NetIQ Identity Manager Designer 4.7 includes new features, improves usability, and resolves several previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Identity Manager Community Forums, our community Web site that also includes product notifications, blogs, and product user groups.
For information about what’s new in previous releases, see the “Previous Releases” section in the Identity Manager Documentation Web site.
For more information about this release and for the latest release notes, see the Identity Manager Documentation page. To download this product, see the Identity Manager Product Web site.
The following sections outline the key features and functions provided by this version, as well as features that have been removed from the product, and issues resolved in this release:
This release provides the following key features:
This release adds support for the following platforms:
SUSE Linux Enterprise Server (SLES) 12 SP2, SLES 12 SP3
MacOS 10.13 (High Sierra)
NetIQ extends Designer support on MacOS 10.13. Designer files are packaged in the Identity_Manager_4.7_MacOSX_Designer.dmg file. For more information, see Section 6.0, Installing Designer on macOS 10.13 (High Sierra).
Designer has been updated to Java 8 Update 162.
This release introduces the following enhancements:
Designer includes a new option for supporting Common Event Format (CEF) auditing in the driverset properties (Log Level > Log Specific events > CEF).
Identity Manager 4.7 introduces Common Event Format (CEF) for auditing events across all Identity Manager components. CEF is an extensible, text-based format designed to support multiple device types by offering the most relevant information. Using CEF reduces the message syntaxes to work with Embedded Syslog Manager normalization.
This release includes an updated driver configuration page for configuring mutual authentication with Identity Manager 4.7 engine.
You can configure mutual authentication to ensure secure communication between the Remote Loader and the Identity Manager engine. Mutual authentication uses certificates for handshake instead of passwords. The Remote Loader and the Identity Manager engine authenticate each other by exchanging and validating the public key certificate or digital certificate issued by the trusted Certificate Authorities (CAs) or self-signed certificates.
Identity Manager engine processes auxiliary attributes and does not process auxiliary classes. Designer has been updated to restrict addition of auxiliary classes to a driver filter. While working in the Development mode, if you added an auxiliary class and deployed it to the Identity Vault by using an earlier version of Designer, this version of Designer prompts a warning message when you attempt to add an attribute to that auxiliary class after importing it from the Identity Vault.
This release includes a new option in the Preferences page for configuring the LDAP connection time-out value with the Identity Vault. To configure the LDAP connection settings, go to Designer > Windows > Preference > NetIQ > Designer > LDAP Connection.
Designer 4.7 uses LDAP calls for communicating with Identity Vault instead of legacy APIs. The LDAP communication significantly improves the import and deploy operation performance in both normal (private network) and virtual private network environments. The LDAP communication uses the ports configured for LDAP servers in the Identity Vault. LDAP-based Designer replaces NCP-based Designer in this release. This version of Designer includes all the functionality previously provided by Identity Manager NCP-based Designer. If you are upgrading to this release, ensure that you have first upgraded to LDAP-based Designer 4.6. For more information, see Designer 4.6 Release Notes.
This release includes the following software fixes:
Designer provides UTC as a default timezone when creating or editing token-convert-time or token-time tokens. If you open these tokens in the Policy Builder GUI, Designer automatically defaults to the UTC timezone if no timezone was already selected for these tokens. (Bug 876042)
Policy Builder allows you to specify a GCV with a timeout value greater than 30000 for the following actions: (Bug 993892)
Start Workflow
Add Role
Create Role
Add Resource
Create Resource
When a policy adds one or more operations to the current XDS envelope, the Simulator trace shows the correct output. The same output is correctly shown by the Output and Compare tabs of Simulator. (Bug 977038)
While working on a workflow, if you select Roles to Groups Assignment from conditionexpression > Vault Expressions > RoleVault > Role, it changes to Groups to Role Assignments.
This API has been modified in the Workflow ECMAScript Builder. The ECMAScript editor now populates the correct method when getRolesToGroupAssignments method is selected. (Bug 1075462)
Designer now stores the public certificates and the private key that are submitted during the workflow integration activity. These keys are then loaded when establishing an SSL connection enabled with mutual authentication with a SOAP endpoint. (Bug 1056232)
When you export a packaged driver set library to an XML file and then import that file into another driver set, the packages included in the library are now listed as installed in the driver set properties. (Bug 1064816)
The Event Action Expression builder has been enhanced to replace during with around. for Order.
If you insert an interceptAction Form method while using the Event Action Expression builder on a Provisioning Request Definition (PRD), Designer now shows the following values for Order: after, before, and around. (Bug 963062)
While comparing PRDs, Designer ignores the case of the URLs and displays the same XMLData. When you reconcile the differences in Designer, and then deploy the driver, Designer normalizes the CN values. (Bug 1042157)
Designer correctly parses the LDIF XML file and successfully imports the class names while importing the schema from the LDIF file. (Bug 1061276)
In addition to browsing to and selecting a Named Password GCV from ECMAScript objects while editing PRDs, you can now modify this GCV. (Bug 915804)
When you copy Global Configuration Values from a driverset or copy server-specific settings from a driver, GCVs contained in an GCV object (Resource Object) that is not under the driverset or the driver are now copied by Designer. (Bug 663835)
When a valid http or https URL or a file location is specified in the online update URL, Designer allows redirection to the specified site. In case of an incorrect URL, Designer reports an exception.
When a broken page URL is provided along with a valid URL, Designer successfully obtains the available updates. For example, Designer obtains the updates in the following conditions: (Bugs 991425, 1027518)
Broken site.xml + valid URL
Empty site.xml + valid URL
Broken site.xml with file + valid URL
With order of combination both
When the Filter editor is used, Designer internally creates base command stack objects while performing operations such as redo and undo on the filter. When the Filter editor is closed, Designer successfully clears these objects from the memory and improves the overall performance. (Bug 1075508)
While comparing a driverset with a corresponding driverset in the Identity Vault, LDAP traffic is no longed piled on the Identity Manager server. Designer immediately displays the driverset comparison results. (Bugs 1051954, 504823)
For information about hardware requirements and supported operating systems, see the Technical Information for Identity Manager page.
After you purchased Identity Manager 4.7, log in to the Identity Manager Product Web site and follow the link that allows you to download the software. The following files are available:
File Name |
Description |
---|---|
Identity_Manager_4.7_Linux.iso |
Contains all Identity Manager components for Linux. Identity Manager Server (Identity Manager Engine, Remote Loader, Fan-Out Agent, iManager Web Administration), Identity Applications, Identity Reporting, Designer, and Analyzer |
Identity_Manager_4.7_Windows.iso |
Contains all Identity Manager components for Windows. Identity Manager Server (Identity Manager Engine, Remote Loader, Fan-Out Agent, iManager Web Administration), Identity Applications, Identity Reporting, Designer, and Analyzer |
Identity_Manager_4.7_Linux_Designer.tar.gz |
Contains Designer for Linux |
Identity_Manager_4.7_Windows_Designer.zip |
Contains Designer for Windows |
Identity_Manager_4.7_MacOSX_Designer.dmg |
Contains Designer for MacOS 10.13 (High Sierra) |
To download the installation kits, see the NetIQ Downloads Web Site.
You can upgrade to Designer 4.7 from Designer 4.6 using the Designer installation program. For information about the supported upgrade paths, see Supported Upgrade Paths
in the NetIQ Identity Manager Setup Guide for Linux or Supported Upgrade Paths
in the NetIQ Identity Manager Setup Guide for Windows.
To update Designer packages in offline mode, make the package update files available in a local directory on your computer and then configure Designer to read the files from this directory.
To create an offline copy of the package update files:
Log in to the computer that has Designer installed and create a local directory.
Copy the package update files to the directory created in Step1:
Linux: In a shell, change to the directory and run the following commands:
wget -r -nH -np https://nu.novell.com/designer/packages/idm/updatesite1_0_0/
wget -r -nH -np https://nu.novell.com/designer/packages/idm/updatesite2_0_0/
Windows: Perform the following actions:
Launch the package update site by using one of the following URLs:
https://nu.novell.com/designer/packages/idm/updatesite1_0_0/
https://nu.novell.com/designer/packages/idm/updatesite2_0_0/
Select and download the required files.
To configure Designer to read the files from the local directory:
Launch Designer.
From Designer’s main menu, click Windows > Preferences.
Click NetIQ > Package Manager > Online Updates.
Click the plus icon to add a new URL.
Provide information for the following fields:
Vendor: Specify the vendor name for package update.
URL: Specify the URL as file:///<path_to_files>/packages/idm/updatesite1_0_0/.
For Linux mounted ISO, use the following URL format:
file:////media/designer460offline/packages/idm/updatesite1_0_0/
file:////media/designer460offline/packages/idm/updatesite2_0_0/
NOTE:To add multiple package sites, repeat this step for including the specified URLs.
Click OK.
Select the required check boxes for the sites in the Preferences window.
NOTE:The new sites are selected by default.
Click Apply, then click OK.
From Designer’s main menu, click Help > Check for Package Updates.
Select the required updates and click Yes to accept and update the Designer package updates.
You need to launch Designer again for the changes to take effect.
NetIQ provides Identity_Manager_4.7_MacOSX_Designer.dmg file for installing Designer on macOS 10.13.
NOTE:If you already installed Designer from the Identity_Manager_4.7_MacOSX_Designer.tar.gz file, you need not reinstall it from the Identity_Manager_4.7_MacOSX_Designer.dmg file.
Regardless of the method of installation, ensure that the computer on which you are installing Designer meets the following system requirements:
Processor: 1 GHz
Disk space: 1 GB
Memory: 1 GB
Perform the following actions to install Designer from the Identity_Manager_4.7_MacOSX_Designer.dmg file:
Download Identity_Manager_4.7_MacOSX_Designer.dmg from NetIQ Downloads Web Site.
NOTE:Sometimes quarantine attributes such as com.apple.quarantine are included in the Designer application that prevents you from launching Designer. To resolve this issue, see Unable to Launch Designer Application on Mac on NetIQ Designer for Identity Manager Administration Guide.
From the pop-up window that appears, drag and drop the Designer folder into the location where you want to install it.
By default, Mac prompts you to download Designer into the Applications folder. If you choose to install Designer in this folder, Mac creates a Designer shortcut on the launchpad.
NOTE:The following considerations apply to installing two instances of Designer on your operating system:
Install the instances in two different folders.
Install the new instance in a folder that has an existing instance of Designer.
In this case, ensure that you rename the first instance before placing a new instance of Designer.
To launch Designer, click the Designer icon on the launchpad or the Designer application from the installed folder.
For more information about using Designer, see NetIQ Designer for Identity Manager Administration Guide.
To uninstall Designer, right click the Designer folder and select Move to trash.
After Designer is uninstalled, the shortcut is automatically removed from the launchpad.
For troubleshooting Designer, see Troubleshooting Designer in NetIQ Designer for Identity Manager Administration Guide.
The following considerations apply to working with Designer on macOS 10.13.
edir-to-edir certificate creation is not supported
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
You might encounter the following issues while installing Designer:
When you are installing on a path where there are double-byte characters and if your operating system is running the English version of Windows with the East Asian Language Packs installed, the install package throws an error, saying that it cannot extract the compressed file. There are known issues with using double-byte character sets (DBCS) in Windows file paths that come from the operating system (OS) vendor or the install framework vendor. Alternatively, you can install to DBCS paths, when you are installing to a localized version of the operating system.
If you install Designer 4.7 on an openSUSE server in a non-English environment, the installer does not create a Designer shortcut icon on the desktop. (Bug 751561)
When Active Directory Base is installed, some of the User Interface items are displayed incorrectly in the Remote Loader page in the Driver Configuration wizard.
There is no fix for this issue.
You might encounter the following issues while working with Designer:
Proxy Configuration Refuses Authentication With Identity Manager Server on Windows
Issue with Deploying a Few Server Specific Objects In a Multi-Server Environment
Updating Designer and Packages Fails After LDAP Connection Password and Workspace Are Changed
Project Converter Does Not Support a Remotely Mounted Workspace
Internal Web Browser Does Not Work on Linux Platforms in Designer
Setting the LDAP Ports Correctly After Importing a Project into Designer
Designer Does Not Support Using dn-ref Job Parameters as Package Prompts
Designer May Not Properly Display User Application Driver Packages After Upgrading
Designer Cannot Merge Different Global Configuration Value Versions During Driver Import
Designer Does Not Reimport Roles or Resources Previously Exported to XML
Designer Overwrites Modified Package Linkage Order on Update
Importing an Object Into an Existing Project from Identity Vault Takes Longer Than Expected
A Failure Message is Displayed When a Deleted Role Container or Subcontainer Is Deployed
Error Message is Displayed When Notification Templates Are Edited in the E-Mail Template Editor
Performing an Update on a Provisioning Folder With an Existing Name Throws a Version Control Error
Error Displayed when Importing Package Containing the ]]> String in an ECMA Resource Object
Policy with the Same Name in Different Projects is Treated as the Same Policy
Designer Displays An Error Message While Importing an Identity Vault
Pressing Command-Q Keyboard Shortcut on macOS 10.13 Closes Designer Without Prompting
Issue: When Designer is configured to use a proxy server to access the Identity Manager server, Designer fails to authenticate with the Identity Manager server.
Workaround: Perform the following actions:
Open the Designer.ini file located in the Designer installation directory.
Add the following line at the end of the Designer.ini file:
-Djdk.http.auth.tunneling.disabledSchemes=""
Save the Designer.ini file.
Launch Designer.
Issue: If you add a new server to a driver set, Designer overwrites the startup value specified for the drivers residing in the driver set for the first server. (Bug 1081101)
Workaround: Manually change the startup option from the driver configuration.
Issue: While deploying a new driver, sometimes a few server-specific objects such as GCVs are not deployed to all the servers in a multi-server environment. This might occur due to the delay in Identity Vault synchronization across the servers.
Workaround: Redeploy the driver.
Issue: If you are updating Designer and Packages after changing the LDAP connection password and the workspace, Designer reports an error.
Workaround: Navigate to Designer > Window > Preferences > NetIQ > Designer > LDAP Connection and click Apply.
If a driver name contains a # character, Designer does not successfully deploy all the configuration for the driver.
Issue: If you convert Designer 3.5 project to Designer 4.7 after mounting the Designer 3.5 workspace in the local computer where Designer 4.7 is installed, the Project Converter does not convert the Designer 3.5 project. (Bug 658159)
Workaround: Copy the Designer 3.5 workspace to the local computer where Designer 4.7 is installed, and then run the Project Converter.
Issue: The internal Web browser does not work as expected because of XULRunner issues. (Bug 612438)
Workaround: Navigate to the external browser from Designer > Windows > Preferences > General > Web Browser > Use External Web Browser. This brings up the iManager URL through the system default Web browser, such as Mozilla Firefox or Microsoft Internet Explorer.
Issue: When you create a project after importing it from a live system in Designer, Designer does not set the ports correctly in the Identity Vault Properties view. (Bug 680745)
Workaround: Change the LDAP ports in the Identity Vault Properties view before deploying the imported project.
Designer does not support using job parameters of the dn-ref type as package prompts. If you are required to add a dn-ref job parameter as a package prompt, use a dn job parameter as a package prompt instead. (Bug 806651, Bug 777509)
Issue: If you create a non-base package for a User Application driver in Designer and then upgrade to Designer version 4.6, Designer does not display the package in the Available Packages list when you install the User Application driver. (Bug 827294, Bug 789499)
Workaround: To install the package, clear Show only applicable package versions, select the appropriate package, and then click Next.
If you install a driver in Designer that includes at least one global configuration value (GCV) and then try to import a second version of the driver that has a modified version of the existing GCV, Designer displays a message saying the global variables could not be merged.
Designer does not currently support merging existing GCVs during the driver import process, irrespective of whether the conflicting GCVs are located on the driver, in the driver set, or in any GCV resource objects. (Bug 838471, Bug 841105)
Issue: If you create a role or resource subcontainer in the Provisioning view Role Catalog, add a role or resource to that subcontainer, export the Role Catalog to an XML file, then delete the subcontainer and role or resource and attempt to recover the role or resource by importing from the XML file, the import does not recreate the role or resource. (Bug 846134, Bug 846604)
Workaround: To import Role Catalog subcontainers and objects from an XML file, you must create a new User Application driver and import the XML file into that driver’s Role Catalog.
If you modify the order of linkages within a package, Designer does not recognize the package as being customized. Subsequently, if you update the package, Designer overwrites the modified linkage order with the linkage order specified in the updated package. (Bug 845207)
Issue: This issue may occur when a project has many unused packages in the Package Catalog. (Bug 1034562)
Workaround: Perform the following actions:
Remove the unused packages from the Package Catalog.
Right-click Package Catalog and select Remove Unused Packages.
Import Identity Manager objects into Designer.
Issue: If you delete a container or subcontainer that contains roles and then attempt to deploy it, the deployment fails. This is because, by design, a container or subconatainer that contains roles cannot be deleted. (Bug 846814, Bug 846359)
Workaround: Perform the following actions:
Delete the roles contained in the container or subcontainer.
Deploy the container or subcontainer and wait for the Roles driver to delete the roles.
After the roles are deleted, delete the container or subcontainer.
Deploy the container containing the subcontainer that you deleted.
When you edit a notification template in the E-Mail Template Editor, an error message is displayed in the Error tab. For example, if you open an HTML e-mail template, such as the Forgot Hint link and enter some text in the body tag, an error notification is displayed in the Error tab. (Bug 879626)
Issue: When you import provisioning objects (from XML files) from Resources in the Provisioning view, the containers and the objects inside them are neither imported successfully nor displayed in the Provisioning view, as expected. Instead, the containers are missing and only the resources are displayed. (Bug 847299)
Workaround: Import the provisioning objects (XML files) by right-clicking Role Catalog and not Resource. This ensures that the resource and resource containers are imported and displayed in the Provisioning view.
When you create two User Application drivers with the same name and perform an Update operation, a version control error is thrown. This is because of a conflict that occurs when one user commits the changes made to the project and at the same time, another user updates the same project.
For more information about managing packages in version control, see Managing Packages Best Practices
in the NetIQ Designer for Identity Manager Administration Guide. (Bug 881818)
To work around this issue, follow the instructions mentioned in this Web site: . (Bug 889167)
When you compare a newly created empty roles or resource sub-container (by clicking Live-Compare in Provisioning View), the Designer/eDir Object Compare window does not show the compare status as unequal. Instead, it shows equal. (Bug 890543)
The default port for deployment is port 389. You can deploy the entitlement policy using other ports, such as port 636.
To change the port, launch Modeler, go to the Properties view and select Identity Vault. Change useLDAPSecureChannel setting to True.
Issue: Cannot import packages containing the string ]]> in an ECMA resource. The following error message is displayed: (Bug 1004484)
The bundle file does not contain a valid XML document: ": (47): character not allowed.
Workaround: You can use any of the following workarounds:
Use the following function:
function test() { return "]"+"]"+">" }
OR
Use the following function:
function test() { return "]]\>" return "]]>" }
Issue: While creating certificates for driver configurations with long names, Designer sometimes tries to create KMOs with names longer than 64 characters. As a result, the certificate creation fails.
Certificate creation also fails if the CA expiration date is before the KMO expiry date. (Bug 1000125)
Workaround: Perform the following actions:
When a driver configuration has a long name, no workaround is available.
When CA expiration date is earlier than the KMO expiration date, verify that the certificate's NotAfter attribute value is not set to a value greater than the CA's corresponding attribute value.
Issue: If you open a policy in a project and then create a copy of the project and open the already open policy from the copied project, Designer redirects you to the editor containing the policy from the original project. (Bug 1016705)
Workaround: Close the policy editor opened from the original project and open it from the copied project.
Issue: Designer can add new GCVs but does not support merging existing GCVs with the GCVs that are modified in an imported driver configuration. In such cases, Designer reports conflicting GCVs that it finds on the driver, driver set, or any GCV resource objects. (Bug 1000122)
Workaround: There is no workaround at this time.
Issue: While importing an Identity Vault into Designer, Designer displays the following error message in the Import Summary page:
Default notification collection object is missing.
Workaround: Perform the following actions:
Click OK on the error message.
Continue with importing the Identity Vault.
Import all templates into Designer by clicking Email templates > Add all templates.
Deploy the templates to the Identity Vault.
Issue: If you import a project from the live Identity Vault server, and import the certificate permanently, and then revert the server (for example, revert a snapshot) to an older state and reimport the same project, Designer displays an error in the Import Summary page. (Bug 1082018)
Workaround: Perform the following actions before performing live operations with the Identity Vault server:
Navigate to <designer-installation-location>/configuration and delete the LDAPServerCerts file.
Restart Designer.
Issue: macOS provides Command-Q keyboard shortcut to quit an application. If you use it to close Designer, Designer does not prompt you for confirmation before closing. (Bug 1082018)
Workaround: Disable the Command-Q option in macOS.
Go to System Preferences > Keyboard > Keyboard Shortcuts.
Click Application Shortcuts.
Click the + button to add a shortcut for an application. In this example, we are disabling Cmd-Q for Designer.
Select Designer from Application.
Specify Show All for Menu Title.
Provide the exact name of the menu action item as a new keyboard shortcut in Keyboard Shortcut. Select a shortcut that is not Cmd-Q. For example, Cmd-Option-Q.
Click Add to change the setting.
NetIQ Corporation recommends that you do not run Designer with the gtk-qt-engine RPM installed, because it causes crashes and Designer theme issues. This RPM package is installed with SUSE Linux and some other Linux distributions.
If you must use the gtk-qt-engine RPM package, obtain the latest version that you can download from the KDE-Look Web site. Note that even with the latest version of the package, the Designer theme functionality might not be present.
To determine whether you have the gtk-qt-engine RPM package installed, enter:
rpm -qa|grep gtk-qt
If gtk-qt-engine appears in the list, run the following command as the root user to remove the package:
rpm -e gtk-qt-engine
You might encounter the following issues when you use workflows in Designer:
Issue: Under the Resources List in the Role Editor, a read-only list of the associated resources is available along with the role. The information in this list is obtained and updated for all the roles when the Role Catalog is imported from eDirectory. You can see new resource associations but not the resource associations that have been removed in the User Application. (Bug 516730)
Workaround: To workaround this issue, perform the following actions:
From Designer’s main menu, select Windows > Preferences > NetIQ > Provisioning > Import/Deploy.
Select Delete local object on import when object has been deleted in Identity Vault.
Click Apply or OK.
From the Provisioning View, select the Role Catalog object and run the Live Import. This action imports the resource associations and provides you the updated correct information.
Issue: If you create a role or resource subcontainer, add one or more objects to the subcontainer, deploy the Role Catalog, and then delete the subcontainer and try to re-deploy the Catalog, Designer throws a java.lang.NullPointerException error message.
This issue occurs because Designer does not immediately delete role or resource objects when you delete those objects in the Role Catalog. Instead, Designer marks the objects for deletion by the Role and Resource Service Driver when the driver deploys the Catalog to the Identity Vault. (Bug 846814)
Workaround: Complete the following steps:
In the Provisioning view, right-click the role or resource object located in the subcontainer you want to delete and select Delete.
Select Delete object in identity vault on deploy of parent container, then click OK.
Right-click Role Catalog and select Live > Deploy All.
Click Deploy, then click OK.
To verify the Role and Resource Service Driver has deleted the role, log into iManager.
In iManager, click View Objects.
In the Tree, navigate to your User Application driver and expand AppConfig > RoleConfig > RoleDefs.
Click the container where the role was previously stored. If the role is still in the container in the Identity Vault, refresh until the Role and Resource Service Driver removes the role.
In the Provisioning View in Designer, right-click the subcontainer you want to remove and select Delete, then click OK.
Right-click Role Catalog and select Live > Deploy All.
Click Deploy, then click OK.
Issue: Designer currently displays deployment status incorrectly when you delete a role from the Role Catalog in Designer and then deploy the Catalog to the Identity Vault. In some instances, when the Role and Resource Service Driver successfully deletes a role from the Identity Vault, Designer incorrectly displays a failure message. At the same time, if the Role and Resource Driver is stopped, Designer incorrectly displays a success message. (Bug 846029, Bug 847047)
Workaround: To verify that the Role and Resource Driver removed the role you deleted from the Identity Vault, complete the following steps:
Log in to iManager and click View Objects.
In the Tree, navigate to your User Application driver and expand AppConfig > RoleConfig > RoleDefs.
Click the container where the role was previously stored.
When finished, close iManager.
You might encounter the following issues when you use Document Generator:
Designer 4.7 does not generate documentation for roles-based entitlement policies or roles-based provisioning module resources. For more information about generating documentation for projects, see Documenting Projects in the NetIQ Designer for Identity Manager Administration Guide.(Bug 480369)
In Designer projects with more than 40 drivers installed or very large roles-based provisioning module deployments, the Document Generator fails with an out-of-memory error.
This error occurs due to limitations in the Apache FOP print formatter that Designer uses to generate documentation. For information on the memory-usage limitations of the FOP formatter and suggestions for improving memory usage, see “Memory Usage” on the Apache FOP Project page. (Bug 796616, Bug 520231)
Issue: When you generate a document in Designer, it is not listed in the Generated folder in the project, though it (the generated PDF document) opens without any errors. (Bug 879625)
Workaround: Refresh the Generated folder to make the generated document available in the list.
You might encounter the following issues while working with workspaces used by previous versions of Designer:
Issue: Identity Manager does not support a direct conversion of non-compatible Designer projects (such as Designer 4.5.x or before) to Designer 4.7. (Bug 1078772)
Workaround: Perform the following actions:
Deploy all schema changes to the Identity Vault by using a non-compatible version of Designer.
Install Designer 4.7.
Import all classes and attributes from the Identity Vault to Designer 4.7.
Designer 2.1.1 workspaces are not compatible with Designer 4.7. Designer stores projects and configuration information in a workspace. These workspaces are not compatible from one version of Designer to another. You must point Designer 4.7 to a new workspace and not to a workspace that was used by a previous version of Designer.
To work around this issue, convert the older projects to Designer 3.0.1, then import them into Designer 4.7. (Bug 531135)
You might encounter the following issues when you upgrade Designer:
Designer Auto Update Window Contains Incorrect Information About Upgrading
Upgrading from Designer 3.0.1 to Designer 4.7 is Not Supported
Upgrading User Application Driver Package from Designer 3.0 to 4.7 Shows the Package as Customized
Designer does not Generate Certificates for eDirectory Servers with NICI 2.7.7.0
Issue: The Auto Update feature performs only an automatic update and does not upgrade your current version to Designer 4.7.
Workaround: Manually upgrade to Designer 4.7.
Issue: Designer 3.5 and later is a full-fledged RCP application. It does not support upgrades from versions of Designer prior to 3.5. If you import a Designer 3.0.1 project into the latest release of Designer, Designer automatically converts the project to version 4.7 so that the project can be used in the latest Designer release. (Bug 531690)
Workaround: There is no workaround at this time.
Issue: If you create a project using a previous version of Designer and then upgrade your environment to Designer 4.7, you must manually update and deploy the schema to be able to work with the project.
In addition, if you create a project using a previous version of Designer and then import that project into a Designer 4.7 environment, you must also perform the schema update and deploy the updated schema. (Bug 845210)
Workaround: To modify and deploy Designer 4.7 schema changes, complete the following steps:
In the Modeler, right-click the Identity Vault and select Manage Vault Schema.
In the Classes list, select DirXML-PkgItemAux.
In the Attributes window for the DirXML-PkgItemAux class, click the Add Optional icon.
In the Select Optional Attribute window, select DirXML-pkgLinkages and click OK.
Click OK.
Save your Designer project.
Right-click the Identity Vault and select Live > Schema > Compare.
Click the drop-down menu and select Show all.
Expand Attributes and select DirXML-pkgLinkages.
If the Compare Status is Unequal, select Update eDirectory.
Expand Classes and select DirXML-PkgItemAux.
If the Compare Status is Unequal, select Update eDirectory.
Click Reconcile, then click No.
Click OK when finished.
After upgrading this version, migrate your Package Catalog to the new linkage structure.
(Conditional) If you have not already imported your project into Designer 4.7, click File > Import and follow the steps in the Import Wizard.
(Conditional) If you want to update an existing project, you are recommended to back up your project:
Click Project > Export Project.
In the Export Project window, select the project.
Select To archive file.
(Conditional) Click either Save in zip format or Save in tar format, as appropriate for your environment.
Click Browse and navigate to where you want to save the backup file.
In the Outline view, right-click Package Catalog and select Migrate Linkages.
Click Yes to confirm you have already backed up your project.
Click OK.
This procedure is applicable for projects that were created using any version prior to Designer 4.7 and for projects imported from the Identity Vault. (Bug 847441)
If you create a User Application driver package using Designer 3.0 and then upgrade to Designer 4.7, the property of the User Application base package that is installed, is shown as Customized. (Bug 889949)
Issue: This error occurs because the upgrade program does not delete the org.eclipse.osgi container. (Bug 886559)
Workaround: Delete the container from <designer_install_location>\configuration\ and start Designer.
Issue: Designer 4.7 needs NICI 3.1 or later to create the certificates. If you are installing Designer on a server with an eDirectory version prior to 9.1, Designer does not automatically upgrade NICI to 3.1 version. To enable Designer to create the certificates, upgrade NICI to 3.1.
Be informed that upgrading NICI to 3.1 on an eDirectory server prior to 9.1 causes other compatibility issues. Therefore, NetIQ recommends you to upgrade eDirectory to 9.1 or later versions.
Workaround: There is no workaround at this time.
Issue: When you select an e-mail notification template for editing, Designer opens Form XML Editor instead of E-Mail Template Editor for Japanese and Russian locales. (Bug 1080066)
Workaround: There is no workaround at this time.
You might encounter the following issues when you uninstall Designer:
When you run the installer to uninstall Designer from a Windows server, the installer might not remove all folders created during the installation process. In some environments, the installer does not remove the packages or plugins folders from the Designer installation folder. (Bug 748541)
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2018 NetIQ Corporation. All Rights Reserved.