Defects fixed in the IDM 3 SP 1 release

  • 3351724
  • 02-Aug-2006
  • 26-Apr-2012


Novell Identity Manager Identity Manager 3.0 SP1

Additional Information

Defect IDComponentDescription
151941Audit ReportsAn error occurs when attempting to create a Driver activity report. Driver Activity is one of the Novell Audit reports.
165617DocumentationIn the eDirectory driver guide, fix a broken link to "Novell Certificate Server on-line documentation.” Delete 2 broken links to pages that are no longer available on the Netscape site.
165021DocumentationThe eDirectory driver guide has a broken link in"Configuring Secure Identity Manager Data Transfers” >"Overview” > "Novell Certificate Server on-line documentation.”
180131DocumentationContradiction in IDM 3 Entitlements documentation was eliminated in SP1 documentation
170732DocumentationNew help files for the Avaya PBX Audix Subscriber plug-ins was added
162693DocumentationReplace the graphic in Figure 1-4 of the JDBC driver guide so that the graphic shows "views” in direct synchronization on the subscriber channel
183014DocumentationInstall of IDM on non-root install of eDirectory was added to documentation.
149713DocumentationDocument changes for 1.1a to 3.0 upgrade on the AD Driver
162694DocumentationFixed Broken links in AD doc
182714DocumentationThe Password Overview section of the IDM Administration Guide has been updated to provide a better description of the Distribution Password.
162685DocumentationRFC 3062 discusses the PasswordModify Extended Operation, which the Identity Manager Driver for LDAP supports. Delete a reference to "MPLS Label Stack Encoding” in the LDAP driver guide.
165028DocumentationThe JDBC 2.0 driver guide has 3 broken links: in"MySQL Connector/J JDBC Driver,” to "Connecting over SSL”; in"Utilized JDBC Methods,” to java.sql Interface Connection; and in"Configuring the IDM Driver for JDBC” > "Driver Parameters” to java.sql Interface Connection.
152852DocumentationPassSync 1.0 will not work by simply adding the policy PassSync(Pub)-Command Transform Policies. Added more documentation on how to make PassSync 1.0 work in and IDM 3.x environment.
164988DocumentationA broken link to the Administration guide has been fixed (in the Installation Guide.)
162989DocumentationReference to non-existent TID has been removed from IDM 2.0.1 doc.
145386DocumentationInstructions for upgrading from DirXML 1.1a to Identity Manager 3.0.1 have been updated.
171707DocumentationUpdated Entitlement Services Driver documentation to explain supported failover configuration.
186739DocumentationDocumentation – Certifier password can be seen in dstrace. This was clarified and reference to the other passward parameters included.
174135Driver-Active DirectorySubscriber transform rule "map fullname” fails due to an extraneous "CN=” being appended.
83604Driver-Active DirectoryDocumented the effects of restoring any AD objects and what happens to the associated Identity Manager objects.
174140Driver-Active DirectorySubscriber matching rule "Match Users Based on Full Name" does an incorrect query.
160474Driver-Active DirectoryAdded documentation about how Active Directory accounts expire and how it differs from how Identity Vault accounts expire.
176980Driver-Active DirectoryAbility to totally disable the password sync portion of the driver. This allows multiple instances of the ADDriver to exist on the same computer when one instance is configured for synchronizing passwords.
142756Driver-Active DirectoryActive Directory Subscriber "match everything else" Rule configuration incorrect
174132Driver-Active DirectorySubscriber create rule fails due to the application attributes not being available.
147811Driver-Active DirectoryPreconfigured Driver attempts to set illegal attribute
146811Driver-Active DirectoryPreconfiguration does not have DirXML-ADAliasName mapped for Group
174130Driver-Active DirectorySubscriber matching rule fails on non-user objects.
144050Driver-Active DirectoryADDriver continues to accumulate ldap connections without freeing them.
185497Driver-Active DirectoryBad variable comparison in default publisher event transformation policy
185014Driver-Active DirectoryIDM Password sync filter blocks other applications during password changes. This is manifested when high volumes of passwords are being changed through a script while at the same time attempting to change a password through an application such as MMC.
156656Driver-Avaya PBXInformation about eDirectory shutting down and not restarting during Avaya installation on eDirectory 8.8 was included
98182Driver-GroupWiseGroupWise Driver was enhanced to support GroupWise 7 and GroupWise 7sp1
150582Driver-GroupWiseGroupWise sample configuration file (GroupWise.xml) modified to remove options for mounted file system support when running on Linux
182419Driver-JDBCA problem was discovered and fixed in the JDBC driver when using the .getGeneratedKeys():ResultSet statement.
133536Driver-JDBCJDBC driver connecting to MSSQL 2000 does not drop dbaccounts when user is deleted in eDirectory. Fixed in SP1
185040Driver-JDBCThe subscriber channel in the JDBC driver was being disabled when the filter was empty. This was corrected in SP1.
183691Driver-JDBCThe JDBC triggerless publisher is sending extraneous delete events. Under certain conditions, the JDBM BTree Browser object can become corrupted when entries are removed from the underlying data structure. This problem has been fixed.
136336Driver-JDBCAn error in the JDBC driver for Oracle was corrected. Child tables were being ignored for query-back row event types (5 & 6).
167618Driver-JDBCThe JDBC driver version 2.0 was modified to not optimize out type 1,2 events when type 6 event is present.
165355Driver-JDBCWhen multiple JDBC connectors are used with Oracle 9i, and then one is shut down, the others may become hung. Adding an error-code 3135 to the oracle-codes.xml file solved the problem.
172333Driver-JDBCWhen used with multi-valued attributes in eDirectory 8.8, the JDBC Connector would create malformed INSERT statements for the 2nd and subsequent values.
136339Driver-JDBCUpdated the JDBC driver guide to explain the proper use of query-back event types.
173216Driver-LDAPQueries to the LDAP driver rely on the"namingcontexts” attribute on the LDAP server's rootDSE being set properly. It often isn't in early version of Oracle Internet Directory (OID). A driver workaround was made to allow queries and the "Migrate into Identity Vault” option to work properly in those cases.
162001Driver-LDAPCharacter encoding issues have been fixed and improved in the LDAP driver. The problems fixed occurred primarily when interfacing with Oracle Internet Directory (OID).
158303Driver-LDAPA new LDAP SDK is included with SP1 which fixes a problem with LDAP move operations being formed incorrectly at the protocol level. This affected subscriber move commands in the LDAP driver.
160723Driver-LDAPParameters were added to the sample LDAP driver configuration that allow the user to define startup behavior when using the LDAP-Search publication method. For example, it is now possible to choose whether the very first poll result will be synchronized if there is no previous poll result to compare with.
153497Driver-LDAPFixed a problem with driver initialization that occurred if it tried to read a schema definition that claims inheritance from a non-existent class. This problem was rare, but occurred with some Oracle Interent Directory classes, such as orclUniqueConfig.
83673Driver-Lotus Noteschild element of command is now honored for setting the HTTPPassword field for non-registered (non-certified) user's.
128192Driver-Lotus NotesFixed erroneous retry loop caused when element was processed under certain circumstances.
156325Driver-Lotus NotesNotesDriverShim no longer displays httpPassword values in clear text.
147750Driver-Lotus NotesNotesDriverShim query processor now appropriately handles search values containing special characters such as backslash ('\').
74736Driver-Lotus NotesThe Notes Driver publisher channel now honors different format selections for publishing src-dn and old-src-dn attributes. Options are: NOTES_TYPED, NOTES, SLASH_TYPED, LDAP_TYPED, LDAP, DOT_TYPED, DOT
74681Driver-Lotus NotesThe Notes Driver can add Replication entries to newly created mailfiles (Windows platform only).
176453Driver-Lotus NotesUpdated the sample Notes dirver configuration file (Notes.xml) to reflect the appropriate typcase for attribute"Internet EMail Address" instead of the inappropriate typecase of"Internet Email Address”
131312Driver-Lotus NotesImproved mailfile filename creation and collision detection logic.
147618Driver-Lotus NotesNotesDriverShim now appropriately handles HTTPPassword creation when a password value contains special characters such as double-quote (").
149217Driver-Role-Based EntitlementsRole-based entitlements driver was enhanced to keep only the current state in the DirXML-EntitlementResult attribute for each entitlement. Other values are cleaned up.
178500Driver-Role-Based EntitlementsThe Role-based entitlements driver was enhanced to support not only dynamic lists of members, but also to handle static lists, such as "all those on the dynamic list, plus these additional members”... or "all those on the dynamic list except for these members”.
186329Driver-Role-Based EntitlementsA misspelled attribute name prevented the role-based entitlements driver from working correctly.
189170Driver-SAP HRWhen the driver is given permission to "Read" from the SAP HR system on the Publisher channel, previous versions of the driver attempt to validate the effective dates of future-dated events when the future-dated IDocs are processed. This is done by reading the current data instances and comparing the beginning and ending validity dates of the current data with the validity dates for that data in the future-dated IDoc. The driver now contains a"Future-dated Event Validity Checking Option” which enables the Administrator to perform or not perform the validity check.
141426Driver-SAP HRThe driver allows all Relationships infotype data (Infotype 1001 and all AD extensions) to be obtained on the Publisher channel via two methods: 1) If the field data is in the Publisher filter, all data will be synchronized as the IDoc is processed. 2) The data may be obtained via the RELATIONSHIPS and RELATIONSHIPS-PADxx pseudo-object queries which can be sent from Publisher channel policies.
173917Driver-SOAPA configurable subscriber option was added to the sample configurations for the SOAP driver that allow the user to specify HTTP result codes that will return a "retry” status and result in the command being tried again.
166155Driver-SOAPThe SOAP driver would sometimes strip SOAP error content from the return, if an error was also set at the HTTP level. The driver has been updated to return both the appropriate error code and also the error content if available.
171718Engine-DirXML ScriptThe DirXML Script processor was getting confused by an input element being embedded somewhere underneath an output element. This was a problem in particular for the JDBC driver, which embeds the complete input document inside the corresponding status element it returns in the the output document.
158387Engine-DirXML ScriptEnhancement: added do-set-sso-credential, do-set-sso-passphrase, and do-clear-sso-credential actions to DirXML Script to support integration with NSL and SecretStore.
154914Engine-Environment SettingsWhen a driver has been stopped for a long time the driver cache data can build up to a large size. Previously, when 1 MB of data had been processed from the cache the data would be physically purged. The purge process is potentially expensive because it involves physical disk writes. The purge algorithm has been changed such that up to half the cache data will be processed before the cache is physically purged.
173889Engine-FiltersFiltering out of notify attributes is not working when applied to the result of a merge.
136617Engine-FunctionalityIDM reported a -603 when it goes remote for home directory creation because the connection to the remote server was not authenticated.
177006Engine-FunctionalityAuxiliary classes that are inherit from Top were not added automatically to an add operation because the mandatory attribute Object Class is not usually explicitly present in the add operation.
95797Engine-FunctionalityIf the driver parameters XML references a named password and the named password has not been defined for the driver, then the driver should receive a blank password at startup. Prior to this fix, the driver received the name of the named password instead.
163836Engine-FunctionalityRemoved restriction disallowing moving of an eDirectory object from a partition with a replica on the IDM server to a partition with no replica on the IDM server.
149842Engine-FunctionalityWhen many drivers are all set to auto start on a single server there was the possibility that one or more of the drivers wouldn't start due to resource contention. Now drivers are started one at a time, with the Identity Manager Engine waiting until a driver has reported that it is started before starting another driver.
141342Engine-OtherAdded new engine control that controls the setting of creatorsName attribute for objects being created on the Publisher channel. because of the performance penalty. If the control is is set to true, then the creatorsName will be forced to the DN of the driver. If set to false, then the createorsName will be the DN of the server object hosting the driver. Default for the control is false, whereas the old behavior was true. The change was made because setting creatorsName has to be done in a separate eDirectory transaction which can cut publisher channel add performance in half.
134713Engine-OtherWhen an eDirectory move replicated to an IDM server that did not previously contain a replica or at least an external reference to the moved object, the IDM engine would not generate any events on the publisher channel. Changed so that at least a sync event will be generated.
137898Engine-OtherThe Identity Manager Engine and Remote Loader can now be used with key pair files generated by Novell Audit's audcgen utility.
145162Engine-Password SyncA modify-password command submitted to the subscriber channel would perform a verify password operation to verify that the password was really different in order to avoid loopback problems and extra events. This caused two problems: a verify password operation that fails causes a) a 3 second delay (a huge performance hit); and b) the intruder lockout count to be incremented. Changed algorithm so that password verification happens by comparing against current value of nspmDistributionPassword instead.
173179Engine-ReportingThe Novell Audit event definition file for Identity Manager caused an error when the Novell Audit 2.0 plug-in for iManager was used to browse the Identity Manager Log Application object. This error has been corrected.
142100Install-IDMThe DirXML 1.1a versions of the preconfiguration files for the eDirectory driver were still being installed on Solaris, Linux, and AIX
189504Install-IDMThe IDM installer should only install SecretStore as part of the metadirectory engine installation if SecretStore is not already installed. The installer is currently always installing SecretStore when it installs the metadirectory engine, potentially overwriting a newer installation of SecretStore.
183513Install-IDMOn AIX, the NOVLsss (Novell Secret Store Services) fileset, if not already installed, should be installed as part of the metadirectory engine installation, but it is not currently being installed.
185354Install-IDMAdded documentation for Credential Provisioning policies.
171926Plugins-Avaya PBX DriverA PBX site or workorder container can now include the tree name as part of the slash format DN.
173111Plugins-DirXML AdministrationThe driver wizard now creates default engine control values on new drivers.
184738Plugins-DirXML AdministrationNull pointer exception when you leave the Password Sync property page when there is not a server associated with the driverset.
184713Plugins-DirXML AdministrationIn the "Filter" property page if you double click on a class or attribute in the filter the right side of the page does not slide in all the way to the left.
187032Plugins-DirXML AdministrationIn the "Edit Migration Criteria" dialog there was an unneeded link.
189011Plugins-DirXML AdministrationIn the GCV property page if the type is dn and the dn format is ldap the ldap name is not created correctly.
187732Plugins-Email Notification ConfigPressing the "Close” button in the "Edit e-Mail Templates” page when it is invoked from the "Forgotten Password” property page does not close the "Edit e-Mail Templates” page.
152422Plugins-OtherThe User Profile pages no longer generate unexpected ClassCastException errors.
184302Plugins-Password AdministrationThe iManager help page for password administration that was missing in IDM 3.0 has been added.
187734Plugins-Password AdministrationIn the "Edit e-Mail Template" property page the"Add Tag" pop-up is partially hidden by the select control that holds the list of tags.
184929Plugins-Password AdministrationThe "Add Tag" pop-up is partially hidden when it is displayed in the "Edit e-Mail Template" property page.
151894Plugins-Password AdministrationThe "Check Password Status” task takes a long time when the user you are checking the password status for has pending associations.
148805Plugins-Password AdministrationIn the "Password Policy Summary” property page, the value displayed for some of the password policy options was not correct.
177090Plugins-Password AdministrationIn the "Password Policy Summary” property page, the value displayed for some of the password policy options was not correct.
184641Plugins-Password AdministrationUnlocalized buttons in the "Edit e-Mail Template" property page.
165190Plugins-Password AdministrationIf an error occurs assigning a password policy to a container an error message is not displayed to the user.
182240Plugins-Policy BuilderThe hint at the bottom of the New Policy task now shows the correct Role and Task names for the IDM Overview.
178531Plugins-Role-Based EntitlementsThe filter generated for the Entitlement Service Driver by the RBE plug-ins now include the DirXML-SharedProfile class and Member and excludeMember attributes. This change allows for proper handling of changes to an RBE profile's static or dynamic membership list.
131673Plugins-Role-Based EntitlementsEffective with IDM 3, entitlements because structural objects in eDirectory and no longer defined in a driver's manifest. With this fix, the RBE plug-ins no longer require that a driver have a manifest to be considered for entitlements.
170204Plugins-Role-Based EntitlementsNon-user classes were not allowed in the Role-based Entitlements plug-in for iManager. If you entered the class manually, a warning appeared. This has been corrected by adding non-user classes to the subscriber filter list in the plug-in. The warning no longer appears.
139482Plugins-Role-Based EntitlementsNon user classes are now automatically added to the Entitlement Service Driver's subscriber filter.
148794Plugins-Role-Based EntitlementsSP: Re-evaluate membership - warning if driver is stopped. Put a Note under 6.7.1 Defining Membership for an Entitlement Policy.
144018Plugins-User Password ManagementThe API used for obfuscating passwords in policy are no longer publicly available.
181778Plugins-WorkflowThe provisioning plug-ins now correctly handle localized strings that use both a language and country code.
136192UtilitiesRegarding password self-service... If a challenge-response question is greater than 128 characters an error would occur in the UserApplication when the user is prompted to enter a response. This was fixed by limiting the length of questions to no more than 128.
156267UtilitiesConversion of a 1.x style rule that contained non-standard elements to a DirXML Script policy caused those non-standard elements to be copied verbatim to the policy, causing it to be unusable.