This hotfix is applicable for SAP User drivers running Identity Manager 4.6 or later. The driver version will be changed to 18.104.22.168 after the hotfix is applied.
Upgrading the Driver
- Identity Manager 4.6 or later
- Driver with SAP JCO3 at a minimum
- Driver with latest base package is recommended
The driver upgrade process involves updating the driver files.
Updating the Driver Files
- Take a back-up of the current driver configuration.
- (Conditional) If the driver is running locally, stop the driver instance and the Identity Vault.
- (Conditional) If the driver is running with a Remote Loader instance, stop the driver and the Remote Loader instance.
- Download and unzip the contents of the IDM_SAPUM_4032.zip file to a temporary location on your computer.
- (Conditional) To update the driver files as a root user:
- On the server where you want to apply the driver patch, log in as root.
- Navigate to the <extracted IDM_SAPUM_4032.zip> directory and perform one of the following actions for your platform:
(Conditional) To update the driver files as a non-root user:
(Conditional) If the driver is running locally, start the Identity Vault and the driver instance.
- Verify that <non-root edirectory="" location="">/rpm directory exists and contains _db.000 file.
The _db.000 file is created during a non-root installation of the Identity Manager engine. Absence of this file might indicate that Identity Manager is not properly installed. Reinstall Identity Manager to correctly place the file in the directory.
- To set the root directory to the location of non-root Identity Vault, enter the following command in the command prompt:
ROOTDIR=<non-root eDirectory location>
This will set the environmental variables to the directory where Identity Vault is installed as a non-root user.
- To install the driver files, enter the following command:
For example, to install the SAP User driver RPM, use this command:
rpm --dbpath $ROOTDIR/rpm -Uvh --relocate=/usr=$ROOTDIR/opt/novell/eDirectory --relocate=/etc=$ROOTDIR/etc --relocate=/opt/novell/eDirectory=$ROOTDIR/opt/novell/eDirectory --relocate=/opt/novell/dirxml=$ROOTDIR/opt/novell/dirxml --relocate=/var=$ROOTDIR/var --badreloc --nodeps --replacefiles /home/user/novell-DXMLsapus.rpm
where /opt/novell/eDirectory is the location where non-root eDirectory is installed and /home/user/ is the home directory of the non-root user.
(Conditional) If the driver is running with a Remote Loader instance, start the Remote Loader instance and the driver instance.
Technical Support Information
Issue Fixed in This Release
- Bug 1115373 - Correctly processes operations involving roles that contain "error" in the role name
- Bug 1121454 - Makes successful connections to SAP child instances
Issues Fixed in Previous Releases
Issues Fixed in Driver 22.214.171.124
Issues Fixed in Driver 4.0.3 and Earlier Releases
- Bug 1098760 - Driver shim no longer changes the case of character ß (LATIN SMALL LETTER SHARP S)
- Bug 816350 - Issue with two polling loop parameters fixed
- Bug 894294 - Driver honors the force password change setting on secondary connections
- Bug 976607 - Added support for SUSR_GET_ADMIN_USER_LOGIN_INFO
- Bug 977228 - ADDSMTP Attribute is correctly handled
- Bug 1005552 - Ability to set values for DESCRIPTION:RESPONSIBLE and DESCRIPTION:TECHDESC
- Bug 1043660 - Processes removal of ADDFAX with multiple values
- Bug 800443 - Provides a way to allow JCO set the password as productive password
- Bug 1006747 - Ability to set up SAP SSL encrypted connection by using SNC
- Bug 1029869 - UserJOC3test.class is updated with SNC related information
- Security fix - CVE-2016-1603
- Bug 839079 - Corrected role assignment entitlemnt configuration
- Bug 874081 - Common policy and GCV's are moved out of default driver configuration
- Bug 888949 - User is no longer automatically unlocked in the Identity Vault during Publisher modify operation
- Bug 889712 - Corrected the SAP UserActGroupsAssign error handling
- Bug 894311 - Merge operation works correctly
- Bug 896603 - No multiple orphaned policies are left behind
- Bug 896754 - "Account IDs in the Managed Systems Current State" report correctly displays "Identity Vault Account Status" for a couple of Account Identifiers
- Bug 934602 - Assigning a non-existing role to SAP correctly reports an error instead of "Role xyz does not exist" warming
- Bug 937266 - ADMIN_SET option is removed from packages
- Bug 973780 - Correctly sets the Company attribute during an Add operation
- Bug 992978 - SETGRANULARLOCKS correctly locks the user
- Bug 893437 - SAP Fanout driver successfully processes a Merge event with an E-mail address empty
- Bug 794036 - Support extended to SAP Netweaver 7.31
- Bug 791499 - SAP Netweaver 7.30 correctly produces iDoc files when a user is added to a SAP Role
- Bug 801771 - Correct information is provided when a role is added or removed
- Bug 816165 - RoleProfileAssignmentPoller no longer goes into an infinite loop on every second when the SAP server is unavailable
- Bug 818322 - Correct processing of role or profile modification of multiple users belonging to CUA Central
- Bug 819609 - Publisher channel role and profile assignment polling is stopped when the channel is disabled
- Bug 824032 - Publisher Channel role or profile assignment for bulk users correctly processes for all users
- Bug 824543 - iDoc files are no longer re-processed on the Publisher channel when the driver is configured using the Remote Loader
- Bug 815959 - RPM and trace contents show the correct driver version
- Bug 819607 - Typc corrected in Publisher channel driver trace for Role and Profile Assignment polling
- Bug 824865 - Updated SAP User Management Base v126.96.36.19930424175903 Designer package readme
- Bug 818328 - Publisher channel no longer processes unnecessary additional iDoc files when a user's address and profiles/roles are modified
- Bug 786810 - No NullPointerException reported when the driver Publisher channel receives an iDoc with TRFC Jcoserver
- Bug 767479 - Returns correct information when locking a user
- Bug 764922 - Returns descriptive and meaningful error messages
- Bug 678610 - Returns an error when you try to add a role without sufficient rights
- Bug 603829 - Returns an error when you try to add a role that does not exist
- Bug 624137 - Returns descriptive and meaningful error messages
- Bug 620671 - Forces a user to change password on subsequent login despite the driver is set to no change
- Bug 615135 - issue fixed that was caused by SAP software patch that sent 'E' instead of 'S' or 'W' and caused the driver to fail
- Bug 631130 - USER_SET/ADMIN_SET password mode selection is no longer reversed for secondary connections