Administrator ID and password

If you use WebSphere® Application Server as the application server, WebSphere Application Server and IBM HTTP Server must be installed as the IBM Content Analytics with Enterprise Search administrative user. The following product limitations occur when you install IBM Content Analytics with Enterprise Search as a non-root user:

• Secure search for Lotus Notes® sources that use the Notes® remote procedure call (NRPC) protocol is not supported. In addition, recrawling these sources can be slow because document updates cannot be quickly detected.
• Secure search for Windows file systems is not supported.
• You cannot use well-known ports (0-1024) for the IBM Content Analytics with Enterprise Search product ports, such as the common communication layer (CCL) port, data storage port, and so on.
• The CCL service cannot be registered as a Windows service or in inittab on AIX® or Linux, and the service is not started automatically.
• If you use WebSphere Application Server, WebSphere Application Server and IBM HTTP Server are not started when you start the IBM Content Analytics with Enterprise Search system.
• On AIX or Linux, the administrative user ID and password cannot be validated if the targetpw option is set for the sudo command. In this case, you must skip user validation by specifying the following option:

  $IGNORE_UID_PASSWORD$. ./install.bin -D$IGNORE_UID_PASSWORD$=true

If you want to use a Windows domain user account for the administrative user, you must create the domain ID in advance. When you install the product, you specify this existing user ID for the administrator ID. Specify the domain ID in the following format:

user_name@fully_qualified_domain_name

You must ensure that the ID is not a Windows domain ID that uses a roaming profile. There is a difference between a local user ID that belongs to a Windows domain and a domain ID:

Local ID

With a local user ID, the user's local profile is stored on the local computer. Any changes made to the local user profile are specific to the computer on which the changes are made. This is the only type of user ID that can be used as the administrator ID.

Domain ID

With a domain ID, a copy of the user's local profile is stored on a shared server. This profile, which is known as a roaming user profile, is downloaded whenever the user logs on to any computer on the network. Changes made to the profile are synchronized with the server copy when the user logs off. To use this type of profile, the computer must belong to a Windows domain or Active Directory. The administrator ID cannot be this type of user ID.

To obtain domain privileges for an ID, you can add the local user ID that you use for the administrator ID to a domain. If you add the local user ID to a domain, however, you must ensure that the domain security rights do not override the local user rights that are required by IBM Content Analytics with Enterprise Search.

If you install the product on Windows, and you specify an existing user ID for the administrator ID, any domain policies that are in effect will be honored and will not be changed by the installation program. For example, the installation program will attempt to grant the user ID the authority to act as part of the operating system. If a domain policy denies that right, then the user ID will not have the required authority. Ensure that the domain policies do not deny the following user rights, which are required for administering the system:

• Act as part of the operating system
• Lock pages in memory
• Create a token object
• Replace a process level token
• Impersonate a client after authentication
• Increase quotas (In Windows 2003, this option is labeled Adjust memory quotas for a process.)
• Log on as a service