SAP NetWeaver Identity Management Virtual Directory Server Installation and Intial Configuration

SAP NetWeaver Identity ManagementVirtual Directory Server

Installation and initial configuration

Version 7.2 Rev 7

2014 SAP AG or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. Theinformation contained herein may be changed without prior notice.

Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.

National product specifications may vary.

These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation orwarranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Groupproducts and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing hereinshould be construed as constituting an additional warranty.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG inGermany and other countries. Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark informationand notices.

i Copyright 2014 SAP AG. All rights reserved.

Preface

The productThe SAP NetWeaver Identity Management Virtual Directory Server can logically representinformation from a number of disparate directories, databases, and other data repositories in avirtual directory tree. Different users and applications can, based on their access rights, getdifferent views of the information.

Features like namespace conversion and schema adaptations provide a flexible solution that cancontinually grow and change to support demands from current and future applications, as wellas requirements for security and privacy, without changing the underlying architecture anddesign of data stores like databases and directories.

The readerThis manual is intended for people who are to install and perform the initial configuration of theVirtual Directory Server.

Prerequisite knowledgeTo get the most benefit from this manual, you should have the following knowledge:

x Basic knowledge of Java.

The manualThis document describes how you install and configure the Virtual Directory Server.

Related documentsYou can find useful information in the following documents:

x SAP NetWeaver Identity Management Security Guidex SAP NetWeaver Identity Management Migrating from Identity Management 7.1 to 7.2x SAP Notesx 1498369 SAP NetWeaver Identity Management 7.2

x The X.500 standard, which can be ordered from http://www.itu.int.x LDAP v. 2, RFC1777, "Lightweight Directory Access Protocol".x LDAP v. 3, RFC 2251, "Lightweight Directory Access Protocol (V3)".RFCs and Internet drafts can be downloaded from http://www.ietf.org.

ii

Copyright 2014 SAP AG. All rights reserved.

iii


Table of contentsIntroduction .................................................................................................................................. 1

Architecture overview ........................................................................................................................... 1Installation preparation ................................................................................................................ 2

Installing the Java Virtual Machine (JVM) ............................................................................................ 2Installing the JDBC drivers ................................................................................................................... 2Installing a Java compiler ...................................................................................................................... 2Verifying the Java Virtual Machine ....................................................................................................... 3

Installation ..................................................................................................................................... 4Command line switches to the installation job ....................................................................................... 4Running the Virtual Directory Server .................................................................................................... 5

Post-installation ............................................................................................................................. 6Configuring the Virtual Directory Server environment .......................................................................... 6Prerequisites for paging ........................................................................................................................ 8Alternative LDAP connector ................................................................................................................. 8Prerequisites for the SAML outbound connector ................................................................................... 9Prerequisites for event triggers and SendMail event actions ................................................................... 9External LDAP client ............................................................................................................................ 9

Upgrading the Virtual Directory Server .................................................................................... 10Upgrading the software ....................................................................................................................... 10Upgrading the configuration files ........................................................................................................ 10

Recommended reading ............................................................................................................... 11

iv


1IntroductionSAP NetWeaver Identity Management Virtual Directory Server Installation and initial configuration


IntroductionThis document describes how you install and upgrade the Virtual Directory Server. Thedocument also contains information about how you configure the environment for the VirtualDirectory Server.

Architecture overviewThe following illustration gives a high-level overview over the architecture of the VirtualDirectory Server:

The user interface that is used to maintain the configuration is installed on one server, while theconfigurations are deployed on one or more servers running SAP NetWeaver AS Java.

2Installation preparation

SAP NetWeaver Identity Management Virtual Directory Server Installation and initial configuration


Installation preparationBefore you install the Virtual Directory Server make sure that the following prerequisitesoftware is installed:

x A Java Virtual Machine (JVM).x JDBC drivers to any database systems accessed by the Virtual Directory Server.x A Java compiler for developing Java classes.

Installing the Java Virtual Machine (JVM)A Java Virtual Machine (JVM) conforming to the Java 2 specifications, version 1.4, 1.5 or 1.6,must be correctly installed and configured. It is recommended to use the SAP JVM, but youcould also use another, for instance the Sun JVM or IBM JVM.

Note:If using the IBM JVM, remove the file xerces.jar from \jre\lib\ext) afterinstallation.

The installer needs a Java VM to run. If you have only SAP JVM installed on the system, youmust add the \bin folder in the installation directory to the PATH environment variable, forinstance c:\usr\sap\sapjvm_5\bin.

Installing the JDBC driversJDBC drivers for any database systems you intend to access with the Virtual Directory Server.Add these drivers to classpath as described on page 8.

Installing a Java compilerA Java compiler is required to develop and compile Java classes. You can choose between thefollowing options:

x Download and install the JDK from http://java.sun.com (version 1.4, 1.5 or 1.6). Then youselect "Use specified compiler" and select the javac.exe of the JDK installation in the"Options" dialog box. See page 10.

x If you have installed JRE and do not want to install the complete JDK, you can downloadtools.jar corresponding to your version of JRE from http://java.sun.com. Place it in the\lib\jdk1.x directory. Select "Use embedded compiler" in the "Options" dialogbox.

3Installation preparationSAP NetWeaver Identity Management Virtual Directory Server Installation and initial configuration


Verifying the Java Virtual MachineYou can verify the version of your Java Virtual Machine by opening a console (chooseStart/Run and enter cmd.exe in the "Open" field.) and type:

C:\>java version

Version number should be 1.4.x, 1.5.x or 1.6.x.

4Installation



InstallationTo install the Virtual Directory Server:

1. Navigate to the download area of SAP NetWeaver Identity Management 7.2 on SAPService Marketplace and download the installation kit.

2. Unpack the installation set to a separate directory.

3. Start the installation job corresponding to your platform and supply the necessaryinformation.

Note:If changing to another path than the default installation path, make sure that the path does notcontain spaces if you install on a Unix system.

Note:If your operation system is Windows 8 or Windows Server 2012, the .exe installation file shouldrun in Compatibility mode for Windows 7. The installation will fail, if this condition is not met.

Command line switches to the installation jobYou can use command line switches to the installation job to control:

x For silent installx To specify a specific Java Virtual Machine

Silent install of the Virtual Directory ServerIt is possible to start the installation job in silent mode by starting the installation job with acommand line option:

-silent

When running the installation job in this mode, the installation wizard will not be displayed, anddefault values are used for the installation directory.

If you want to use another than the default installation directory, you can use a second commandline switch:

-silent -P installLocation=

Note:Make sure that the path does not contain spaces if you install on a Unix system.

Specifying a specific Java Virtual MachineIf there are more than one Java Virtual Machines on your computer, it may be necessary tospecify which of them should be used when installing the Virtual Directory Server. You can usethe following command line switch:

-is:javahome

5InstallationSAP NetWeaver Identity Management Virtual Directory Server Installation and initial configuration


Running the Virtual Directory ServerHow you start the Virtual Directory Server depends on the platform.

Starting the Virtual Directory Server on Microsoft WindowsAfter the installation is finished, choosePrograms/SAP NetWeaver Identity Management/Virtual Directory Server from the "Start"menu.

Starting the Virtual Directory Server on UnixNote:This requires a working X-Windows setup.

After the installation is finished, go to the installation directory of the Virtual Directory Server,the default is /usr/sap/idm/Virtual Directory Server.

Execute ./Virtual Directory Server.

6Post-installation



Post-installationAfter the Virtual Directory Server is installed, some initial configuration is necessary.Depending on how you plan to use the Virtual Directory Server, you may also need to add someexternal components.

Configuring the Virtual Directory Server environmentThe Virtual Directory Server needs some initial information in order to operate properly. Thedialog box below is automatically displayed when you start the Virtual Directory Server firsttime. You can also open this dialog box by choosing Tools/Options.

Note:For detailed information about the dialog box, choose "Help" to open the help file.

1. Select the "General" tab:

PathsVerify that the paths for to the different directories are correct.

Encryption key fileIf the Identity Center is installed on the same server, select the same keys.ini file that is usedby the Identity Center, normally located in C:\usr\SAP\IdM\Identity Center\Key\Keys.ini. Ifnot, distribute the keys.ini file as described in SAP NetWeaver Identity ManagementSecurity Guide.

Java compilerConfigure the parameters for the Java compiler if you want to compile Java classes.

Select "Use embedded compiler" if you run JRE and have downloaded tools.jar asdescribed on page 6.

7Post-installationSAP NetWeaver Identity Management Virtual Directory Server Installation and initial configuration


If you have installed JDK, select "Use specified compiler" and select javac.exe from yourJDK installation.

"Autosave configuration on all changes" should normally be selected.

2. Select the "External tools" tab:

Select the browser you want to use for viewing the help file and Javadoc. The "Help files"field contains the default start page for the help file.

Select which tool you want to use for the formatting of the Java source code. You can eitheruse the built-in formatter or an external formatter (for instance Jalopy).

8Post-installation



3. Select the "Classpath" tab:

If necessary, add any files or folders to the classpath that are specific to the VirtualDirectory Server, for instance if they are needed by the specified JDBC drivers.

4. Choose "OK".

Prerequisites for pagingTo be able to use the paging mechanism when accessing an LDAP directory, you need todownload and install the LDAP Booster Pack that is part of the Java Naming and DirectoryInterface (JNDI) (http://java.sun.com/products/jndi/).

Locate the file ldapbp.jar in the download. Add this to classpath, as described on page 8.

Alternative LDAP connectorIf you must use the alternative (low-memory-consumption) LDAP connector, you mustdownload the following file:

x ldapjdk.jarThe file is part of the Netscape Directory SDK for Java that can be downloaded fromhttp://www.mozilla.org/directory/javasdk.html. Follow the instructions given on the page andcopy the file to \lib.

9Post-installationSAP NetWeaver Identity Management Virtual Directory Server Installation and initial configuration


Prerequisites for the SAML outbound connectorIf you are going to use the SAML outbound connector, you need opensaml.jar(http://www.opensaml.org).

Copy the file to \lib.

Prerequisites for event triggers and SendMail eventactionsIf you are going to use event triggers or the SendMail event action, you need mail.jar from theJavaMail API (http://java.sun.com/products/javamail/).

Copy the file to \lib.

External LDAP clientThe Virtual Directory Server contains an internal LDAP client, but you may need an externalLDAP client for viewing the contents of the Virtual Directory Server.

10Upgrading the Virtual Directory Server



Upgrading the Virtual Directory ServerWhen upgrading the Virtual Directory Server, you perform the following steps:

x Upgrading the softwarex Upgrading the configuration files

Upgrading the softwareTo upgrade the software:

1. Stop any local services.

Note:Deployments on SAP NetWeaver AS Java are not affected.

2. Close the user interface.

3. Upgrade the software by running the installation job as described on page 4.

Note:All data source templates are removed, except those prefixed with custom.

Upgrading the configuration filesTo upgrade the configuration files:

1. If you want to upgrade the deployed configurations, you must open the configuration file inthe user interface. The configuration file is patched to the new version.

2. Restart any local services.

3. Redeploy deployed configurations.

11Recommended readingSAP NetWeaver Identity Management Virtual Directory Server Installation and initial configuration


Recommended reading

TutorialsThere are several tutorials accompanying the product:

x SAP NetWeaver Identity Management Virtual Directory Server Tutorial: Accessing LDAPservers

x SAP NetWeaver Identity Management Virtual Directory Server Tutorial: Accessingdatabases

x SAP NetWeaver Identity Management Virtual Directory Server Tutorial: Using Virtualview

x SAP NetWeaver Identity Management Virtual Directory Server Tutorial: Joining datasources

x SAP NetWeaver Identity Management Virtual Directory Server Tutorial: Implementingdynamic add

They describe various aspects of the product.

Help fileThe help file contains a section called "Concepts of the Virtual Directory Server" that describesthe main concepts of the product.

12Recommended reading



SAP NetWeaver Identity Management Virtual Directory Server Installation and initial configurationPrefaceTable of ContentsIntroductionArchitecture overview

Installation preparationInstalling the Java Virtual Machine (JVM)Installing the JDBC driversInstalling a Java compilerVerifying the Java Virtual Machine

InstallationCommand line switches to the installation jobSilent install of the Virtual Directory ServerSpecifying a specific Java Virtual Machine

Running the Virtual Directory ServerStarting the Virtual Directory Server on Microsoft WindowsStarting the Virtual Directory Server on Unix

Post-installationConfiguring the Virtual Directory Server environmentPrerequisites for pagingAlternative LDAP connectorPrerequisites for the SAML outbound connectorPrerequisites for event triggers and SendMail event actionsExternal LDAP client

Upgrading the Virtual Directory ServerUpgrading the softwareUpgrading the configuration files

Recommended readingTutorialsHelp file

Documents

SAP NetWeaver Identity Management Virtual Directory Server Installation and Intial Configuration