Chat now with support
Chat mit Support

Identity Manager 9.3 - Operational Guide

About this guide Simulating data changes in the Manager Scheduling operations activation times Re-applying templates in the Manager Exporting data with the Manager Analyzing data and data changes Analyzing process monitoring in the Manager Schedules in One Identity Manager Mail templates in One Identity Manager Password policies in One Identity Manager Working with change labels Checking data consistency Compiling a One Identity Manager database Transporting custom changes Importing data with the Data Import Importing and exporting individual files for the software update Creating a One Identity Manager database for test or development from a database backup Initializing DBQueue Processor the after extending the server hardware Command line programs Configuration of settings for the One Identity Manager tools

Create-web-dir.exe

With the program Create-web-dir.exe you can create a One Identity Manager installation from a directory containing a One Identity Manager setup or from an installed One Identity Manager database. You can find the program on the installation media in the Modules\QBM\dvd\AddOn\SDK\LinuxWebInstall directory. You can run the program from the command line.

Calling syntax

create-web-dir.exe

[--mode=web|standalone]

--setup={Directory}|[--db-system=MSSQL|APPSERVER]

--db="{Connection string}"

--dest={Directory}

[ --modules={Module IDs}]

--targets= "{Targets}"

[--nlog={Path}\nlog.config]

[--web-config={Path}\appsettings.json]

[--web-app={URL}]

[--web-app-project={Web project}]

[--web-app-product={Product}]

[--web-app-auth={Authentifier}]

[--web-app-auth2={Authentifier}]

[--session-cert={Path}\SessionCertificate.pfx]

[--create-session-cert]

[--session-cert-issuer="{Issuer}"]

[--appserver-url={URL}]

[--auth="Module={Authentication string}"]

[--server-name --targets-from-server --config-from-server]

[--variable{Key=Value}]

[--nologo]

Calling the program
  • Windows: C:/installer/create-web-dir.exe

  • Linux: mono /installer/create-web-dir.exe

Table 61: Program parameters and options
Parameter or option

Alternative

Description
--mode

 

Installation mode. Permitted values are web (default) and standalone.

--setup

-s

Directory that contains the One Identity Manager setup and from which the installation is to be compiled. Specify either the directory containing the One Identity Manager setup or a database connection.

--db-system

 

Database system that should be connected as a source. Permissible values are MSSQL (default) or APPSERVER.
--db

-connect

Connection parameters to the database from which the installation is to be made. Specify either the directory containing the One Identity Manager setup or a database connection.

--dest

-d

Destination directory for the installation.
--targets

-t

Comma-delimited list of machine roles to be installed.
--modules

-m

Comma-delimited list of module IDs for installation. Optional, if the installation is to be done from an existing database.
--nlog

-n

(Optional) Path for the configuration file NLog.config.

--web-config

-w

(Optional) Path for configuration file appsettings.json.

--web-app

 

(Optional) URL for which a web application is to be created in the database.

--web-app-product

 

(Optional) Name of the product for the web application (QBMProduct.Ident_Product) or UID of the product for the web application (QBMProduct.UID_DialogProduct).

--web-app-auth

 

(Optional) Name of the primary authentication module (DialogAuthentifier.Ident_DialogAuthentifier) or UID of the primary authentication module (DialogAuthentifier.UID_ DialogAuthentifier) for the web application.

--web-app-auth2

 

(Optional) Name of the secondary authentication module (DialogAuthentifier.Ident_DialogAuthentifier) or UID of the secondary authentication module (DialogAuthentifier.UID_ DialogAuthentifier) for the web application.

--session-cert

-c

(Optional) Path and name of the certificate file.

--create-session-cert

 

(Optional) Generate a new certificate if the specified certificate file does not exist.

--session-cert-issuer

 

(Optional) Publisher for the generated certificate file.

Standard: "CN=Application Server"

--appserver-url

 

(Optional) URL of the application server to which the web application is to be connected.

--auth

 

(Optional) Authentication data. The authentication data depends on the authentication module used. For more information about One Identity Manager authentication modules, see the One Identity Manager Authorization and Authentication Guide.

--config-from-server

 

(Optional) Fetches the configuration of the One Identity Manager Service for the Job server from the database and creates the configuration file in the destination directory. If this parameter is set, the --server-name parameter is required.

--targets-from-server

 

(Optional) Fetches the Job server machine roles from the database. If this parameter is set, the --server-name parameter is required.

--server-name

 

(Optional) Name of the Job server in the database (QBMServer table).

--variable

-v

(Optional) Replace the variables in the template files (NLog.config, appsettings.json) specified with %VariableName%. (Key=Value).

--nologo

 

(Optional) Specifies whether to display the startup banner and copyright information.

--help

-h, -?

Display program help.

Example: Installing an application server from a directory

create-web-dir.exe

-s=I:\Main\2020.07.28.001

-d=C:\Work\Install

-m=ADS,ARS,CAP,CPL,DPR,EBS,EX0,LDP,NDO,QBM,QER,RMB,RMS,SAC,SAP,SBW,SHR,SP0,TSB

-t=Server\Web\AppServer,Server\Web\AppServer\SearchCrawler,Server\Web\AppServer\SearchIndex

-w=\work\Config\appsettings.json

-n=\work\Config\nlog.config

-c=\work\SessionCertificate.pfx

Example: Installing an application server from the database

create-web-dir.exe

-d=C:\Work\Install

--db-connect="Data Source=<Server>;Initial Catalog=<Database>;User ID=<DB User>;Password=<Password>"

-t=Server\Web\AppServer,Server\Web\AppServer\SearchCrawler,Server\Web\AppServer\SearchIndex

-w=\work\Config\appsettings.json

-n=\work\Config\nlog.config

-c=\work\SessionCertificate.pfx

Example: Installing a Job server from the database with the default machine roles

create-web-dir.exe

--mode=standalone

-d=C:\Work\Install

--db-connect="Data Source=<Server>;Initial Catalog=<Database>;User ID=<DB User>;Password=<Password>"

-t=Server\Jobserver

--server-name=Server1

--targets-from-server

Configuration of settings for the One Identity Manager tools

General configuration settings for One Identity Manager tools can be specified in a appsettings.json configuration file. The settings apply globally to all One Identity Manager tools.

Table 62: General configuration settings

Setting

Description

Cache

User-defined cache directory for data from the database.

AssemblyCache

User-defined cache directory for storing script assemblies.

CacheReloadInterval

Time in seconds after which the local cache should be updated. This parameter overwrites the setting in the Common | CacheReload | Interval configuration parameter.

NoReloadBeep

If this is set, it mutes the beep made when cached system data is being reloaded.

For an example configuration, see the appsettings.json configuration file in the One Identity Manager installation directory. To use the settings in the sample configuration, remove the comments and save the changes.

Example: Example configuration in the appsettings.json configuration file
{
    "RuntimeDirs": {
    // Set the cache directories to a user defined place
    // "Cache": "C:\\Temp\\OneIM\\AppServerCache\\DB",
    // "AssemblyCache": "C:\\Temp\\OneIM\\AppServerCache\\Assemblies"
    },
 
    "ConnectionBehaviour": {
    // "CacheReloadInterval": "30",
    // "NoReloadBeep": "true"
    }
}
 

Use application-specific configuration files for special configuration settings of individual One Identity Manager components.

The configuration files are stored in the One Identity Manager installation directory with the name appsettings.<appName>.json, where appName is the name of the One Identity Manager component.

Example: appsettings.Manager.json

Related topics

Loading configuration values from Azure Key Vault

It is possible to load secrets, such as connection strings, from Azure Key Vault and use them in the appsettings.json configuration file. To do this, configure the Azure Key Vault configuration provider.

Fore more information, see under Azure Key Vault in the Microsoft documentation.

Table 63: Configuration settings for Azure Key Vault

Setting

Description

KeyVaultName

Name of the Azure Key Vault. You will find the name in the Microsoft Azure Management Portal (https://portal.azure.com/).

Prefix

If there is only a subset of values available as configuration options, define a prefix.

Secrets are filtered according to this prefix, the prefix itself is removed from the resulting configuration setting.

KeyDelimiter

Character string used to delimit hierarchy levels in the configuration. The default delimiter is two hyphens (--). Colons (:) are not supported as delimiters.

Example: Using Azure Key Vault configuration providers
"ConfigProviders": {
   "AzureKeyVault": {
     "Class": "AzureKeyVault",
    // Alternatively, the full name: "Class": "VI.Base.Config.AzureKeyVault.AzureKeyVaultConfigProvider, VI.Base.Config.AzureKeyVault",
     "KeyVaultName": "Key Vault Name",
     "Prefix": "Prefix",
     "KeyDelimiter": "--"
   }
 }
Example: Determining connection strings for application servers

Configure the following settings for the Azure Key Vault in the appsettings.json configuration file.

"ConfigProviders": {
   "AzureKeyVault": {
     "Class": "AzureKeyVault",
     "KeyVaultName": "OneIM-General-KeyVault",
     "Prefix": "OneIM-DEV-",
     "KeyDelimiter": "-"
   }
 }

The secret with the name OneIM-DEV-ConnectionStrings-AppServerDb is mapped in the configuration as ConnectionStrings:AppServerDb. This corresponds to this section in the appsettings.json configuration file.

{
  "ConnectionStrings": {
    "AppServerDb": "..."
  }
}
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen