This update is applicable for LDAP drivers running Identity Manager 4.7 or later. The driver version will be changed to 126.96.36.199 after the patch is applied.
Identity Manager 4.7 or later
Upgrading the Driver
The driver upgrade process involves updating the driver files.
Updating the Driver Files
- Take a back-up of the current driver configuration.
- (Conditional) If the driver is running locally, stop the driver instance and the Identity Vault.
- (Conditional) If the driver is running with a Remote Loader instance, stop the driver and the Remote Loader instance.
- Download and unzip the contents of the IDM47_LDAP_4112.zip file to a temporary location on your computer.
- (Conditional) To update the driver files as a root user:
- On the server where you want to apply the driver patch, log in as root.
- Navigate to the <extracted IDM447_LDAP_4122.zip> directory and perform one of the following actions for your platform:
(Conditional) To update the driver files as a non-root user:
(Conditional) If the driver is running locally, start the Identity Vault and the driver instance.
- Verify that <non-root edirectory="" location="">/rpm directory exists and contains _db.* file.
The _db.* file is created during a non-root installation of the Identity Manager engine. Absence of this file might indicate that Identity Manager is not properly installed. Reinstall Identity Manager to correctly place the file in the directory.
- To set the root directory to the location of non-root Identity Vault, enter the following command in the command prompt:
ROOTDIR=<non-root eDirectory location>
This will set the environmental variables to the directory where Identity Vault is installed as a non-root user.
- To install the driver files, enter the following command:
For example, to install the LDAP driver RPM, use this command:
rpm --dbpath $ROOTDIR/rpm -Uvh --relocate=/usr=$ROOTDIR/opt/novell/eDirectory --relocate=/etc=$ROOTDIR/etc --relocate=/opt/novell/eDirectory=$ROOTDIR/opt/novell/eDirectory --relocate=/opt/novell/dirxml=$ROOTDIR/opt/novell/dirxml --relocate=/var=$ROOTDIR/var --badreloc --nodeps --replacefiles /home/user/novell-DXMLldap.rpm
where /opt/novell/eDirectory is the location where non-root eDirectory is installed and /home/user/ is the home directory of the non-root user.
(Conditional) If the driver is running with a Remote Loader instance, start the Remote Loader instance and the driver instance.
Technical Support Information
Issue Fixed in This Release
Issues Fixed in Previous Releases
- This release resolves a potential password-related information disclosure vulnerability - CVE-2018-17951.
Fixes in LDAP Driver 188.8.131.52
Fixes in LDAP Driver 184.108.40.206
- Bug 1101270 - Driver no longer deletes the Publisher synchronized objects when the connected eDirectory server is not available (stopped)
Fixes in LDAP Driver 220.127.116.11
- Bug 880300 - Driver no longer uses unicodePwd for passwords in Active Directory. It now encodes them properly
- Bug 1054009 - Query for objectGUID succeeds when using IDM 4.6.x Remote Loader on Windows
- Bug 1060233 - Driver does not query the Identity Vault if objectClass is not obtained from the Publisher event
- Bug 967616 - Shim returns accurate error message if the password is incorrect
- Bug 1037837 - Ability to delete tmp files when a query exceeds the query limits
- Bug 1043140 - Reading changelog does not report java.lang.NullPointerException
- Bug 1055518 - Driver no longer stops if the previous connection is disconnected
- Bug 1087262 - Correct driver version is displayed
- Bug 1089472 - Correct user attribute is updated in the connected system when a user is synchronized from the Identity Vault to the Active Directory LDAP connected server
Fixes in LDAP Driver 18.104.22.168
- Bug 897750 - Driver successfully returns event-id in response to an activation query
Fixes in LDAP Driver 22.214.171.124
- Bug 872645 - Driver db file size does not grow with each polling cycle
- Bug 878838 - Driver shim properly honors @is-sensitive="true"
- Security fix for CVE-2014-0601
- Bug 855272 - Driver correctly picks Publisher events when connected to Sun LDAP directory
- Bug 854030 - Multiple LDAP driver queries on Subscriber channel no longer cause Java to run out of threads
- The below issues are also fixed, but they do not have a bug associated with them:
- Publisher caching is relevant while using search publication method. Removed the dependency on changelog parameters
- Publisher modify is optimized (only the latest state of an entry is stored after driver re-start)
- Additional clean up changes are included
Fixes in Identity Manager 4.0.1-3.5.1 LDAP Driver 126.96.36.199
- Bug 757515 - Driver no longer resets connection when eDirectory responds with error -601. (no such object)
- Bug 747204 - Sun Java Directory Password Plug-in believed to be causing a crash of their DS
- Bug 782793 - LDAP Paged Search Results control is sometimes not used even when server supports it
- Bug 574190 - Resolved an issue when adding a multi-line description
- Bug 574890 - Resolved issue with special Characters in CN getting encrypted coming in on the LDAP driver Publisher Channel
- Bug 569622 - Resolved issue where line folding was not working properly on LDAP driver starting on version 3.5.8
- Bug 545640 - Resolved issue where postalAddress got padded with extra white lines. In order to implement the change
Fixes in Identity Manager 4.0.1
- Bug 457321 - Driver LDAP shim properly handles unassociated group members
- Bug 703088 - Driver startup no longer fails with NoClassDefFoundError
- Bug 642430 - Driver-LDAP Boolean attributes are correctly cased by the engine in the input document.
- Bug 661302 - Driver-LDAP Deleted values in OID changelog are no longer reported as a unicode characters instead of a remove-value in the XDS
- Bug 661385 - Driver no longer removes empty lines on multi-lined value modifies