Environment
NetIQ Identity Manager
NetIQ Identity Manager Driver - Core Fan Out
NetIQ Identity Manager Driver - Linux and UNIX - Bi-directional (formally NIS)
NetIQ Identity Manager Driver - Linux and UNIX - Fan Out
NetIQ Identity Manager Driver - Linux and UNIX Settings
NetIQ Identity Manager Driver - Mainframe ACF2 Fanout
NetIQ Identity Manager Driver - Mainframe ACF2 Bi-directional
NetIQ Identity Manager Driver - Mainframe RACF Bi-directional
NetIQ Identity Manager Driver - Mainframe RACF Fan Out
NetIQ Identity Manager Driver - Mainframe Top Secret Bi-directional
NetIQ Identity Manager Driver - Mainframe Top Secret Fan Out
NetIQ Identity Manager Driver - Midrange OS/400 Bi-directional
NetIQ Identity Manager Driver - Midrange OS/400 Fan Out
Situation
Defects fixed in the IDM 4.0.2a release. This release is a refresh of 3 ISOs that include some fixes.
The 3 ISOs are
NIdM_Integration_Module_4.0.2a_LinuxUnix.iso | |
NIdM_Integration_Module_4.0.2a_Mainframes_Midrange.iso | |
NIdM_Integration_Module_4.0.2a_Scripting.iso |
Resolution
The defects fixed in the ISOs are listed below:
Mainframes_Midrange ISO:
RACF Driver FixesSmall memory leak in SAFQUERY leads to growth in RACFDRV task when readingonly one attribute on a query.An OC4 abend in RACFDRV (IKJEFTST), that can sometimes occur on shutdown on someLPAR systems.Query was not returning correct values for the following attributes:DirXML-RACF-ovm-gidDirXML-RACF-omvs-gidSubscriber "Command" class would often execute invalid commands.Password changes now support "NOEXPIRED":- If no <password> element is present on the <add>, no password willbe sent to RACF and, instead, RACF will default it to the user'sdefault group, per the command documentation.- If an empty <password> element is specified, then "NOPASSWORD" will beappended to the ADDUSER command.- If a <password> element is found with a value and ";expired" appended,the value will be used for PASSWORD(value) on the ADDUSER, omitting"UNEXPIRED", as to make it an expired password.- A <password> with a normal text value, will assign a RACF password anduse the "NOEXPIRED" to create a password that is not expired.Fixed an OC4 abend in SAFQUERY when invalid read-attrs are supplied.Added query support for wildcards:The following query doc:<query scope="subtree" event-id="0"><search-class class-name="User"/><search-attr attr-name="DirXML-RACF-userid"><value>J*</value></search-attr><read-attr attr-name="DirXML-RACF-name"/></query>Would return the NAME field for all RACF user profiles that start with "J".The following keywords were not being published properly:NOTERMUACCGRPACCNOGRPACC
Linux Unix ISO:i5os DriverThe 4.0.2 ISO contained i5osdrv.sav file from 3.6.1 media. This has been replaced with the correct version.
Scripting ISO:FanOut Driver:AIX now uses password API's to support userid's longer than 8 characters.This feature, consequently, only works with AIX 5.3 and later. Therefore,AIX 5.2, which is no longer supported by IBM, will not work properly withthis field patch.Optimized group membership processing for trawls and provisioning requests.ManagerStatusHtml page now displays the Certificate Authority expiration date.Added three new certificate expiration alert messages:CRT012A Platform Certificate will expire on <date>.CRT013A Core Driver Certificate will expire on <date>.CRT014A Certificate Authority will expire on <date>.Certificate Authority expiration date now displays on the Provisioning andComponent Status overview pages.Platform services now updates the lastContactTime, every 4 hours, whileconnected.The lastContactTime is updated more frequently, by asamrcvr, when connectedin PERSISTENT mode.
Linux/Unix Scripting Driver:
Publisher poll and heartbeat scripts now support the IDMQUERY and TRACE functions.
Windows Scripting DriverFixed add association producing invalid object id in status log file