I want to do an automated setup and configuration of SDS. The production environment is administered by a third part vendor and needs a complete instruction of how everything needs to be done. For that reason an automated setup would be the best.

Anyone here that has a sample solution that you would like to share with me?

Hello

My reply assumes you are referring to ISDS Virtual Appliance. If not, the solution will be quite different from what is proposed below.

SDS automation (ISDS Virtual Appliance) with Ansible is not yet as advanced as it is on the ISAM Virtual Appliance side, but we are working on it in the IBM-Security Open Source community projects. Some code is in the works as we speak and so new content will be made available in soon (couple days/weeks).

But compared to ISAM, I would say, based on my own experience, that ISDS VA does not provide an equivalent level of RESTAPI capabilities. So even though we will be able to perform some automation with Ansible for ISDS, some steps will still be required to be performed outside of Ansible, such as using the LMI (Management Console) or CLI.

https://github.com/IBM-Security/isds-ansible-roles

Hope it helps.

I want to do an automated setup and configuration of SDS. The production environment is administered by a third part vendor and needs a complete instruction of how everything needs to be done. For that reason an automated setup would be the best.

Anyone here that has a sample solution that you would like to share with me?

I want to do an automated setup and configuration of SDS. The production environment is administered by a third part vendor and needs a complete instruction of how everything needs to be done. For that reason an automated setup would be the best.

Anyone here that has a sample solution that you would like to share with me?

Hello Per,

Sylvain had provided answer w.r.t SDS VA 8.0.1.*, in his reply.
Per your latest reply you are using SDS 6.4 on RHEL 7(?)
Please confirm.

Thanks,
Ram.

------------------------------
Ramamohan Reddy

Original Message:
Sent: Mon February 10, 2020 01:14 AM
From: Per Oelmunger
Subject: Automatic setup and configuration of SDS

I want to do an automated setup and configuration of SDS. The production environment is administered by a third part vendor and needs a complete instruction of how everything needs to be done. For that reason an automated setup would be the best.

Anyone here that has a sample solution that you would like to share with me?

Hello Per,

Sylvain had provided answer w.r.t SDS VA 8.0.1.*, in his reply.
Per your latest reply you are using SDS 6.4 on RHEL 7(?)
Please confirm.

Thanks,
Ram.

------------------------------
Ramamohan Reddy

Original Message:
Sent: Mon February 10, 2020 01:14 AM
From: Per Oelmunger
Subject: Automatic setup and configuration of SDS

I want to do an automated setup and configuration of SDS. The production environment is administered by a third part vendor and needs a complete instruction of how everything needs to be done. For that reason an automated setup would be the best.

Anyone here that has a sample solution that you would like to share with me?

Hello Per,

SDS 6.4 is not supported on RHEL 8.1 at this time. We are still waiting on a supported DB2 level for RHEL 8.* .

In case if you are using RHEL 7:

1. The command line methods for installation will be similar to the instructions in this tech note:

https://www.ibm.com/support/pages/installation-procedure-security-directory-server-v64-sles-12-x8664
(In steps 5 and 9 in the above document, its possible to use additional options to run in non-interactive method, we need to refer to DB2 Knowledge Center for db2_install and installFixPack commands for additional options).

Also you may use DB2 11.1.4.4 in place of DB2 10.5, refer to https://www.ibm.com/support/pages/ibm-security-directory-server-v64-support-db2-111-ese.

2. After the completion of installation, you can use command line methods to create and configure an instance, here are the commands:

a. Create an user to own the instance:
idsadduser -u sdsinst1 -w <set_new_password> -l /home/sdsinst1 -g idsldap

b. Create an instance:
idsicrt -I sdsinst1 -e encrypt_seed -g encrypt_salt -n

c. Create and configure database:
idscfgdb -I sdsinst1 -a sdsinst1 -w <password_set_in_step_a> -t sdsinst1 -l /home/sdsinst1 -n

d. (Optional) Create and configure changelog db:
idscfgchglg -I sdsinst1 -m 1000000 -n

e. Configure admin and pw:
idsdnpw -I sdsinst1 -u cn=root -w <set_admin_new_password> -n

f. Configure suffixes:
idscfgsuf -I sdsinst1 -s <suffix> -n
In above the <suffix> would be something that becomes root of your directory such as o=iam.ibmcloud.com

g. If your data has any custom schema objectclasses and / or attributes, it must be taken care at this time.

h. Load data - for :
idsldif2db -I sdsinst1 -i <ldiffile>
Note: For large data use idsbulkload in place of idsldif2db.

i. Run idsrunstats -I sdsinst1

j. Start ibmslapd and restart ibmdiradm
ibmslapd -I sdsinst1 -n
ibmdiradm -I sdsinst1 -k
ibmdiradm -I sdsinst1

k. If you need to clean up the instance and try again:
idsidrop -I sdsinst1 -r -n

Refer to Knowledge Center for details on above commands and for any additional tasks.

I hope this helps. In case if you are looking for more details, I'd suggest you to open a Case with "Directory Server" support team.

Ram.

Hello Per,

Sylvain had provided answer w.r.t SDS VA 8.0.1.*, in his reply.
Per your latest reply you are using SDS 6.4 on RHEL 7(?)
Please confirm.

Thanks,
Ram.

------------------------------
Ramamohan Reddy

Original Message:
Sent: Mon February 10, 2020 01:14 AM
From: Per Oelmunger
Subject: Automatic setup and configuration of SDS

I want to do an automated setup and configuration of SDS. The production environment is administered by a third part vendor and needs a complete instruction of how everything needs to be done. For that reason an automated setup would be the best.

Anyone here that has a sample solution that you would like to share with me?