IBM Security Identity Governance and Intelligence, Version 5.2

Installing the virtual appliance on UNIX with directory server

After you install directory server, you must configure it on UNIX to install the IBM® Security Identity Governance and Intelligence Virtual Appliance.

Procedure

  1. Install the supported version of IBM Security Directory Server. You must import a template that has IBM Security Directory Server Version 6.4.
  2. Create an instance user in /opt/IBM/ldap/V6.4/sbin with the following command. 
    ./idsadduser -u dirinst -w password -g idsldap
    • dirinst is the instance name.
    • password is the password.
    • idsldap is the default directory server group.
  3. Create a directory server instance with the following command. 
    ./idsicrt -I dirinst -e encryptionseed -l /home/dirinst
    • dirinst is the directory server instance name.
    • encryptionseed is the encryption seed.
    • /home/dirinst is the instance home.
  4. Create a user with the following commands.
    Note: You must add user to the root and idsldap group. You must make idsldap group the primary group for db2admin.
    useradd -g idsldap db2admin
passwd db2admin
- use "ideas" for password
usermod -G root db2admin
  5. Create a database for the newly created directory server instance with the following command. 
    ./idscfgdb -I dirinst -a db2admin -w password -t ldapdb -l /home/dirinst/
    • dirinst is the directory server instance name.
    • db2admin is the database administrator.
    • password is the database administrator password.
    • ldapdb is the database name.
    • /home/dirinst is the instance home.
  6. Set the password for directory server instance's Principal DN with the following command. 
    ./idsdnpw -I dirinst -u cn=root -p password
    • dirinst is the directory server instance name.
    • cn=root is the Principal DN.
    • password is the Principal DN password.
  7. Add the dc=com suffix in the directory server instance with the following command. 
    ./idscfgsuf -I dirinst -s dc=com
    • dirinst is the directory server instance name.
    • dc=com is the suffix.
  8. Start the directory server instance with the following command. 
    ./ibmslapd -I dirinst -n
    • dirinst is the directory server instance name.
  9. Create the dccom.ldif file.
    Note: Create the dccom.ldif file in a temporary folder. For example, /temp/.
    dn:dc=com
objectclass:domain
  10. Import the dccom.ldif file. 
    opt/IBM/ldap/V6.4/bin/idsldapadd -D cn=root -w password -p 389 -f /temp/dccom.ldif
Parent topic: Configuring the DB2 server