LDAPWiki: Trouble shooting User Application

Installation Tips#

Some installation and Troubleshooting Tips for Novell's User Application

MySQL#

If you already have MySQL installed,

Be sure you have a user that can be used in MySQL that can login from the localhost. (MySQL treats users with localhost priviliges different than the same user that has "remote" priviliges).
Create a "schema" named idm.
NOTE: User Appliction expects:
- character-set-server=utf8
- default-table-type=innodb
- lower_case_table_names=1!MySQL Connection Info

Is stored in the file:

/idm/jboss/server/IDM/deploy/IDM-ds.xml

Rights For User That User App Runs-as#

Set this up before you install it will be a lot easier. Be sure that tiy have a user that has rights to the directory where install the User App.

Starting and Stopping#

You MUST make sure the Database is running before trying to start the "User Application"!

Start:

/idm/start-jboss.sh

Stop:

/idm/stop-jboss.sh

Start the driver after starting Jboss.

NOTE:The driver, upon starting, attempts a handshake with the User Application If JBoss isn’t running or the WAR wasn’t successfully deployed, the driver errors out.

Where is it Running#

The "User Application" when installed with defaults is:

http://xxx.xxx.xxx.xxx:<port>/IDM/

Implementing https://#

Why this is not done out-of-the-box I have no idea. We are setting up a site that changes passwords and passing them in the clear.

Also, come on; Novell you are supposed to be "smart. Why not use a directory cert??

First, generate a cert.

/opt/novell/java/bin/keytool -genkey -alias tomcat -keyalg RSA -storepass changeit -keystore /home/userapp/novell/userapp/jboss/server/IDM/conf/jboss.jks -dname "cn=JBoss,o=willeke,l=butler,s=OH,c=US" -keypass changeit

Then edit the /home/userapp/novell/userapp/jboss/server/IDM/deploy/jbossweb-tomcat55.sar/server.xml file. Enable SSL by uncommenting or adding a section that looks like:

<Connector port="8443" address="${jboss.bind.address}"
   maxThreads="100" 
   strategy="ms" 
   maxHttpHeaderSize="8192"
   emptySessionPath="true"
   scheme="https" secure="true" 
   clientAuth="false"
   keystoreFile="${jboss.server.home.dir}/IDM/conf/jboss.jks"
   keystorePass="changeit" 
   sslProtocol = "TLS" />

!!Turning on the Application Security

In IDM.war, find the web.xml file and open it in a text editor. At the bottom of the file, uncomment the following section:

<security-constraint>
   <web-resource-collection>
      <web-resource-name>IDMProv</web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
      <description>IDM Provisioning Edition</description>
   </web-resource-collection>
   <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport guarantee>
   </user-data-constraint>
</security-constraint>

Save the file and the archive. Restart JBoss.

More Information#

There might be more information for this subject on one of the following: