Identity Manager 4.0
Identity Manager 4.0.1
Identity Manager Roles Based Provisioning Module 3.6.1
Identity Manager Roles Based Provisioning Module 3.7
Identity Manager Roles Based Provisioning Module 4.0
Identity Manager Roles Based Provisioning Module 4.0.1
For example, LDAP interprets SYN_TIME to be a positive integer with the MSB indicating dates after 2037. iManager uses the MSB to indicate dates prior to 1970. This resulted in a disparity between LDAP's allowed date ranges (1970-2106) and iManager's (1903-2037).
In order to maintain consistency between eDirectory's tools a change was made in the aforementioned patches to align iManager's and LDAP's interpretation of the date value stored in eDirectory. This change, however, affected RBPM customers who have and are creating delegation or proxy assignments when selecting " no expiration " prior to submitting the request. Those assignments already created in this way, after applying these patches, will appear to be expired. Those attempted to be created will fail.
The following fixes apply:
eDirectory 8.8 SP6 Patch 4 Hotfix1 for All Platforms
eDirectory 8.8 SP5 Patch6 Hotfix1 for All Platforms
The "Role Based Provisioning Module" server.log shows the following:11:35:13,799 ERROR [VirtualDataAccess] Ldap error creating object:
Error: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code
19 - NDS error: syntax violation (-613)]; remaining name