Some of you may have struck the Certificates does not conform to algorithm constraints issue with Sentinel and been a bit confused by the original response of “A proper resolution is to use custom certificates on the logging applications that use strong encryption (key sizes of 1024 or more). Once all applications have been updated, the restriction can be put back in place.” as stated in TID 7014219.

When it comes to eDirectory, Identity Manager, iManager, and Access Manager, the default certificate is actually buried in the Platform Agent (PA) binaries that are distributed by each product, so requires patching from engineering to rectify.

Fixes are now available (most of the bugs are restricted to Attachmate employees, so you may get a “You are not authorized to access bug #xxxxxx” message if you try to view them).

eDirectory Bug 854994 was resolved in May 2014 and is available in eDirectory 88SP8 Patch 2 and eDirectory 88SP7 Patch 6 – note the instructions about manually updating the Instrumentation.

Identity Manager Bug 859236 is recently resolved and is available in the upcoming v4.5 release. If you run the current v4.0.2 release, you need to raise a Service Request to gain the patch from this bug (remember to reference the bug number in your SR).

When patching, make sure the lcache process is stopped when patching eDirectory and Identity Manager (doesn’t stop with eDirectory):

ps -ef | grep -i lcache
kill -9 insert-lcache-pid-here

The lcache process will automatically start again with eDirectory.

More articles on my Website.

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

One Comment

Aug 22, 2014
11:34 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow