Today we will install an ACDI Driver and connect it to ACDI.
First of all, we'll need to copy files from the Audit Driver folder
Files from the Server folder are to be copied to the machine where the IDM is installed.
Copy the files into:
/opt/novell/eDirectory/lib/dirxml/classes (Linux)
or
C:\NetIQ\Identity manager\NDS\lib (Windows)
An example Linux command would be something like:
scp root@acdip:/opt/acdi/AuditDriver/Server/* /opt/novell/eDirectory/lib/dirxml/classes/
After those files are copied, the IDM must be restarted.
Files from the Designer folder must be copied to the machine where the Designer is installed.
Later we will add these libraries to the Designer project.
Also, we'll need a keystore file with certificate or just the certificate which is used in the Audit Server. It's located in the ACDI certs.
The keystore we need is keystore.pfx. The installer automatically created this keystore and generated a self-signed certificate inside this keystore. It should be copied to the machine with IDM. Remember where it’s been copied, we will need it later when doing the driver settings. We used /opt/acdi
Now go to Designer to add the libraries copied in Step 1.
Open the project. Then right click on the Package Catalog and choose “Import package”.
Let’s click on “Browse” to select our packages.
Click Open and then on the next window OK.
The packages have been imported successfully.
Now let's create a Driver with the help of the following sequence of actions.
Right click on the Driver set . Then we will select New -> Driver.
Select SKyPRO ACDI Base and click Next
On the Select Optional features window, click Next
Now it’s time for driver configuration
Scroll down to see all the settings.
For Elasticsearch Server you must define your server. The URL must contain protocol, domain name, and port. If a reverse proxy isn't used, OpenSearch will be here in the URL as well.
For User set a user which has access to OpenSearch, default is “osadmin”. Also set a password for this user.
Lastly set the KeyStore filepath and its password (the one copied in Step 2)
Once done, the settings should look like this
Click Next. The following window is okay on defaults so click Next again.
On Confirm Installation Tasks, click Finish.
Now the ACDI Driver has been created.
Open Properties and check the Driver configuration, for instance, Startup Option.
In Driver Parameters > Subscriber Options you will see the configurations you entered while creating the Driver.
Note: Sometimes you need to enter the passwords again but it is okay; sometimes this happens.
Please take a look at Tab Trace. The trace level must be 5. You should also configure Trace file here, we’ll need it in Step 8.
It’s time to deploy the Driver.
See the deployment results and click OK.
Let’s now start the Driver.
After the Driver is started, please check the logs to make sure the license was implemented successfully.
In the log, you can search for either “adjust license” or “getLicenseFromES”.
We see that the license was applied successfully. Also, we can see the Server ID and the License validity.
The license can also be set manually by adding it as a file on the IDM machine, and pointing to it in the driver properties
Create a file on the IDM with the Server ID listed in ACDI, and set its contents to the License key.
For example on Linux, create the file, open in vi and add the contents.
Let’s go to ACDI Driver Properties.
And then to Driver Configuration > Driver Parameters > Subscriber Options.
In the field “Audit License file” you need to put a path to the file where you created the license earlier.
Click Apply.
Then deploy configurations and restart the Driver.
Be aware, reading a license from OpenSearch is a more reliable way to get a current license in comparison to copying and pasting it in Driver Configurations. It will always be up to date with current license validity.
After the Driver is started, let's do a quick check up in NetIQ Audit Dashboard.
For example, we can change the description and see our change in NetIQ Audit Dashboard:
Dashboards -> NetIQ Audit Dashboard -> Load
ACDI Driver was installed and configured successfully.
Please note: If you need to audit and monitor some custom classes or custom attributes, just add them to the ACDI Driver filter.
So, this was it – quick and easy installation of a Driver.