IDM - Virtual Directory Server

8/10/2019 IDM - Virtual Directory Server

1/18

SAP NetWeaver Identity Management

Virtual Directory Server

Installation and initial configuration

Version 7.2 Rev 4


2/18

Copyright 2011 SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express

permission of SAP AG. The information contained herein may be changed without prior notice.

Some software products marketed by SAP AG and its distributors contain proprietary software components of other

software vendors.

Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.

IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10,System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400,S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5,POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect,

RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli andInformix are trademarks or registered trademarks of IBM Corporation.

Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe

Systems Incorporated in the United States and/or other countries.

Oracle is a registered trademark of Oracle Corporation.

UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.

Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registeredtrademarks of Citrix Systems, Inc.

HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium,Massachusetts Institute of Technology.

Java is a registered trademark of Sun Microsystems, Inc.

JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented andimplemented by Netscape.

SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and

services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG inGermany and other countries.

Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, WebIntelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective

logos are trademarks or registered trademarks of Business Objects S.A. in the United States and in other countries.Business Objects is an SAP company.

All other product and service names mentioned are the trademarks of their respective companies. Data contained in thisdocument serves informational purposes only. National product specifications may vary.

These materials are subject to change without notice. These materials are provided by SAP AG and its affiliatedcompanies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP

Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group

products and services are those that are set forth in the express warranty statements accompanying such products andservices, if any. Nothing herein should be construed as constituting an additional warranty.


3/18

i


Preface

The productThe SAP NetWeaver Identity Management Virtual Directory Server can logically representinformation from a number of disparate directories, databases, and other data repositories in a

virtual directory tree. Different users and applications can, based on their access rights, getdifferent views of the information.

Features like namespace conversion and schema adaptations provide a flexible solution that cancontinually grow and change to support demands from current and future applications, as well

as requirements for security and privacy, without changing the underlying architecture anddesign of data stores like databases and directories.

The reader

This manual is intended for people who are to install and perform the initial configuration of the

Virtual Directory Server.

Prerequisite knowledge

To get the most benefit from this manual, you should have the following knowledge:

Basic knowledge of Java.

The manual

This document describes how you install and configure the Virtual Directory Server.

Related documents

You can find useful information in the following documents:

SAP NetWeaver Identity Management Security Guide

SAP NetWeaver Identity Management Migrating from Identity Management 7.1 to 7.2

SAP Notes

1498369 SAP NetWeaver Identity Management 7.2

The X.500 standard, which can be ordered from http://www.itu.int.

LDAP v. 2, RFC1777, "Lightweight Directory Access Protocol".

LDAP v. 3, RFC 2251, "Lightweight Directory Access Protocol (V3)".

RFCs and Internet drafts can be downloaded from http://www.ietf.org.
http://www.itu.int/http://www.itu.int/http://www.ietf.org/http://www.ietf.org/http://www.ietf.org/http://www.itu.int/


4/18

ii



5/18

iii


Table of contents

Introduction .................................................................................................................................. 1

Architecture overview ...........................................................................................................................1

Installation preparation ................................................................................................................ 2

Installing the Java Virtual Machine (JVM) ............................................................................................2

Installing the JDBC drivers ...................................................................................................................2

Installing a Java compiler ......................................................................................................................2

Verifying the Java Virtual Machine .......................................................................................................3

Installation..................................................................................................................................... 4

Command line switches to the installation job .......................................................................................4

Running the Virtual Directory Server ....................................................................................................5

Post-installation ............................................................................................................................. 6

Configuring the Virtual Directory Server environment ..........................................................................6

Prerequisites for paging ........................................................................................................................8

Alternative LDAP connector .................................................................................................................8

Database for version control ..................................................................................................................9

Prerequisites for the SAML outbound connector ...................................................................................9

Prerequisites for event triggers and SendMail event actions ...................................................................9

External LDAP client ............................................................................................................................9

Upgrading the Virtual Directory Server .................................................................................... 10

Upgrading the software .......................................................................................................................10

Upgrading the configuration files ........................................................................................................10

Recommended reading ............................................................................................................... 11


6/18

iv



7/18

1

Introduction

SAP NetWeaver Identity Management Virtual Directory Server Installation and initial configuration


Introduction

This document describes how you install and upgrade the Virtual Directory Server. Thedocument also contains information about how you configure the environment for the Virtual

Directory Server.

Architecture overview

The following illustration gives a high-level overview over the architecture of the VirtualDirectory Server:

The user interface that is used to maintain the configuration is installed on one server, while theconfigurations are deployed on one or more servers running SAP NetWeaver AS Java.


8/18

2

Installation preparation




Before you install the Virtual Directory Server make sure that the following prerequisitesoftware is installed:

A Java Virtual Machine (JVM).

JDBC drivers to any database systems accessed by the Virtual Directory Server.

A Java compiler for developing Java classes.

Installing the Java Virtual Machine (JVM)

A Java Virtual Machine (JVM) conforming to the Java 2 specifications, version 1.4 or 1.5, mustbe correctly installed and configured. It is recommended to use the SAP JVM, but you couldalso use another, for instance the Sun JVM or IBM JVM.

Note:

If using the IBM JVM, remove the file xerces.jar from \jre\lib\ext) after

installation.

The installer needs a Java VM to run. If you have only SAP JVM installed on the system, you

must add the \bin folder in the installation directory to the PATH environment variable, forinstance c:\usr\sap\sapjvm_5\bin.

Installing the JDBC drivers

JDBC drivers for any database systems you intend to access with the Virtual Directory Server.

Add these drivers to classpath as described on page 8.

Installing a Java compiler

A Java compiler is required to develop and compile Java classes. You can choose between the

following options:

Download and install the JDK from http://java.sun.com(version 1.4 or 1.5). Then you select

"Use specified compiler" and select the javac.exe of the JDK installation in the "Options"dialog box. See page 10.

If you have installed JRE and do not want to install the complete JDK, you can downloadtools.jarcorresponding to your version of JRE from http://java.sun.com.Place it in the\lib\jdk1.xdirectory. Select "Use embedded compiler" in the "Options" dialogbox.
http://java.sun.com/http://java.sun.com/http://java.sun.com/http://java.sun.com/http://java.sun.com/http://java.sun.com/


9/18

3




Verifying the Java Virtual Machine

You can verify the version of your Java Virtual Machine by opening a console (chooseStart/Runand enter cmd.exein the "Open" field.) and type:

C: \ >j ava ver si on

Version number should be 1.4.x or 1.5.x.


10/18

4

Installation



Installation

To install the Virtual Directory Server:

1. Navigate to the download area of SAP NetWeaver Identity Management 7.2 on SAP

Service Marketplace and download the installation kit.

2. Unpack the installation set to a separate directory.

3. Start the installation job corresponding to your platform and supply the necessaryinformation.

Note:

If changing to another path than the default installation path, make sure that the path does not

contain spaces if you install on a Unix system.

Command line switches to the installation job

You can use command line switches to the installation job to control:

For silent install

To specify a specific Java Virtual Machine

Silent install of the Virtual Directory Server

It is possible to start the installation job in silent mode by starting the installation job with a

command line option:

- si l ent

When running the installation job in this mode, the installation wizard will not be displayed, anddefault values are used for the installation directory.

If you want to use another than the default installation directory, you can use a second commandline switch:

- si l ent - P i nst al l Locat i on=

Note:Make sure that the path does not contain spaces if you install on a Unix system.

Specifying a specific Java Virtual Machine

If there are more than one Java Virtual Machines on your computer, it may be necessary tospecify which of them should be used when installing the Virtual Directory Server. You can usethe following command line switch:

- i s: j avahome


11/18

5

Installation



Running the Virtual Directory Server

How you start the Virtual Directory Server depends on the platform.

Starting the Virtual Directory Server on Microsoft Windows

After the installation is finished, choosePrograms/SAP NetWeaver Identity Management/Virtual Directory Serverfrom the "Start"menu.

Starting the Virtual Directory Server on Unix

Note:This requires a working X-Windows setup.

After the installation is finished, go to the installation directory of the Virtual Directory Server,

the default is/usr/sap/idm/Virtual Directory Server.

Execute ./Virtual Directory Server.


12/18

6

Post-installation



Post-installation

After the Virtual Directory Server is installed, some initial configuration is necessary.Depending on how you plan to use the Virtual Directory Server, you may also need to add some

external components.

Configuring the Virtual Directory Server environment

The Virtual Directory Server needs some initial information in order to operate properly. Thedialog box below is automatically displayed when you start the Virtual Directory Server first

time. You can also open this dialog box by choosing Tools/Options.

Note:

For detailed information about the dialog box, choose "Help" to open the help file.

1. Select the "General" tab:

PathsVerify that the paths for to the different directories are correct.

Encryption key fileIf the Identity Center is installed on the same server, select the same keys.inifile that is usedby the Identity Center, normally located in C:\usr\SAP\IdM\Identity Center\Key\Keys.ini. Ifnot, distribute the keys.inifile as described in SAP NetWeaver Identity ManagementSecurity Guide.

Java compiler

Configure the parameters for the Java compiler if you want to compile Java classes.Select "Use embedded compiler" if you run JRE and have downloaded tools.jaras

described on page 6.


13/18

7

Post-installation



If you have installed JDK, select "Use specified compiler" and selectjavac.exefrom your

JDK installation.

"Autosave configuration on all changes" should normally be selected.

2. Select the "External tools" tab:

Select the browser you want to use for viewing the help file and Javadoc. The "Help files"field contains the default start page for the help file.

Select which tool you want to use for the formatting of the Java source code. You can eitheruse the built-in formatter or an external formatter (for instance Jalopy).


14/18

8

Post-installation



3. Select the "Classpath" tab:

If necessary, add any files or folders to the classpath that are specific to the Virtual

Directory Server, for instance if they are needed by the specified JDBC drivers.4. Choose "OK".

Prerequisites for paging

To be able to use the paging mechanism when accessing an LDAP directory, you need todownload and install the LDAP Booster Pack that is part of the Java Naming and Directory

Interface (JNDI) (http://java.sun.com/products/jndi/).

Locate the file ldapbp.jarin the download. Add this to classpath, as described on page 8.

Alternative LDAP connector

If you must use the alternative (low-memory-consumption) LDAP connector, you mustdownload the following file:

ldapjdk.jar

The file is part of the Netscape Directory SDK for Java that can be downloaded from

http://www.mozilla.org/directory/javasdk.html. Follow the instructions given on the page andcopy the file to \lib.
http://java.sun.com/products/jndi/http://java.sun.com/products/jndi/http://www.mozilla.org/directory/javasdk.htmlhttp://www.mozilla.org/directory/javasdk.htmlhttp://www.mozilla.org/directory/javasdk.htmlhttp://java.sun.com/products/jndi/


15/18

9

Post-installation



Database for version control

If you are going to use the version control within the Virtual Directory Server, you need adatabase where you can create the necessary tables. The following database systems aresupported:

Microsoft SQL Server

Oracle

Prerequisites for the SAML outbound connector

If you are going to use the SAML outbound connector, you need opensaml.jar(http://www.opensaml.org).

Copy the file to \lib.

Prerequisites for event triggers and SendMail event

actions

If you are going to use event triggers or the SendMail event action, you need mail.jarfrom theJavaMail API (http://java.sun.com/products/javamail/).

Copy the file to \lib.

External LDAP clientThe Virtual Directory Server contains an internal LDAP client, but you may need an externalLDAP client for viewing the contents of the Virtual Directory Server.
http://www.opensaml.org/http://www.opensaml.org/http://java.sun.com/products/javamail/http://java.sun.com/products/javamail/http://java.sun.com/products/javamail/http://www.opensaml.org/


16/18

10

Upgrading the Virtual Directory Server



Upgrading the Virtual Directory Server

When upgrading the Virtual Directory Server, you perform the following steps:

Upgrading the software

Upgrading the configuration files

Upgrading the software

To upgrade the software:

1. Stop any local services.

Note:

Deployments on SAP NetWeaver AS Java are not affected.

2. Close the user interface.3. Upgrade the software by running the installation job as described on page 4.

Note:

All data source templates are removed, except those prefixed withcustom.

Upgrading the configuration files

To upgrade the configuration files:

1. If you want to upgrade the deployed configurations, you must open the configuration file in

the user interface. The configuration file is patched to the new version.2. Restart any local services.

3. Redeploy deployed configurations.


17/18

11

Recommended reading



Recommended reading

Tutorials

There are several tutorials accompanying the product:

SAP NetWeaver Identity Management Virtual Directory Server Tutorial: Accessing LDAP

servers

SAP NetWeaver Identity Management Virtual Directory Server Tutorial: Accessing

databases

SAP NetWeaver Identity Management Virtual Directory Server Tutorial: Using Virtualview

SAP NetWeaver Identity Management Virtual Directory Server Tutorial: Joining data

sources

SAP NetWeaver Identity Management Virtual Directory Server Tutorial: Implementing

dynamic add

They describe various aspects of the product.

Help file

The help file contains a section called "Concepts of the Virtual Directory Server" that describesthe main concepts of the product.


18/18

12

Recommended reading


IDM - Virtual Directory Server

Documents

Transcript of IDM - Virtual Directory Server