This patch is applicable for LDAP drivers running Identity Manager 4.7.2 or later. The driver version will be changed to 184.108.40.206 after the patch is applied.
Identity Manager 4.7.2 or later
- If the driver is running with Remote Loader, the Remote Loader version must be 4.7.2.
- If the driver is running with Identity Manager Engine, the Engine version must be 4.7.2.
Upgrading the Driver
The driver upgrade process involves the following tasks:
- Upgrading the driver package
- Updating the driver files
Upgrading the Driver Package
- Download the LDAP Base package:
- Package Name: NOVLLDAPBASE
- Version: 2.3.2
- Build Date: 20190401
- Build Number: 163833
Open the project containing the driver.
Right-click the driver for which you want to upgrade an installed package, then click Driver > Properties.
A check mark indicates a newer version of a package in the Upgrades column.
Click Select Operation for the package that indicates there is an upgrade available.
From the drop-down list, click Upgrade.
Select the version that you want to upgrade to, then click OK.
NOTE: Designer lists all versions available for upgrade.
(Conditional) Fill in the fields with appropriate information to upgrade the package, then click Next.
Depending on which package you selected to upgrade, you must fill in the required information to upgrade the package.
Read the summary of the packages that will be installed, then click Finish.
Review the upgraded package, then click OK to close the Package Management page.
Updating the Driver Files
- Take a back-up of the current driver configuration.
- (Conditional) If the driver is running locally, stop the driver instance and the Identity Vault.
- (Conditional) If the driver is running with a Remote Loader instance, stop the driver and the Remote Loader instance.
- Download and unzip the contents of the IDM47_LDAP_4200.zip file to a temporary location on your computer.
- (Conditional) To update the driver files as a root user:
- On the server where you want to apply the driver patch, log in as root.
- Navigate to the <extracted IDM47_LDAP_4200.zip> directory and perform one of the following actions for your platform:
(Conditional) To update the driver files as a non-root user:
(Conditional) If the driver is running locally, start the Identity Vault and the driver instance.
- Verify that <non-root edirectory="" location="">/rpm directory exists and contains _db.000 file.
The _db.000 file is created during a non-root installation of Identity Manager Engine. Absence of this file might indicate that Identity Manager is not properly installed. Reinstall Identity Manager to correctly place the file in the directory.
- To set the root directory to the location of non-root Identity Vault, enter the following command in the command prompt:
ROOTDIR=<non-root eDirectory location>
This will set the environmental variables to the directory where Identity Vault is installed as a non-root user.
- To install the driver files, enter the following command:
For example, to install the LDAP driver RPM, use this command:
rpm --dbpath $ROOTDIR/rpm -Uvh --relocate=/usr=$ROOTDIR/opt/novell/eDirectory --relocate=/etc=$ROOTDIR/etc --relocate=/opt/novell/eDirectory=$ROOTDIR/opt/novell/eDirectory --relocate=/opt/novell/dirxml=$ROOTDIR/opt/novell/dirxml --relocate=/var=$ROOTDIR/var --badreloc --nodeps --replacefiles /home/user/novell-DXMLldap.rpm
where /opt/novell/eDirectory is the location where non-root eDirectory is installed and /home/user/ is the home directory of the non-root user.
(Conditional) If the driver is running with a Remote Loader instance, start the Remote Loader instance and the driver instance.
Technical Support Information
What Is New/Issues Fixed in This Release
Issues Fixed in Previous Releases
- Extended support for ZoomDB. From this version onwards, the driver state files will be maintained using ZoomDB.
- Bug 736342 - Loopback detection in Publisher channel works properly even if the Authentication ID configured in the LDAP driver is longer than 63 characters.
- Bug 1066979 - Synchronizing a group in Subscriber channel with both associated and unassociated members does not create an extra member attribute with a null value.
- Bug 1093713 - Changelog metadata is available in the Publisher event in the driver-operation-data node. This is controlled by a new driver parameter.
- Enhancement 1122678 - While configuring the driver using Designer, the Remote Loader configuration is disabled by default because LDAP driver is mostly run locally with the Identity Manager Engine.
- Fixes in LDAP Driver 220.127.116.11
- Resolves a potential password-related information disclosure vulnerability - CVE-2018-17951
- Fixes in LDAP Driver 18.104.22.168
- Bug 1101270 - Driver no longer deletes the Publisher synchronized objects when the connected eDirectory server is not available (stopped)
- Fixes in LDAP Driver 22.214.171.124
- Bug 880300 - Driver no longer uses unicodePwd for passwords in Active Directory. It now encodes them properly
- Bug 1054009 - Query for objectGUID succeeds when using IDM 4.6.x Remote Loader on Windows
- Bug 1060233 - Driver does not query the Identity Vault if objectClass is not obtained from the Publisher event
- Bug 967616 - Shim returns accurate error message if the password is incorrect
- Bug 1037837 - Ability to delete tmp files when a query exceeds the query limits
- Bug 1043140 - Reading changelog does not report java.lang.NullPointerException
- Bug 1055518 - Driver no longer stops if the previous connection is disconnected
- Bug 1087262 - Correct driver version is displayed
- Bug 1089472 - Correct user attribute is updated in the connected system when a user is synchronized from the Identity Vault to the Active Directory LDAP connected server
- Fixes in LDAP Driver 126.96.36.199
- Bug 897750 - Driver successfully returns event-id in response to an activation query
- Fixes in LDAP Driver 188.8.131.52
- Bug 872645 - Driver db file size does not grow with each polling cycle
- Bug 878838 - Driver shim properly honors @is-sensitive="true"
- Security fix for CVE-2014-0601
- Bug 855272 - Driver correctly picks Publisher events when connected to Sun LDAP directory
- Bug 854030 - Multiple LDAP driver queries on Subscriber channel no longer cause Java to run out of threads
- The below issues are also fixed, but they do not have a bug associated with them:
- Publisher caching is relevant while using search publication method. Removed the dependency on changelog parameters
- Publisher modify is optimized (only the latest state of an entry is stored after driver re-start)
- Additional clean up changes are included
- Fixes in LDAP Driver 184.108.40.206
- Bug 757515 - Driver no longer resets connection when eDirectory responds with error -601. (no such object)
- Bug 747204 - Sun Java Directory Password Plug-in believed to be causing a crash of their DS
- Bug 782793 - LDAP Paged Search Results control is sometimes not used even when server supports it
- Bug 574190 - Resolved an issue when adding a multi-line description
- Bug 574890 - Resolved issue with special Characters in CN getting encrypted coming in on the LDAP driver Publisher Channel
- Bug 569622 - Resolved issue where line folding was not working properly on LDAP driver starting on version 3.5.8
- Bug 545640 - Resolved issue where postalAddress got padded with extra white lines. In order to implement the change
- Fixes in Identity Manager 4.0.1-3.5.1 LDAP Driver 220.127.116.11
- Bug 457321 - Driver LDAP shim properly handles unassociated group members
- Bug 703088 - Driver startup no longer fails with NoClassDefFoundError
- Fixes in Identity Manager 4.0.1
- Bug 642430 - Driver-LDAP Boolean attributes are correctly cased by Identity Manager Engine in the input document.
- Bug 661302 - Driver-LDAP Deleted values in OID changelog are no longer reported as a unicode characters instead of a remove-value in the XDS
- Bug 661385 - Driver no longer removes empty lines on multi-lined value modifies