Environment
Novell Identity Manager Identity Manager 3.0 SP1
Additional Information
| Defect ID | Component | Description |
| 151941 | Audit Reports | An error occurs when attempting to create a Driver activity report. Driver Activity is one of the Novell Audit reports. |
| 165617 | Documentation | In the eDirectory driver guide, fix a broken link to "Novell Certificate Server on-line documentation.â Delete 2 broken links to pages that are no longer available on the Netscape site. |
| 165021 | Documentation | The eDirectory driver guide has a broken link in"Configuring Secure Identity Manager Data Transfersâ >"Overviewâ > "Novell Certificate Server on-line documentation.â |
| 180131 | Documentation | Contradiction in IDM 3 Entitlements documentation was eliminated in SP1 documentation |
| 170732 | Documentation | New help files for the Avaya PBX Audix Subscriber plug-ins was added |
| 162693 | Documentation | Replace the graphic in Figure 1-4 of the JDBC driver guide so that the graphic shows "viewsâ in direct synchronization on the subscriber channel |
| 183014 | Documentation | Install of IDM on non-root install of eDirectory was added to documentation. |
| 149713 | Documentation | Document changes for 1.1a to 3.0 upgrade on the AD Driver |
| 162694 | Documentation | Fixed Broken links in AD doc |
| 182714 | Documentation | The Password Overview section of the IDM Administration Guide has been updated to provide a better description of the Distribution Password. |
| 162685 | Documentation | RFC 3062 discusses the PasswordModify Extended Operation, which the Identity Manager Driver for LDAP supports. Delete a reference to "MPLS Label Stack Encodingâ in the LDAP driver guide. |
| 165028 | Documentation | The JDBC 2.0 driver guide has 3 broken links: in"MySQL Connector/J JDBC Driver,â to "Connecting over SSLâ; in"Utilized JDBC Methods,â to java.sql Interface Connection; and in"Configuring the IDM Driver for JDBCâ > "Driver Parametersâ to java.sql Interface Connection. |
| 152852 | Documentation | PassSync 1.0 will not work by simply adding the policy PassSync(Pub)-Command Transform Policies. Added more documentation on how to make PassSync 1.0 work in and IDM 3.x environment. |
| 164988 | Documentation | A broken link to the Administration guide has been fixed (in the Installation Guide.) |
| 162989 | Documentation | Reference to non-existent TID has been removed from IDM 2.0.1 doc. |
| 145386 | Documentation | Instructions for upgrading from DirXML 1.1a to Identity Manager 3.0.1 have been updated. |
| 171707 | Documentation | Updated Entitlement Services Driver documentation to explain supported failover configuration. |
| 186739 | Documentation | Documentation â Certifier password can be seen in dstrace. This was clarified and reference to the other passward parameters included. |
| 174135 | Driver-Active Directory | Subscriber transform rule "map fullnameâ fails due to an extraneous "CN=â being appended. |
| 83604 | Driver-Active Directory | Documented the effects of restoring any AD objects and what happens to the associated Identity Manager objects. |
| 174140 | Driver-Active Directory | Subscriber matching rule "Match Users Based on Full Name" does an incorrect query. |
| 160474 | Driver-Active Directory | Added documentation about how Active Directory accounts expire and how it differs from how Identity Vault accounts expire. |
| 176980 | Driver-Active Directory | Ability to totally disable the password sync portion of the driver. This allows multiple instances of the ADDriver to exist on the same computer when one instance is configured for synchronizing passwords. |
| 142756 | Driver-Active Directory | Active Directory Subscriber "match everything else" Rule configuration incorrect |
| 174132 | Driver-Active Directory | Subscriber create rule fails due to the application attributes not being available. |
| 147811 | Driver-Active Directory | Preconfigured Driver attempts to set illegal attribute |
| 146811 | Driver-Active Directory | Preconfiguration does not have DirXML-ADAliasName mapped for Group |
| 174130 | Driver-Active Directory | Subscriber matching rule fails on non-user objects. |
| 144050 | Driver-Active Directory | ADDriver continues to accumulate ldap connections without freeing them. |
| 185497 | Driver-Active Directory | Bad variable comparison in default publisher event transformation policy |
| 185014 | Driver-Active Directory | IDM Password sync filter blocks other applications during password changes. This is manifested when high volumes of passwords are being changed through a script while at the same time attempting to change a password through an application such as MMC. |
| 156656 | Driver-Avaya PBX | Information about eDirectory shutting down and not restarting during Avaya installation on eDirectory 8.8 was included |
| 98182 | Driver-GroupWise | GroupWise Driver was enhanced to support GroupWise 7 and GroupWise 7sp1 |
| 150582 | Driver-GroupWise | GroupWise sample configuration file (GroupWise.xml) modified to remove options for mounted file system support when running on Linux |
| 182419 | Driver-JDBC | A problem was discovered and fixed in the JDBC driver when using the .getGeneratedKeys():ResultSet statement. |
| 133536 | Driver-JDBC | JDBC driver connecting to MSSQL 2000 does not drop dbaccounts when user is deleted in eDirectory. Fixed in SP1 |
| 185040 | Driver-JDBC | The subscriber channel in the JDBC driver was being disabled when the filter was empty. This was corrected in SP1. |
| 183691 | Driver-JDBC | The JDBC triggerless publisher is sending extraneous delete events. Under certain conditions, the JDBM BTree Browser object can become corrupted when entries are removed from the underlying data structure. This problem has been fixed. |
| 136336 | Driver-JDBC | An error in the JDBC driver for Oracle was corrected. Child tables were being ignored for query-back row event types (5 & 6). |
| 167618 | Driver-JDBC | The JDBC driver version 2.0 was modified to not optimize out type 1,2 events when type 6 event is present. |
| 165355 | Driver-JDBC | When multiple JDBC connectors are used with Oracle 9i, and then one is shut down, the others may become hung. Adding an error-code 3135 to the oracle-codes.xml file solved the problem. |
| 172333 | Driver-JDBC | When used with multi-valued attributes in eDirectory 8.8, the JDBC Connector would create malformed INSERT statements for the 2nd and subsequent values. |
| 136339 | Driver-JDBC | Updated the JDBC driver guide to explain the proper use of query-back event types. |
| 173216 | Driver-LDAP | Queries to the LDAP driver rely on the"namingcontextsâ attribute on the LDAP server's rootDSE being set properly. It often isn't in early version of Oracle Internet Directory (OID). A driver workaround was made to allow queries and the "Migrate into Identity Vaultâ option to work properly in those cases. |
| 162001 | Driver-LDAP | Character encoding issues have been fixed and improved in the LDAP driver. The problems fixed occurred primarily when interfacing with Oracle Internet Directory (OID). |
| 158303 | Driver-LDAP | A new LDAP SDK is included with SP1 which fixes a problem with LDAP move operations being formed incorrectly at the protocol level. This affected subscriber move commands in the LDAP driver. |
| 160723 | Driver-LDAP | Parameters were added to the sample LDAP driver configuration that allow the user to define startup behavior when using the LDAP-Search publication method. For example, it is now possible to choose whether the very first poll result will be synchronized if there is no previous poll result to compare with. |
| 153497 | Driver-LDAP | Fixed a problem with driver initialization that occurred if it tried to read a schema definition that claims inheritance from a non-existent class. This problem was rare, but occurred with some Oracle Interent Directory classes, such as orclUniqueConfig. |
| 83673 | Driver-Lotus Notes | |
| 128192 | Driver-Lotus Notes | Fixed erroneous retry loop caused when |
| 156325 | Driver-Lotus Notes | NotesDriverShim no longer displays httpPassword values in clear text. |
| 147750 | Driver-Lotus Notes | NotesDriverShim query processor now appropriately handles search values containing special characters such as backslash ('\'). |
| 74736 | Driver-Lotus Notes | The Notes Driver publisher channel now honors different format selections for publishing src-dn and old-src-dn attributes. Options are: NOTES_TYPED, NOTES, SLASH_TYPED, LDAP_TYPED, LDAP, DOT_TYPED, DOT |
| 74681 | Driver-Lotus Notes | The Notes Driver can add Replication entries to newly created mailfiles (Windows platform only). |
| 176453 | Driver-Lotus Notes | Updated the sample Notes dirver configuration file (Notes.xml) to reflect the appropriate typcase for attribute"Internet EMail Address" instead of the inappropriate typecase of"Internet Email Addressâ |
| 131312 | Driver-Lotus Notes | Improved mailfile filename creation and collision detection logic. |
| 147618 | Driver-Lotus Notes | NotesDriverShim now appropriately handles HTTPPassword creation when a password value contains special characters such as double-quote ("). |
| 149217 | Driver-Role-Based Entitlements | Role-based entitlements driver was enhanced to keep only the current state in the DirXML-EntitlementResult attribute for each entitlement. Other values are cleaned up. |
| 178500 | Driver-Role-Based Entitlements | The Role-based entitlements driver was enhanced to support not only dynamic lists of members, but also to handle static lists, such as "all those on the dynamic list, plus these additional membersâ... or "all those on the dynamic list except for these membersâ. |
| 186329 | Driver-Role-Based Entitlements | A misspelled attribute name prevented the role-based entitlements driver from working correctly. |
| 189170 | Driver-SAP HR | When the driver is given permission to "Read" from the SAP HR system on the Publisher channel, previous versions of the driver attempt to validate the effective dates of future-dated events when the future-dated IDocs are processed. This is done by reading the current data instances and comparing the beginning and ending validity dates of the current data with the validity dates for that data in the future-dated IDoc. The driver now contains a"Future-dated Event Validity Checking Optionâ which enables the Administrator to perform or not perform the validity check. |
| 141426 | Driver-SAP HR | The driver allows all Relationships infotype data (Infotype 1001 and all AD extensions) to be obtained on the Publisher channel via two methods: 1) If the field data is in the Publisher filter, all data will be synchronized as the IDoc is processed. 2) The data may be obtained via the RELATIONSHIPS and RELATIONSHIPS-PADxx pseudo-object queries which can be sent from Publisher channel policies. |
| 173917 | Driver-SOAP | A configurable subscriber option was added to the sample configurations for the SOAP driver that allow the user to specify HTTP result codes that will return a "retryâ status and result in the command being tried again. |
| 166155 | Driver-SOAP | The SOAP driver would sometimes strip SOAP error content from the return, if an error was also set at the HTTP level. The driver has been updated to return both the appropriate error code and also the error content if available. |
| 171718 | Engine-DirXML Script | The DirXML Script processor was getting confused by an input element being embedded somewhere underneath an output element. This was a problem in particular for the JDBC driver, which embeds the complete input document inside the corresponding status element it returns in the the output document. |
| 158387 | Engine-DirXML Script | Enhancement: added do-set-sso-credential, do-set-sso-passphrase, and do-clear-sso-credential actions to DirXML Script to support integration with NSL and SecretStore. |
| 154914 | Engine-Environment Settings | When a driver has been stopped for a long time the driver cache data can build up to a large size. Previously, when 1 MB of data had been processed from the cache the data would be physically purged. The purge process is potentially expensive because it involves physical disk writes. The purge algorithm has been changed such that up to half the cache data will be processed before the cache is physically purged. |
| 173889 | Engine-Filters | Filtering out of notify attributes is not working when applied to the result of a merge. |
| 136617 | Engine-Functionality | IDM reported a -603 when it goes remote for home directory creation because the connection to the remote server was not authenticated. |
| 177006 | Engine-Functionality | Auxiliary classes that are inherit from Top were not added automatically to an add operation because the mandatory attribute Object Class is not usually explicitly present in the add operation. |
| 95797 | Engine-Functionality | If the driver parameters XML references a named password and the named password has not been defined for the driver, then the driver should receive a blank password at startup. Prior to this fix, the driver received the name of the named password instead. |
| 163836 | Engine-Functionality | Removed restriction disallowing moving of an eDirectory object from a partition with a replica on the IDM server to a partition with no replica on the IDM server. |
| 149842 | Engine-Functionality | When many drivers are all set to auto start on a single server there was the possibility that one or more of the drivers wouldn't start due to resource contention. Now drivers are started one at a time, with the Identity Manager Engine waiting until a driver has reported that it is started before starting another driver. |
| 141342 | Engine-Other | Added new engine control that controls the setting of creatorsName attribute for objects being created on the Publisher channel. because of the performance penalty. If the control is is set to true, then the creatorsName will be forced to the DN of the driver. If set to false, then the createorsName will be the DN of the server object hosting the driver. Default for the control is false, whereas the old behavior was true. The change was made because setting creatorsName has to be done in a separate eDirectory transaction which can cut publisher channel add performance in half. |
| 134713 | Engine-Other | When an eDirectory move replicated to an IDM server that did not previously contain a replica or at least an external reference to the moved object, the IDM engine would not generate any events on the publisher channel. Changed so that at least a sync event will be generated. |
| 137898 | Engine-Other | The Identity Manager Engine and Remote Loader can now be used with key pair files generated by Novell Audit's audcgen utility. |
| 145162 | Engine-Password Sync | A modify-password command submitted to the subscriber channel would perform a verify password operation to verify that the password was really different in order to avoid loopback problems and extra events. This caused two problems: a verify password operation that fails causes a) a 3 second delay (a huge performance hit); and b) the intruder lockout count to be incremented. Changed algorithm so that password verification happens by comparing against current value of nspmDistributionPassword instead. |
| 173179 | Engine-Reporting | The Novell Audit event definition file for Identity Manager caused an error when the Novell Audit 2.0 plug-in for iManager was used to browse the Identity Manager Log Application object. This error has been corrected. |
| 142100 | Install-IDM | The DirXML 1.1a versions of the preconfiguration files for the eDirectory driver were still being installed on Solaris, Linux, and AIX |
| 189504 | Install-IDM | The IDM installer should only install SecretStore as part of the metadirectory engine installation if SecretStore is not already installed. The installer is currently always installing SecretStore when it installs the metadirectory engine, potentially overwriting a newer installation of SecretStore. |
| 183513 | Install-IDM | On AIX, the NOVLsss (Novell Secret Store Services) fileset, if not already installed, should be installed as part of the metadirectory engine installation, but it is not currently being installed. |
| 185354 | Install-IDM | Added documentation for Credential Provisioning policies. |
| 171926 | Plugins-Avaya PBX Driver | A PBX site or workorder container can now include the tree name as part of the slash format DN. |
| 173111 | Plugins-DirXML Administration | The driver wizard now creates default engine control values on new drivers. |
| 184738 | Plugins-DirXML Administration | Null pointer exception when you leave the Password Sync property page when there is not a server associated with the driverset. |
| 184713 | Plugins-DirXML Administration | In the "Filter" property page if you double click on a class or attribute in the filter the right side of the page does not slide in all the way to the left. |
| 187032 | Plugins-DirXML Administration | In the "Edit Migration Criteria" dialog there was an unneeded link. |
| 189011 | Plugins-DirXML Administration | In the GCV property page if the type is dn and the dn format is ldap the ldap name is not created correctly. |
| 187732 | Plugins-Email Notification Config | Pressing the "Closeâ button in the "Edit e-Mail Templatesâ page when it is invoked from the "Forgotten Passwordâ property page does not close the "Edit e-Mail Templatesâ page. |
| 152422 | Plugins-Other | The User Profile pages no longer generate unexpected ClassCastException errors. |
| 184302 | Plugins-Password Administration | The iManager help page for password administration that was missing in IDM 3.0 has been added. |
| 187734 | Plugins-Password Administration | In the "Edit e-Mail Template" property page the"Add Tag" pop-up is partially hidden by the select control that holds the list of tags. |
| 184929 | Plugins-Password Administration | The "Add Tag" pop-up is partially hidden when it is displayed in the "Edit e-Mail Template" property page. |
| 151894 | Plugins-Password Administration | The "Check Password Statusâ task takes a long time when the user you are checking the password status for has pending associations. |
| 148805 | Plugins-Password Administration | In the "Password Policy Summaryâ property page, the value displayed for some of the password policy options was not correct. |
| 177090 | Plugins-Password Administration | In the "Password Policy Summaryâ property page, the value displayed for some of the password policy options was not correct. |
| 184641 | Plugins-Password Administration | Unlocalized buttons in the "Edit e-Mail Template" property page. |
| 165190 | Plugins-Password Administration | If an error occurs assigning a password policy to a container an error message is not displayed to the user. |
| 182240 | Plugins-Policy Builder | The hint at the bottom of the New Policy task now shows the correct Role and Task names for the IDM Overview. |
| 178531 | Plugins-Role-Based Entitlements | The filter generated for the Entitlement Service Driver by the RBE plug-ins now include the DirXML-SharedProfile class and Member and excludeMember attributes. This change allows for proper handling of changes to an RBE profile's static or dynamic membership list. |
| 131673 | Plugins-Role-Based Entitlements | Effective with IDM 3, entitlements because structural objects in eDirectory and no longer defined in a driver's manifest. With this fix, the RBE plug-ins no longer require that a driver have a manifest to be considered for entitlements. |
| 170204 | Plugins-Role-Based Entitlements | Non-user classes were not allowed in the Role-based Entitlements plug-in for iManager. If you entered the class manually, a warning appeared. This has been corrected by adding non-user classes to the subscriber filter list in the plug-in. The warning no longer appears. |
| 139482 | Plugins-Role-Based Entitlements | Non user classes are now automatically added to the Entitlement Service Driver's subscriber filter. |
| 148794 | Plugins-Role-Based Entitlements | SP: Re-evaluate membership - warning if driver is stopped. Put a Note under 6.7.1 Defining Membership for an Entitlement Policy. |
| 144018 | Plugins-User Password Management | The API used for obfuscating passwords in policy are no longer publicly available. |
| 181778 | Plugins-Workflow | The provisioning plug-ins now correctly handle localized strings that use both a language and country code. |
| 136192 | Utilities | Regarding password self-service... If a challenge-response question is greater than 128 characters an error would occur in the UserApplication when the user is prompted to enter a response. This was fixed by limiting the length of questions to no more than 128. |
| 156267 | Utilities | Conversion of a 1.x style rule that contained non-standard elements to a DirXML Script policy caused those non-standard elements to be copied verbatim to the policy, causing it to be unusable. |
