Overview
This patch is applicable for Bidrectional eDirectory drivers running Identity Manager 4.7.x. The driver version will be changed to 4.0.7.0 after the patch is applied.
System Requirements
- Identity Manager 4.7 or later
- (Conditional) libstdc++.so.6 package with GLIBCXX_3.4.20 on eDirectory 8.8.8.8 on OES 11 SP3 or SLES 11 SP4 for Change-Log 4.0.6
To install the latest libstdc++.so.6 RPM, use the SLES 11 SP4 update channel and restart ndsd.
Upgrading the Driver
The driver upgrade process involves the following tasks:
- Upgrading the driver packages
- Updating the driver files
- Updating the Change-Log module
Upgrading the Driver Packages
- Download the following packages:
- Bidirectional eDirectory Driver eDir2eDir Base package
- Package Name: NOVLEDIR2BS
- Version: 2.4.4
- Build Date: 20190205
- Build Number: 172430
- Bidirectional eDirectory Driver Entitlements package
- Package Name: NOVLEDIR2ENT
- Version: 2.2.6
- Build Date: 20190319
- Build Number: 091722
- Open the project containing the driver.
- Right-click the driver for which you want to upgrade an installed package, then click Driver > Properties.
- Click Packages.
A check mark indicates a newer version of a package in the Upgrades column.
- Click Select Operation for the package that indicates there is an upgrade available.
- From the drop-down list, click Upgrade.
- Select the version that you want to upgrade to, then click OK.
NOTE: Designer lists all versions available for upgrade.
- Click Apply.
- (Conditional) Fill in the fields with appropriate information to upgrade the package, then click Next.
Depending on which package you selected to upgrade, you must fill in the required information to upgrade the package.
- Read the summary of the packages that will be installed, then click Finish.
- Review the upgraded package, then click OK to close the Package Management page.
Upgrading the Driver
The driver upgrade process involves updating the driver files.
Updating the Driver Files
- Take a back-up of the current driver configuration.
- Stop the driver instance and the Identity Vault.
- Download and unzip the contents of the IDM_Bidirectional_4070.zip file to a temporary location on your computer.
- (Conditional) To update the driver files as a root user:
- On the server where you want to apply the driver patch, log in as root/administrator.
- Navigate to the <extracted IDM_Bidirectional_4070.zip> directory and perform one of the following actions for your platform:
- Linux: Install the new novell-DXMLEdirDrv.rpm in your driver installation directory by running the following command in a terminal window:
rpm -Uvh (patch-path)/linux/novell-DXMLEdirDrv.rpm
NOTE: To install the driver RPM on Open Enterprise Server 2018 SP1, run the following command:
rpm -Uvh (patch-path)/linux/novell-DXMLEdirDrv.rpm --nodeps
- Windows: Copy the EdirDriverShim.jar file to your driver installation folder. For example, \NetIQ\IdentityManager\NDS\lib.
- (Conditional) To update the driver files as a non-root user:
- Verify that <non-root edirectory="" location="">/rpm directory exists and contains _db.* file.
The _db.* file is created during a non-root installation of the Identity Manager engine. Absence of this file might indicate that Identity Manager is not properly installed. Reinstall Identity Manager to correctly place the file in the directory.
- To set the root directory to the location of non-root Identity Vault, enter the following command in the command prompt:
ROOTDIR=<non-root eDirectory location>
This will set the environmental variables to the directory where Identity Vault is installed as a non-root user.
- To install the driver files, enter the following command:
For example, to install the Bidrectional eDirectory driver RPM, use this command:
rpm --dbpath $ROOTDIR/rpm -Uvh --relocate=/usr=$ROOTDIR/opt/novell/eDirectory --relocate=/etc=$ROOTDIR/etc --relocate=/opt/novell/eDirectory=$ROOTDIR/opt/novell/eDirectory --relocate=/opt/novell/dirxml=$ROOTDIR/opt/novell/dirxml --relocate=/var=$ROOTDIR/var --badreloc --nodeps --replacefiles /home/user/novell-DXMLEdirDrv.rpm
where /opt/novell/eDirectory is the location where non-root eDirectory is installed and /home/user/ is the home directory of the non-root user.
NOTE: Do not restart Identity Vault until you complete upgrading the Change-Log module.
Upgrading the Change-Log Module on Linux as a Root User
- Download and unzip the contents of the IDM_Changelog_4070.zip file to a temporary location on the server running the Changelog module.
- (Conditional) If you are upgrading the Change-Log version from 4.0.1.x to 4.0.2, log in as root and run the following command to install the new schema by using ndssch:
For example:
"ndssch –h xxx.xxxx.xxx.xxx –t TREE_NAME admin.xxxxx /xxxx/IDM_Changelog_4020/schema/clschema.sch"
or
"ice -S SCH -f < path.../schema/clschema.sch> -D LDAP -s xxx.xxx.xxx.xxx -d <Admin-DN> -w <password>"
NOTE: This action is not required if you are upgrading the Change-Log version from 4.0.2 or later.
- Stop the eDirectory service (ndsd).
- Upgrade the existing RPM.
- If you are upgrading the Change-Log version from 4.0.2.x, 4.0.3.x, 4.0.4.x, 4.0.5.x, or 4.0.6.x to 4.0.7, run the following command:
rpm –Uvh (patch-path)/IDM_Changelog_4070/linux-x64/novell-DXMLChlgx.rpm
NOTE: To upgrade the Change-Log version on Open Enterprise Server 2018 SP1, run the following command:
rpm –Uvh (patch-path)/IDM_Changelog_4070/linux-x64/novell-DXMLChlgx.rpm --nodeps
- If you are upgrading the Change-Log version from 4.0.1.x to 4.0.2, run the following command:
rpm –Uvh --noscripts (patch-path)/IDM_Changelog_4020/linux-x64/novell-DXMLChlgx.rpm
NOTE: To upgrade the Change-Log version on Open Enterprise Server 2018 SP1, run the following command:
rpm –Uvh --noscripts (patch-path)/IDM_Changelog_4020/linux-x64/novell-DXMLChlgx.rpm --nodeps
Upgrading the Change-Log Module on Linux as a Non-root User
If eDirectory is installed as a non-root user, you must install the Change-Log module as a non-root user. The Change-Log files are included in the driver RPM. To install the Change-Log module, install the driver RPM.
- Set the root directory to non-root eDirectory location by entering the following command in the command prompt:
ROOTDIR=<non-root eDirectory location>
This will set the environmental variables to the directory where eDirectory is installed as a non-root user.
For example, ROOTDIR="/local/home/bshidm/base/bshappl/edir. Note that this location is specified in the example script in Step 2.
Alternatively, set the root directory by directly editing the script in a text editor before running the script in Step 2.
- Install the Change-Log module by running the following script in a command prompt:
***************************************************************
#!/bin/sh
#set -x
#© 2017 NetIQ Corporation and its affiliates. All Rights Reserved
clear
echo "======================================================================"
echo " Installing packages... "
echo "======================================================================"
if [ "$1" == "" ] ; then
exit
fi
pkgfile=$1
ROOTDIR="/local/home/bshidm/base/bshappl/edir"
RPMDB=$ROOTDIR/rpm
if [ ! -d "$RPMDB" ] ; then
mkdir $RPMDB
fi
# create rpm database if it doesn't exist
if [ ! -f $RPMDB/__db.000 ]
then
# mkdir -p $RPMDB
rpm --dbpath "$RPMDB" --initdb
fi
RPM_FLAGS="--dbpath $RPMDB -Uvh --relocate=/etc=$ROOTDIR/etc --relocate=/opt=$ROOTDIR/opt --relocate=/opt/novell/eDirectory/lib64=$ROOTDIR/opt/novell/eDirectory/lib64 --relocate=/var=$ROOTDIR/var --badreloc --nodeps --replacefiles --force"
rpm $RPM_FLAGS $pkgfile
Upgrading the Change-Log Module on Windows
Perform the following actions to upgrade the Change-Log module on Windows:
- Download and unzip the contents of the IDM_Changelog_4070.zip file to a temporary location on the server running the Changelog module.
- (Conditional) If you are upgrading the Change-Log version from 4.0.1.x to 4.0.2, install the new schema by using the ICE utility. The schema file, clschema.sch, is located in a folder named "schema". This folder is created when the IDM_Changelog_4070.zip file is extracted. To extend the clschema.sch schema file, use the ICE utility. For example:
ice -S SCH -f clschema.sch -D LDAP -s <remote eDirectory server> -d <Admin DN> -w <password>
NOTE: This action is not required if you are upgrading the Change-Log version from 4.0.2 or later.
- Stop the eDirectory service.
- Navigate to the \windows-x64 folder in the <extracted IDM_Bidirectional_4070.zip> directory and copy the following files to your Identity Vault installation folder. For example, \NetIQ\IdentityManager\NDS.
- dirxmllib.dll
- dxevent.dll
- xclldap.dll
- clschema.sch
- clutil.bat
- Navigate to the \windows-x64 folder in the <extracted IDM_Bidirectional_4070.zip> directory and copy the following files to your driver installation folder. For example, \NetIQ\IdentityManager\NDS\lib.
NOTE: When the files are copied, they will be replacing the existing files. Make sure the location you choose contains the existing files that need replaced.
Post-Installation Steps
- Start all eDirectory instances (both Identity Vault and Change-Log server).
- Start all drivers running on the Bidirectional eDirectory server.
Technical Support Information
Issues Fixed in This Release
- Bug 1140886 - Introduced a new Subscriber option named ‘Create Home directory’ to allow you to create home directories in the destination eDirectory. This removes the need for setting the Create Home Directory attribute to Yes on the User class in the driver filter. This option is included in the driver's eDir2eDir Base package shipped with this patch.
- Bug 1003645 - Ability to properly handle group entitlements
- Bug 1011732 - Referencing the "drv.acctTrk.statusAttr" GCV works properly. This GCV is included in the driver's Entitlements package shipped with this patch.
- Bug 1051959 - Ability to register the driver when the DIB is located in a non-default path
- Bug 1002139 - The "itp-EntitlementsImpl" policy in the driver's Entitlements package shipped with this patch correctly updates the users when the group membership entitlement is changed
- Bug 1112449 - Ability to register a new driver instance regardless of the length of the driver filter
- Bug 987806 - Schema mapping correctly translates the attributes from a custom schema
Issues Fixed in Previous Releases
Issue Fixed in Driver 4.0.6.0
- Bug 1037154 - Case of a character is no longer ignored when a user or a group is added on the Publisher channel
- Bug 1040242 - The remote eDirectory tree with Change-Log crashes when the driver connects to it
Issues Fixed in Driver 4.0.5.1 Release
- Bug 1095829 - Query triggered by "Migrate into Identity Vault" is correctly executed after upgrading to driver version 4.0.5.0
Issues Fixed in Driver 4.0.5.0 Release
- Bug 1076408 - Error while fetching password data from the changelog side with no additional details
- Bug 1050913 - Changelog module installation on non-root eDirectory server
- Bug 1089338 - Unable to install changelog module on top of OES2018
- Bug 1009683 - Ability to add OU when no attributes are provided
- Bug 867116 - Ability to move source objects
- Bug 998424 - Successfully creates a user when the template has set the Password After Create attribute
- Bug 1000096 - Resolves an issue where the driver starts with missing parameters resulting in a loss of cached events
- Bug 1050663 - Stops the driver and displays an approparite message when LDAP port value is not available in the authentication context
- Bug 1052241 - The "Ignore processing errors" parameter is changed to true to prevent endless looping on the Publisher events
- Bug 1084658 - Connection is successfully established when SSL with Always accept server certificate option is chosen
- Bug 1017516 - The resolve association action is succssfully executed without errors
Issues Fixed in Driver 4.0.3.0 Release
- Bug 972659 - Issue with references attributes by OID on startup trace is fixed
- Bug 983510 - Change-Log no longer stops processing
- Bug 986448 - Login Expiration Time in the XML document using Template correctly synchronizes when it has Login Expiration Time in it
- Bug 990303 - Driver takes correct actions when a non-compliant password is processed
- Bug 991526 - Move operation does not change the case of characters on the destination tree
- Bug 994360 - Published Channel Event in trace log does not show passwords in plain text
- Bug 995767 - Correctly reads groups from Template and sets them in groups
- Bug 1021084 - Successfully synchronizes the private and public key attributes after upgrading to eDirectory 9.0.2
- Bug 1023305 - Ability to publish attributes with a colon. For example, NSCP:employeeNumber
- Bug 1029226 - Resolved an issue where the eDirectory server dumped the core with Change-Log module driver version 4.0.2.0
- Bug 1049953 - eDirectory dumps core in Change-Log after driver update 4.6.1 is applied