Well this is my first blog post so I decided to write about something I have extensive experience on. So my first post is regarding IBM Security Identity Manager 7.
A client of mine who had purchased IBM Security Identity Manager wanted to use RHEL 7.4 for the middleware components. I checked the IBM site and RHEL 7.4 was not officially supported. However the client insisted that we use the latest OS for middleware components.
So I decided to check if it was possible to simply install IBM DB2 10.5 and IBM Security Directory Server 6.4 (SDS) without any issues. Unfortunately it was not a simple task.
After doing some research, failing installations multiple times, sweeping through the logs, I finally managed to install both DB2, SDS successfully. I also managed to run the ISIM Middleware Configuration Tool to configure the instance (though this can be done manually as well).
So here are the steps in case anyone wants to do the same.
You can install the required packages using yum. If the server is not connected to the internet, then just mount the Red Hat ISO and set it up as a repository. A guide for this is mentioned in brief at the end of this article or you can refer to RHEL documentation for the same.
libstdc++.i686 pam-devel.i686 dos2unix ksh
A brief description for these packages:
- libstdc++.i686 & pam-devel.i686 are required by DB2.
- dos2unix is required for database setup in case you want to install IBM Security Identity Governance & Intelligence as well.
- ksh is needed for SDS setup as the license agreement for SDS is presented as a ksh script. If you do not have ksh installed, then SDS setup fails (IBM please fix this).
Another issue I faced was java related. The Middleware Configuration Utility executable cfg_itim_mw_xlinux failed to execute. This I assumed was mostly due to the java version being used. To fix this, either add one of the IBM Java shipped with SDS or DB2 into the PATH or execute the cfg_itim_mw.jar file directly while using IBM Java executable. Below is an example using java shipped with DB2. Correct the path to files as per your environment and run the command.
/opt/IBM/DB2/V10.5/java/bin/java - jar /swdump/ISIMMCT/cfg_itim_mw.jar
Once you have the packages installed, we need to make some file links so that the ISIM Middleware Configuration Utility (MCT) does not fail to create users. I faced this issue while trying to run the tool. The log file suggested that a library libstdc++.so.5 is missing. When I did a search for the library on the OS, I found that I had newer version of the library libstdc++.so.6. Then I tried to trick the MCT by creating a file link in the lib directory with the name libstdc++.so.5 which is linking to libstdc++.so.6. Apparently that works and MCT configured the database and LDAP successfully.
To create the file links, execute the following commands:
ln -s /usr/lib/libstdc++.so.6 /usr/lib/libstdc++.so.5 ln -s /usr/lib64/libstdc++.so.6 /usr/lib64/libstdc++.so.5
Mounting the RHEL ISO as a repository
If your server cannot access the internet to install the required packages, you can mount the RHEL ISO and set it up as a repository. You can either extract the RHEL ISO contents into a directory or directly mount it. I went with the first option.
Navigate to the extracted/mounted files and copy media.repo to /etc/yum.repos.d/ directory. Rename the file to something sensible like rhel74iso.repo
Edit the file rhel74iso.repo and make sure the following parameters are set as shown. If any line is missing, you can add it.
gpgcheck=1 enabled=1 baseurl=file:///swdump/rhel74iso gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Here the baseurl property should point to your extracted/mounted files. Save the file and enter the following commands in terminal.
yum clean all subscription-manager clean
You can check if the repository is set correctly by entering the following command in terminal. It should return a big list of repositories.
yum --noplugins list
These steps are sufficient to install ISIM middleware components successfully on RHEL 7.4. It took me quite some time to identify and fix issues. Hope this helps someone else deploying a similar configuration. Cheers!!