Defects fixed in the IDM 4.0.2a release

  • 7011516
  • 13-Dec-2012
  • 13-Dec-2012

Environment

NetIQ Identity Manager
NetIQ Identity Manager Driver - Core Fan Out
NetIQ Identity Manager Driver - Linux and UNIX - Bi-directional (formally NIS)
NetIQ Identity Manager Driver - Linux and UNIX - Fan Out
NetIQ Identity Manager Driver - Linux and UNIX Settings
NetIQ Identity Manager Driver - Mainframe ACF2 Fanout
NetIQ Identity Manager Driver - Mainframe ACF2 Bi-directional
NetIQ Identity Manager Driver - Mainframe RACF Bi-directional
NetIQ Identity Manager Driver - Mainframe RACF Fan Out
NetIQ Identity Manager Driver - Mainframe Top Secret Bi-directional
NetIQ Identity Manager Driver - Mainframe Top Secret Fan Out
NetIQ Identity Manager Driver - Midrange OS/400 Bi-directional
NetIQ Identity Manager Driver - Midrange OS/400 Fan Out

Situation

Defects fixed in the IDM 4.0.2a release.  This release is a refresh of 3 ISOs that include some fixes.
The 3 ISOs are
NIdM_Integration_Module_4.0.2a_LinuxUnix.iso
NIdM_Integration_Module_4.0.2a_Mainframes_Midrange.iso
NIdM_Integration_Module_4.0.2a_Scripting.iso
 

Resolution

The defects fixed in the ISOs are listed below:
 
Mainframes_Midrange ISO:

RACF Driver Fixes

Small memory leak in SAFQUERY leads to growth in RACFDRV task when reading
only one attribute on a query.

An OC4 abend in RACFDRV (IKJEFTST), that can sometimes occur on shutdown on some
LPAR systems.

Query was not returning correct values for the following attributes:

DirXML-RACF-ovm-gid
DirXML-RACF-omvs-gid

Subscriber "Command" class would often execute invalid commands.

Password changes now support "NOEXPIRED":

- If no <password> element is present on the <add>, no password will
be sent to RACF and, instead, RACF will default it to the user's
default group, per the command documentation.

- If an empty <password> element is specified, then "NOPASSWORD" will be
appended to the ADDUSER command.

- If a <password> element is found with a value and ";expired" appended,
the value will be used for PASSWORD(value) on the ADDUSER, omitting
"UNEXPIRED", as to make it an expired password.

- A <password> with a normal text value, will assign a RACF password and
use the "NOEXPIRED" to create a password that is not expired.

Fixed an OC4 abend in SAFQUERY when invalid read-attrs are supplied.

Added query support for wildcards:

The following query doc:

<query scope="subtree" event-id="0">
<search-class class-name="User"/>
<search-attr attr-name="DirXML-RACF-userid">
<value>J*</value>
</search-attr>
<read-attr attr-name="DirXML-RACF-name"/>
</query>

Would return the NAME field for all RACF user profiles that start with "J".


The following keywords were not being published properly:

NOTERMUACC
GRPACC
NOGRPACC


i5os Driver

The 4.0.2 ISO contained i5osdrv.sav file from 3.6.1 media. This has been replaced with the correct version.

Linux Unix ISO:

FanOut Driver:

AIX now uses password API's to support userid's longer than 8 characters.
This feature, consequently, only works with AIX 5.3 and later. Therefore,
AIX 5.2, which is no longer supported by IBM, will not work properly with
this field patch.

Optimized group membership processing for trawls and provisioning requests.

ManagerStatusHtml page now displays the Certificate Authority expiration date.

Added three new certificate expiration alert messages:

CRT012A Platform Certificate will expire on <date>.
CRT013A Core Driver Certificate will expire on <date>.
CRT014A Certificate Authority will expire on <date>.

Certificate Authority expiration date now displays on the Provisioning and
Component Status overview pages.

Platform services now updates the lastContactTime, every 4 hours, while
connected.

The lastContactTime is updated more frequently, by asamrcvr, when connected
in PERSISTENT mode.


Scripting ISO:

Linux/Unix Scripting Driver:

Publisher poll and heartbeat scripts now support the IDMQUERY and TRACE functions.


Windows Scripting Driver

Fixed add association producing invalid object id in status log file