Overview
This patch is applicable for Bidirectional eDirectory drivers running Identity Manager 4.7.x and 4.8.x. The driver version will be changed to 4.0.8.1 after the patch is applied.
System Requirements
- Identity Manager 4.7.x and 4.8.x
- (Conditional) libstdc++.so.6 package with GLIBCXX_3.4.20 on eDirectory 8.8.8.8 on OES 11 SP3, SLES 11 SP4 and RHEL 7.x Server for Change-Log 4.0.5 and later.
Upgrading the Driver
The driver upgrade process involves the following tasks:
- Updating the driver files
- Updating the Change-Log module
Updating the Driver Files
- Take a back-up of the current driver configuration.
- Stop the driver instance and the Identity Vault.
- Download and unzip the contents of the IDM_Bidirectional_4081.zip file to a temporary location on your computer.
- (Conditional) To update the driver files as a root user:
- On the server where you want to apply the driver patch, log in as root/administrator.
- Navigate to the <extracted IDM_Bidirectional_4081.zip> directory and perform one of the following actions for your platform:
- (Conditional) To update the driver files as a non-root user:
- Verify that <non-root edirectory="" location="">/rpm directory exists and contains _db.* file.
The _db.* file is created during a non-root installation of the Identity Manager engine. Absence of this file might indicate that Identity Manager is not properly installed. Reinstall Identity Manager to correctly place the file in the directory.
- To set the root directory to the location of non-root Identity Vault, enter the following command in the command prompt:
ROOTDIR=<non-root eDirectory location>
This will set the environmental variables to the directory where Identity Vault is installed as a non-root user.
- To install the driver files, enter the following command:
For example, to install the Bidrectional eDirectory driver RPM, use this command:
rpm --dbpath $ROOTDIR/rpm -Uvh --relocate=/usr=$ROOTDIR/opt/novell/eDirectory --relocate=/etc=$ROOTDIR/etc --relocate=/opt/novell/eDirectory=$ROOTDIR/opt/novell/eDirectory --relocate=/opt/novell/dirxml=$ROOTDIR/opt/novell/dirxml --relocate=/var=$ROOTDIR/var --badreloc --nodeps --replacefiles /home/user/novell-DXMLEdirDrv.rpm
where /opt/novell/eDirectory is the location where non-root eDirectory is installed and /home/user/ is the home directory of the non-root user.
NOTE: Do not restart Identity Vault until you complete upgrading the Change-Log module.
Upgrading the Change-Log Module on Linux as a Root User
- Download and unzip the contents of the IDM_Changelog_4081.zip file to a temporary location on the server running the Changelog module.
- (Conditional) If you are upgrading the Change-Log version from 4.0.1.x to 4.0.8.1, log in as root and run the following command to install the new schema by using ndssch:
For example:
"ndssch -h xxx.xxxx.xxx.xxx -t TREE_NAME admin.xxxxx /xxxx/IDM_Changelog_4081/schema/clschema.sch"
or
"ice -S SCH -f < path.../schema/clschema.sch> -D LDAP -s xxx.xxx.xxx.xxx -d <Admin-DN> -w <password>"
NOTE: This action is not required if you are upgrading the Change-Log version from 4.0.2 or later.
- Stop the eDirectory service (ndsd).
- Upgrade the existing RPM.
- If you are upgrading the Change-Log version from 4.0.2.x, 4.0.3.x, 4.0.4.x, 4.0.5.x, 4.0.6.x, 4.0.7.x to 4.0.8.0, or 4.0.8.0 to 4.0.8.1 run the following command:
- If you are installing the patch for the first time, run the following command:
rpm -ivh (patch-path)/IDM_Changelog_4081/linux-x64/novell-DXMLChlgx.rpm
- If you are upgrading the patch, run the following command:
rpm -Uvh (patch-path)/IDM_Changelog_4081/linux-x64/novell-DXMLChlgx.rpm
- If you are upgrading the Change-Log version from 4.0.1.x to 4.0.8.1, run the following command:
- If you are installing the patch for the first time, run the following command:
rpm -ivh --noscripts (patch-path)/IDM_Changelog_4081/linux-x64/novell-DXMLChlgx.rpm
- If you are upgrading the patch, run the following command:
rpm -Uvh --noscripts (patch-path)/IDM_Changelog_4081/linux-x64/novell-DXMLChlgx.rpm
Upgrading the Change-Log Module on Linux as a Non-root User
If eDirectory is installed as a non-root user, you must install the Change-Log module as a non-root user. The Change-Log files are included in the driver RPM. To install the Change-Log module, install the driver RPM.
- Set the root directory to non-root eDirectory location by entering the following command in the command prompt:
ROOTDIR=<non-root eDirectory location>
This will set the environmental variables to the directory where eDirectory is installed as a non-root user.
For example, ROOTDIR="/local/home/bshidm/base/bshappl/edir. Note that this location is specified in the example script in Step 2.
Alternatively, set the root directory by directly editing the script in a text editor before running the script in Step 2.
- Install the Change-Log module by running the following script in a command prompt:
#!/bin/sh
#set -x
#Copyright © 2020 NetIQ Corporation. All Rights Reserved
clear
echo ""
echo " Installing packages... "
echo ""
if [ "$1" == "" ] ; then
exit
fi
pkgfile=$1
ROOTDIR="/local/home/bshidm/base/bshappl/edir"
RPMDB=$ROOTDIR/rpm
if [ ! -d "$RPMDB" ] ; then
mkdir $RPMDB
fi
# create rpm database if it doesn't exist
if [ ! -f $RPMDB/__db.000 ]
then
# mkdir -p $RPMDB
rpm --dbpath "$RPMDB" --initdb
fi
RPM_FLAGS="--dbpath $RPMDB -Uvh --relocate=/etc=$ROOTDIR/etc --relocate=/opt=$ROOTDIR/opt --relocate=/opt/novell/eDirectory/lib64=$ROOTDIR/opt/novell/eDirectory/lib64 --relocate=/var=$ROOTDIR/var --badreloc --nodeps --replacefiles --force"
rpm $RPM_FLAGS $pkgfile
Upgrading the Change-Log Module on Windows
Perform the following actions to upgrade the Change-Log module on Windows:
- Download and unzip the contents of the IDM_Changelog_4081.zip file to a temporary location on the server running the Changelog module.
- (Conditional) If you are upgrading the Change-Log version from 4.0.1.x to 4.0.8.1, install the new schema by using the ICE utility. The schema file, clschema.sch, is located in a folder named "schema". This folder is created when the IDM_Changelog_4081.zip file is extracted. To extend the clschema.sch schema file, use the ICE utility. For example:
ice -S SCH -f clschema.sch -D LDAP -s <remote eDirectory server> -d <Admin DN> -w <password>
NOTE: This action is not required if you are upgrading the Change-Log version from 4.0.2 or later.
- Stop the eDirectory service.
- Navigate to the \windows-x64 folder in the <extracted IDM_Changelog_4081.zip> directory and copy the following files to your Identity Vault installation folder. For example, \NetIQ\IdentityManager\NDS.
- dirxmllib.dll
- dxevent.dll
- xclldap.dll
- clutil.bat
- Navigate to the \windows-x64 folder in the <extracted IDM_Changelog_4081.zip> directory and copy the following files to your driver installation folder. For example, \NetIQ\IdentityManager\NDS\lib.
NOTE: When the files are copied, they will replace the existing files. Make sure the location you choose contains the existing files that need to be replaced.
Post-Installation Steps
- Start all eDirectory instances (both Identity Vault and Change-Log server).
- In iManager, go to Driver Configuration > Engine Control Values > Set option "Include driver filter in Subscriber initialization document" to "true". This option will be set to "false" by default.
- Start all drivers running on the Bidirectional eDirectory server.
Technical Support Information
Issues Fixed in This Release
- ALM 230701 - Driver fails to register if all attributes and classes are set to ignore in the subscriber channel filter.
- ALM 231233 - CL_entryid_drivername.cfg file is populated incorrectly after upgrading the driver to 4.0.7.0.
Issues Fixed in Previous Releases 4.0.8
- ALM 230530 - The RPM dependency check is replaced with file dependency check to make it compatible with OES.
- ALM 231431, ALM232010 - Implemented multiple fixes to avoid memory corruption.
- ALM 234695 - Added a fix to successfully reinitialize the ChangeLog module when LDAP module is reloaded.
- ALM 230552 - Fixed a scenario where rename is considered as a loopback event and is skipped.
- ALM 229961 - Installed a few missing libraries for the ChangeLog to run successfully on RHEL 7.x platforms.
- ALM 231216 - A configuration change is done in the Bidirectional eDirectory driver to avoid the Home Directory value being replaced by User Template value in the connected tree.
- ALM 232115 - A fix has been implemented in the Bidirectional eDirectory driver code to resolve the hang issue when connecting to Identity Manager Engine.
Issues Fixed in Releases 4.0.7
- Bug 1003645 - Ability to properly handle group entitlements
- Bug 1011732 - Referencing the "drv.acctTrk.statusAttr" GCV works properly. This GCV is included in the driver's Entitlements package shipped with this patch.
- Bug 1051959 - Ability to register the driver when the DIB is located in a non-default path
- Bug 1002139 - The "itp-EntitlementsImpl" policy in the driver's Entitlements package shipped with this patch correctly updates the users when the group membership entitlement is changed
- Bug 1112449 - Ability to register a new driver instance regardless of the length of the driver filter
- Bug 987806 - Schema mapping correctly translates the attributes from a custom schema
Issue Fixed in Driver 4.0.6.0
- Bug 1037154 - Case of a character is no longer ignored when a user or a group is added on the Publisher channel
- Bug 1040242 - The remote eDirectory tree with Change-Log crashes when the driver connects to it
Issues Fixed in Driver 4.0.5.1 Release
- Bug 1095829 - Query triggered by "Migrate into Identity Vault" is correctly executed after upgrading to driver version 4.0.5.0
Issues Fixed in Driver 4.0.5.0 Release
- Bug 1076408 - Error while fetching password data from the ChangeLog module with no additional details
- Bug 1050913 - Changelog module installation on non-root eDirectory server
- Bug 1089338 - Unable to install ChangeLog module on top of OES2018
- Bug 1009683 - Ability to add OU when no attributes are provided
- Bug 867116 - Ability to move source objects
- Bug 998424 - Successfully creates a user when the template has set the Password After Create attribute
- Bug 1000096 - Resolves an issue where the driver starts with missing parameters resulting in a loss of cached events
- Bug 1050663 - Stops the driver and displays an approparite message when LDAP port value is not available in the authentication context
- Bug 1052241 - The "Ignore processing errors" parameter is changed to true to prevent endless looping on the Publisher events
- Bug 1084658 - Connection is successfully established when SSL with Always accept server certificate option is chosen
- Bug 1017516 - The resolve association action is succssfully executed without errors
Issues Fixed in Driver 4.0.3.0 Release
- Bug 972659 - Issue with references attributes by OID on startup trace is fixed
- Bug 983510 - Change-Log no longer stops processing
- Bug 986448 - Login Expiration Time in the XML document using Template correctly synchronizes when it has Login Expiration Time in it
- Bug 990303 - Driver takes correct actions when a non-compliant password is processed
- Bug 991526 - Move operation does not change the case of characters on the destination tree
- Bug 994360 - Published Channel Event in trace log does not show passwords in plain text
- Bug 995767 - Correctly reads groups from Template and sets them in groups
- Bug 1021084 - Successfully synchronizes the private and public key attributes after upgrading to eDirectory 9.0.2
- Bug 1023305 - Ability to publish attributes with a colon. For example, NSCP:employeeNumber
- Bug 1029226 - Resolved an issue where the eDirectory server dumped the core with Change-Log module driver version 4.0.2.0
- Bug 1049953 - eDirectory dumps core in Change-Log after driver update 4.6.1 is applied