent with local law:INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THISPUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express orimplied warranties in certain transactions, therefore, this statement may not applyto you.

This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will beincorporated in new editions of the publication. IBM may make improvementsand/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.

Any references in this information to non-IBM Web sites are provided forconvenience only and do not in any manner serve as an endorsement of those Websites. The materials at those Web sites are not part of the materials for this IBMproduct and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way itbelieves appropriate without incurring any obligation to you.


Licensees of this program who wish to have information about it for the purposeof enabling: (i) the exchange of information between independently createdprograms and other programs (including this one) and (ii) the mutual use of theinformation which has been exchanged should contact:

IBM Corporation2ZA4/10111400 Burnet RoadAustin, TX 78758U.S.A.

Such information may be available, subject to appropriate terms and conditions,including in some cases, payment of a fee.

The licensed program described in this information and all licensed materialavailable for it are provided by IBM under terms of the IBM Customer Agreement,IBM International Program License Agreement, or any equivalent agreementbetween us.

Any performance data contained herein was determined in a controlledenvironment. Therefore, the results obtained in other operating environments mayvary significantly. Some measurements may have been made on development-levelsystems and there is no guarantee that these measurements will be the same ongenerally available systems. Furthermore, some measurements may have beenestimated through extrapolation. Actual results may vary. Users of this documentshould verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers ofthose products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy ofperformance, compatibility or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to thesuppliers of those products.

TrademarksThe following terms are trademarks or registered trademarks of InternationalBusiness Machines Corporation in the United States, other countries, or both:

AIXDB2IBMIBM logoSecureWayTivoliTivoli logoUniversal DatabaseWebSphere

Lotus is a registered trademark of Lotus Development Corporation and/or IBMCorporation.

Domino is a trademark of International Business Machines Corporation and LotusDevelopment Corporation in the United States, other countries, or both.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks ofMicrosoft Corporation in the United States, other countries, or both.


Java and all Java-based trademarks and logos are trademarks or registeredtrademarks of Sun Microsystems, Inc. in the United States and other countries.

UNIX is a registered trademark of The Open Group in the United States and othercountries.

Other company, product, and service names may be trademarks or service marksof others.

Appendix C. Notices 45

Index

Aactivity logging 22administrator authority 3agent

event notification configuration 7installation

arguments 41batch file 41console 41overview 1uninstall 41

profileinstallation 9purpose 9requirements 9

removal 41variables

by Novell Netware Agent action 39descriptions 37

agent configuration toolSee agentCfg

agentCfgarguments, use 26changing agent parameters

accessing 13configuration key 21protocol settings 14registry settings 24request processing 25

menusactivity logging 22advanced settings 25event notification 17help 26Main Configuration 13Protocol Configuration 14registry 24

viewing configuration settings 14

Bbold text vi

Ccertificate

CAavailable functions 31deleting 35installing 35viewing installed 34

CertTool 29configuration settings, changing with CertTool 31example

request script 33request.pem file 33

installfrom file 34sample 34

certificate (continued)protocol configuration tool

See CertToolregistered

registering 35removing 36viewing 35

request 32viewing

installed 34registered 35

CertToolCA certificate

deleting 35installing 35viewing 34

certificateinstall 34register 32request 32viewing installed 34viewing registered 35

changing agent parametersaccessing 30options 31

install, certificate 34private key, generating 32registered certificate

registering 35removing 36viewing 35

character sets, support 25configuration

keychanging with agentCfg 21default value 13, 21purpose 13

settingschanging with agentCfg 13default value 14viewing with agentCfg 14

DDAML protocol

options 16properties, changing with agentCfg

options 16password 16portnumber 16srv_nodename 16srv_password 17srv_portnumber 16srv_username 17username 16validate_client_ce 17

debug logdefault value 22enable/disable with agentCfg 22purpose 23


detail logdefault value 22enable/disable with agentCfg 22purpose 23

documentsaccessing online vi

Eencrypted registry settings 24encryption

default value 16type 16

event notificationcache size 18changing with agentCfg 17context

baseline database 21deleting 19listing 19modifying 20search attributes 20target DN 21

enable/disable 18reconciliation

attributes 18context 19intervals 18modifying 19process priority 19

starting manually 18

Hhelp menu for agentCfg

accessing with -help command 26arguments

-agent 27-confidencetest 27-findall 27-help 27-hostname 27-list 27-netsearch 27-portnumber 27-schema 27-setup 27-tail 27-version 27

Iinstallation requirements

administrator authority 3, 9communication with Tivoli Identity Manager Server 3network connectivity 3operating system 3server 3, 9system 3

italic text i

Llog

directory, changing with agentCfg 22

log (continued)enable/disable, changing with agentCfg 22file name, changing with agentCfg 22, 23settings, changing with agentCfg

base logging 23enable/disable 22enable/disable debug mode 23enable/disable detail mode 23log file directory 22log file name 23max file size 23max files 23

settings, default values 22statistics 26

Mmonospace text vii

Nnetwork connectivity 3non-encrypted registry settings 24

Ooperating system requirements 3

Ppassword

changing with agentCfg 16purpose 16set value in Agent Maintenance 16

portnumberchanging with agentCfg 16purpose 16set value in Agent Maintenance 16

protocoladding with agentCfg 15configuring with agentCfg 15removing with agentCfg 15

publicationsaccessing online vi

Rreconciliation

variables 40registry settings

encrypted 24non-encrypted 24

return type records TRUE/FALSEdefault value 16

Sserver requirements 3, 9srv_nodename, changing with agentCfg 16srv_password, changing with agentCfg 17srv_portnumber, changing with agentCfg 16srv_username, changing with agentCfg 17system requirements 3


Tthread count settings

changing with agentCfg 25default values 25maximum concurrent requests 25reconciliation requests 25system login add requests 25system login change requests 25system login delete requests 25

Tivoli Identity Managerclustered configuration 30

Uusername, changing with agentCfg 16UTF8 support 25

Vvalidate_client_ce, changing with agentCfg 17variables

by Novell Netware Agent actionadd 39change 39delete 40reconciliation 40restore 40suspend 40

descriptions 37

Wwestern European character set, support 25

Index 49

��

Printed in U.S.A.

SC32-1158-03

IBM Tivoli Identity Manager: Novell Netware Agent Installation Guide

Documents

Transcript of IBM Tivoli Identity Manager: Novell Netware Agent Installation Guide