LPS:IdM/midPoint
Z HelpDesk
< LPS:IdM
Dokumentace
midPoint:
- URL: https://evolveum.com/midpoint/
- First steps: https://wiki.evolveum.com/display/midPoint/First+Steps
- API+schemas: https://evolveum.com/downloads/midpoint/3.3.1/
OpenICF (connectors):
- URL: https://forgerock.org/openicf/
- source code: https://stash.forgerock.org/projects/OPENICF
Instalace
apt-get install -y less mc screen vim man apt-get install -y bzip2 net-tools sudo wget apt-get install -y openjdk-7-jdk tomcat8 apache2 postgresql libmysql-java # apache2 cat > /etc/apache2/conf-available/midpoint.conf <<EOF ProxyRequests Off ProxyPreserveHost On ProxyPass /midpoint http://localhost:8080/midpoint ProxyPassReverse /midpoint http://localhost:8080/midpoint RewriteEngine On RewriteRule ^/?$ /midpoint/ [R] EOF # tomcat8 echo 'JAVA_OPTS="${JAVA_OPTS} -Xms256m -Xmx512m -XX:PermSize=128m -XX:MaxPermSize=256m -Dmidpoint.home=/var/opt/midpoint/ -Djavax.net.ssl.trustStore=/var/opt/midpoint/keystore.jceks -Djavax.net.ssl.trustStoreType=jceks"' >> /etc/default/tomcat8 mkdir /var/opt/midpoint chown tomcat8:tomcat8 /var/opt/midpoint service tomcat8 stop # mc (cosmetics) mkdir -p ~/.config/mc/ || : echo 'ENTRY "/var/opt/midpoint" URL "/var/opt/midpoint"' >> ~/.config/mc/hotlist ln -s /usr/lib/mc/mc.csh /etc/profile.d/ ln -s /usr/lib/mc/mc.sh /etc/profile.d/ # initial launch without anything a2enmod rewrite proxy proxy_http a2dissite 000-default a2enconf midpoint service apache2 start service tomcat8 start service postgresql start # midpoint repository export PATH=$PATH:/usr/lib/postgresql/9.4/bin export pass=`dd if=/dev/random bs=9 count=1 2>/dev/null | base64` wget -nv https://evolveum.com/downloads/midpoint/3.3.1/midpoint-3.3.1-dist.tar.bz2 tar xjf midpoint-3.3.1-dist.tar.bz2 useradd -s /bin/bash midpoint sudo -u postgres psql -U postgres postgres -c "CREATE USER midpoint password '${pass}'" sudo -u postgres createdb --owner=midpoint midpoint #TODO: vyzkoušet sudo -u midpoint psql midpoint < midpoint-3.3.1/config/sql/_all/postgresql-3.3-all.sql # midpoint deployment + switch to postgresql repository cp -vp midpoint-3.3.1/war/midpoint.war /var/lib/tomcat8/webapps/ ln -s /usr/share/java/mysql-connector-java.jar /var/lib/tomcat8/lib/ service tomcat8 start while ! test -f /var/opt/midpoint/config.xml; do sleep 0.5; done
Switch repository
Manually edit /var/opt/midpoint/config.xml (replace ${pass}):
<repository> <repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass> <embedded>false</embedded> <driverClassName>org.postgresql.Driver</driverClassName> <jdbcUsername>midpoint</jdbcUsername> <jdbcPassword>${pass}</jdbcPassword> <jdbcUrl>jdbc:postgresql://localhost/midpoint</jdbcUrl> <hibernateDialect>com.evolveum.midpoint.repo.sql.util.MidPointPostgreSQLDialect</hibernateDialect> <hibernateHbm2ddl>validate</hibernateHbm2ddl> </repository>
Then:
service tomcat8 stop killall java rm -fv /var/opt/midpoint/midpoint*.db service tomcat8 start
Stronger key
su -s /bin/bash -c "keytool -genseckey -alias strong -keystore /var/opt/midpoint/keystore.jceks -storetype jceks -storepass changeit -keyalg AES -keysize 256 -keypass midpoint" tomcat8
Manualy edit /var/opt/midpoint/config.xml:
<keystore> <keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath> <keyStorePassword>changeit</keyStorePassword> <encryptionKeyAlias>strong</encryptionKeyAlias> <xmlCipher>http://www.w3.org/2001/04/xmlenc#aes256-cbc</xmlCipher> </keystore>
Admin password
Change admin password.
- initial user: administrator
- initial password: 5ecr3t