LPS:IdM/midPoint

Z HelpDesk
< LPS:IdM
Verze z 12. 5. 2016, 00:25, kterou vytvořil Valtri (diskuse | příspěvky) (→‎Switch repository: - lepší smazání dočasné interní databáze)

Dokumentace

midPoint:


OpenICF (connectors):

Instalace

apt-get install -y less mc screen vim man
apt-get install -y bzip2 net-tools sudo wget
apt-get install -y openjdk-7-jdk tomcat8 apache2 postgresql libmysql-java

# apache2
cat > /etc/apache2/conf-available/midpoint.conf <<EOF
ProxyRequests           Off
ProxyPreserveHost       On      

ProxyPass               /midpoint       http://localhost:8080/midpoint
ProxyPassReverse        /midpoint       http://localhost:8080/midpoint

RewriteEngine On
RewriteRule             ^/?$     /midpoint/ [R]
EOF

# tomcat8
echo 'JAVA_OPTS="${JAVA_OPTS} -Xms256m -Xmx512m -XX:PermSize=128m -XX:MaxPermSize=256m -Dmidpoint.home=/var/opt/midpoint/ -Djavax.net.ssl.trustStore=/var/opt/midpoint/keystore.jceks -Djavax.net.ssl.trustStoreType=jceks"' >> /etc/default/tomcat8
mkdir /var/opt/midpoint
chown tomcat8:tomcat8 /var/opt/midpoint
service tomcat8 stop

# mc (cosmetics)
mkdir -p ~/.config/mc/ || :
echo 'ENTRY "/var/opt/midpoint" URL "/var/opt/midpoint"' >> ~/.config/mc/hotlist
ln -s /usr/lib/mc/mc.csh /etc/profile.d/
ln -s /usr/lib/mc/mc.sh /etc/profile.d/

# initial launch without anything
a2enmod rewrite proxy proxy_http
a2dissite 000-default
a2enconf midpoint
service apache2 start
service tomcat8 start
service postgresql start

# midpoint repository
export PATH=$PATH:/usr/lib/postgresql/9.4/bin
export pass=`dd if=/dev/random bs=9 count=1 2>/dev/null | base64`
wget -nv https://evolveum.com/downloads/midpoint/3.3.1/midpoint-3.3.1-dist.tar.bz2
tar xjf midpoint-3.3.1-dist.tar.bz2
useradd -s /bin/bash midpoint
sudo -u postgres psql -U postgres postgres -c "CREATE USER midpoint password '${pass}'"
sudo -u postgres createdb --owner=midpoint midpoint
#TODO: vyzkoušet
sudo -u midpoint psql midpoint < midpoint-3.3.1/config/sql/_all/postgresql-3.3-all.sql

# midpoint deployment + switch to postgresql repository
cp -vp midpoint-3.3.1/war/midpoint.war /var/lib/tomcat8/webapps/
ln -s /usr/share/java/mysql-connector-java.jar /var/lib/tomcat8/lib/
service tomcat8 start
while ! test -f /var/opt/midpoint/config.xml; do sleep 0.5; done

Switch repository

Manually edit /var/opt/midpoint/config.xml (replace ${pass}):

 <repository>
   <repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
   <embedded>false</embedded>
   <driverClassName>org.postgresql.Driver</driverClassName>
   <jdbcUsername>midpoint</jdbcUsername>
   <jdbcPassword>${pass}</jdbcPassword>
   <jdbcUrl>jdbc:postgresql://localhost/midpoint</jdbcUrl>
   <hibernateDialect>com.evolveum.midpoint.repo.sql.util.MidPointPostgreSQLDialect</hibernateDialect>
   <hibernateHbm2ddl>validate</hibernateHbm2ddl>
 </repository>

Then:

service tomcat8 stop
killall java
rm -fv /var/opt/midpoint/midpoint*.db
service tomcat8 start

Stronger key

su -s /bin/bash -c "keytool -genseckey -alias strong -keystore /var/opt/midpoint/keystore.jceks -storetype jceks -storepass changeit -keyalg AES -keysize 256 -keypass midpoint" tomcat8

Manualy edit /var/opt/midpoint/config.xml:

<keystore>
  <keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath>
  <keyStorePassword>changeit</keyStorePassword>
  <encryptionKeyAlias>strong</encryptionKeyAlias>
  <xmlCipher>http://www.w3.org/2001/04/xmlenc#aes256-cbc</xmlCipher>
</keystore>

Admin password

Change admin password.

  • initial user: administrator
  • initial password: 5ecr3t