Previous Topic: Enable Logging of LDAP Unbind Operations

Next Topic: r12.5 SP2

UNIX Remote Agent Install on Solaris Sparse Zone is Now Supported

The UNIX Remote Agent has been enhanced to support installation on Solaris Zones where the /usr file system is inherited from the Global Zone.

Note: In previous versions of CA Identity Manager, only full root zones were supported.

Installing the UNIX Remote Agent on a zone with an inherited /usr file system creates a symbolic link in the /usr/bin directory of the Global Zone, named uxsautil. This link must point to the uxsautil binary installed with the Remote Agent. We recommend that you install the Agent in the Global Zone before installing in the non-Global Zone, using identical installation paths.

You can also create the Global Zone symbolic link manually. Verify that it points to the install location used in the non-Global Zone. For example, using the default install location, you would run the following commend:

ln -s /opt/CA/IdentityManager/ProvisioningUnixAgent/bin/uxsautil /usr/bin/uxsautil

If you use the UNIX Remote Agent in a sparse zone and run with the CAM service as a non-root user, manual configuration is required. As with the /usr/bin/uxsautil, which is inherited from the global zone, the file ownership permissions are also inherited. You must manually configure the permissions to match within the sparse zone, and then verify that the "cam" user and group match on both zones.

To configure the permissions to match within the sparse zone

  1. In the global zone with the UNIX Remote Agent installed, find the User ID (uid) of the "cam" user, and the Group ID (gid) of the "cam" group.
  2. In the sparse zone, add the user and group manually:
    - groupadd -g <gid> cam
    
    - useradd -u <uid> -g <gid> cam
    
  3. Verify that the home directory of the "cam" user is a valid path. The user account is used during the Remote Agent installation process.
  4. Install the UNIX Remote Agent with "CAM as a non-root user" enabled.

    Note: If the remote agent is uninstalled and the "cam" user and group have been created manually, delete the "cam" user and group manually. The Remote Agent can remove accounts it added, but cannot distinguish between manually created service accounts and a user account named "cam".