Today we will install an ACDI Driver and connect it to ACDI.
First of all, we'll need to copy files from the Audit Driver folder.
Files from the Server folder are to be copied to the machine where the IDM is installed.
All those files need to be copied into opt/Novel/eDirectory/lib/direxml/classes if it's Linux or if it's Windows, then to NetIQ\identity manager\NDS\library.
After those files are copied, the IDM must be restarted.
Files from the Designer folder must be copied to the machine where the Designer is installed.
Later we will add the libraries you see on the screen to the Designer project.
Also, we'll need a keystore file with certificate or just the certificate which is used in the Audit Server. It's located in the ACDI certs.
So, the keystore we need is keystore.pfx. The required is stored inside this keystore and should be copied to the machine with IDM as well.
Also, during installation, the installator automatically creates a keystore and generates a self-signed certificate.
The password to this keystore is default – “Change it”.
Now we see the previously mentioned self-signed certificate with self-signed root.
All files are copied, and we will now go to Designer.
Open the project. Then right click on the Package Catalog and choose “Import package”.
Let’s click on “Browse” to select all packages.
Click Open and then OK.
The packages have been imported successfully.
Now let's create a Driver with the help of the following sequence of actions.
Right click on the Driver set . Then we will select “New” and “Driver”.
Here we click on “Import Driver Configuration”.
Click Browse to be able to select SKyPRO ACDI Base.
Here we can check packages and make some changes in configuration.
Next to the “Elasticsearch Server” you must define your server.
The URL you see right now must contain protocol, domain name, and port. If a reverse proxy isn't used, OpenSearch will be here in the URL as well.
Let’s set a User which has access to OpenSearch. By default, here we have “osadmin”. Let’s also set a password for this user.
Now we will define the path to Keystore and its password.
Click Next>, then confirm the installation tasks using Finish.
Now ACDI Driver is created.
Please open Properties and check the Driver configuration, for instance, Startup Option.
In Driver Parameters > Subscriber Options you will see the configurations you entered while creating the Driver.
Note: Sometimes you need to enter the passwords again but it is okay; sometimes this happens.
Please take a look at Tab Trace. The trace level must be 5. You can also configure or input the fields Trace files and Trace name.
It’s time to deploy the Driver.
See the deployment results and click OK.
Let’s now start the Driver.
After the Driver is started, please check the logs to make sure the license was implemented successfully.
Here you can enter either “adjust license” or “getLicenseFromES”.
We see that the license was applied successfully. Also, we can see the Server ID and the License validity.
This was the first way to implement a license in an ACDI Driver.
The second way is to copy the Server ID and then create a file with the Server ID as a file name.
Go to /opt/ > New > File.
Enter your Server ID as a file name. Click OK.
Here you see that the file has the copy-pasted license inside. Click Save.
Let’s go to ACDI Driver Properties.
And then to Driver Configuration > Driver Parameters > Subscriber Options.
In the field “Audit License file” you need to put a path to the file where you created the license earlier. Click Apply.
Then deploy configurations and restart the Driver.
By the way, reading a license from OpenSearch is a more reliable way to get a current license in comparison to copying and pasting it in Driver Configurations. It will always be up to date with current license validity.
After the Driver is started, let's do a quick check up in NetIQ Audit Dashboard.
For example, we can change the description and see our change in NetIQ Audit Dashboard (Dashboards > NetIQ Audit Dashboard > Load).
ACDI Driver was installed and configured successfully.
Please note: If you need to audit and monitor some custom classes or custom attributes, just add them to ACDI Driver filter.
So, this was it – quick and easy installation of a Driver.