This update is applicable for LDAP drivers running Identity Manager 4.7 or later. The driver version will be changed to 188.8.131.52 after the patch is applied.
Identity Manager 4.7.3 or later
Upgrading the Driver
The driver upgrade process involves updating the driver files.
Updating the Driver Files
- Take a back-up of the current driver configuration.
- (Conditional) If the driver is running locally, stop the driver instance and the Identity Vault.
- (Conditional) If the driver is running with a Remote Loader instance, stop the driver and the Remote Loader instance.
- Download and unzip the contents of the IDM47_LDAP_4201.zip file to a temporary location on your computer.
- (Conditional) To update the driver files as a root user:
- On the server where you want to apply the driver patch, log in as root.
- Navigate to the <extracted IDM47_LDAP_4201.zip> directory and perform one of the following actions for your platform:
- Linux: Install the new novell-DXMLldap.rpm in your driver installation directory by running one of the following commands in a terminal window:
If you are installing the driver for the first time, run the following command:
rpm -ivh (patch-path)/linux/novell-DXMLldap.rpm
If you are upgrading the driver, run the following command:
rpm -Uvh (patch-path)/linux/novell-DXMLldap.rpm
- Windows: Copy LDAPShim.jar and LDAPUtil.jar files to your driver installation folder. The folder location differs with the Identity Manager version.
For Identity Manager 4.8, the locations are as follows:
C:\NetIQ\IDM\NDS\lib, if the driver is locally installed with the Identity Manager engine.
C:\NetIQ\IDM\RemoteLoader\32bit\lib for 32-bit and C:\NetIQ\IDM\RemoteLoader\64bit\lib for 64-bit system, if the driver is installed with the Remote Loader.
For Identity Manager 4.7 or upgrade from 4.7 to 4.8, the locations are as follows:
C:\NetIQ\eDirectory\lib, if the driver is locally installed with the Identity Manager engine.
C:\novell\remoteloader\32bit\lib for 32-bit and C:\novell\remoteloader\64bit\lib for 64-bit system, if the driver is installed with the Remote Loader.
- (Conditional) To update the driver files as a non-root user:
(Conditional) If the driver is running locally, start the Identity Vault and the driver instance.
- Verify that <non-root edirectory="" location="">/rpm directory exists and contains _db.* file.
The _db.* file is created during a non-root installation of the Identity Manager engine. Absence of this file might indicate that Identity Manager is not properly installed. Reinstall Identity Manager to correctly place the file in the directory.
- To set the root directory to the location of non-root Identity Vault, enter the following command in the command prompt:
ROOTDIR=<non-root eDirectory location>
This will set the environmental variables to the directory where Identity Vault is installed as a non-root user.
- To install the driver files, enter the following command:
For example, to install the LDAP driver RPM, use this command:
rpm --dbpath $ROOTDIR/rpm -Uvh --relocate=/usr=$ROOTDIR/opt/novell/eDirectory --relocate=/etc=$ROOTDIR/etc --relocate=/opt/novell/eDirectory=$ROOTDIR/opt/novell/eDirectory --relocate=/opt/novell/dirxml=$ROOTDIR/opt/novell/dirxml --relocate=/var=$ROOTDIR/var --badreloc --nodeps --replacefiles /home/user/novell-DXMLldap.rpm
where /opt/novell/eDirectory is the location where non-root eDirectory is installed and /home/user/ is the home directory of the non-root user.
(Conditional) If the driver is running with a Remote Loader instance, start the Remote Loader instance and the driver instance.
Technical Support Information
Issue Fixed in This Release
- Bug 1149116 - Resolved an issue wherein the LDAP driver may display a NullPointerException while building the publisher cache, resulting in the inability to send the publisher events.
- Bug 1159859 - With this version of the driver, the LDAP directory resync issue in the publisher channel that occurred with each driver restart is resolved.
What Is New/Issues Fixed in LDAP Driver 184.108.40.206
Issues Fixed in Previous Releases
- Extended support for ZoomDB. From this version onwards, the driver state files will be maintained using ZoomDB.
- Bug 736342 - Loopback detection in Publisher channel works properly even if the Authentication ID configured in the LDAP driver is longer than 63 characters.
- Bug 1066979 - Synchronizing a group in Subscriber channel with both associated and unassociated members does not create an extra member attribute with a null value.
- Bug 1093713 - Changelog metadata is available in the Publisher event in the driver-operation-data node. This is controlled by a new driver parameter.
- Enhancement 1122678 - While configuring the driver using Designer, the Remote Loader configuration is disabled by default because LDAP driver is mostly run locally with the Identity Manager Engine.
- Fixes in LDAP Driver 220.127.116.11
- Resolves a potential password-related information disclosure vulnerability - CVE-2018-17951
- Fixes in LDAP Driver 18.104.22.168
- Bug 1101270 - Driver no longer deletes the Publisher synchronized objects when the connected eDirectory server is not available (stopped)
- Fixes in LDAP Driver 22.214.171.124
- Bug 880300 - Driver no longer uses unicodePwd for passwords in Active Directory. It now encodes them properly
- Bug 1054009 - Query for objectGUID succeeds when using IDM 4.6.x Remote Loader on Windows
- Bug 1060233 - Driver does not query the Identity Vault if objectClass is not obtained from the Publisher event
- Bug 967616 - Shim returns accurate error message if the password is incorrect
- Bug 1037837 - Ability to delete tmp files when a query exceeds the query limits
- Bug 1043140 - Reading changelog does not report java.lang.NullPointerException
- Bug 1055518 - Driver no longer stops if the previous connection is disconnected
- Bug 1087262 - Correct driver version is displayed
- Bug 1089472 - Correct user attribute is updated in the connected system when a user is synchronized from the Identity Vault to the Active Directory LDAP connected server
- Fixes in LDAP Driver 126.96.36.199
- Bug 897750 - Driver successfully returns event-id in response to an activation query
- Fixes in LDAP Driver 188.8.131.52
- Bug 872645 - Driver db file size does not grow with each polling cycle
- Bug 878838 - Driver shim properly honors @is-sensitive="true"
- Security fix for CVE-2014-0601
- Bug 855272 - Driver correctly picks Publisher events when connected to Sun LDAP directory
- Bug 854030 - Multiple LDAP driver queries on Subscriber channel no longer cause Java to run out of threads
- The below issues are also fixed, but they do not have a bug associated with them:
- Publisher caching is relevant while using search publication method. Removed the dependency on changelog parameters
- Publisher modify is optimized (only the latest state of an entry is stored after driver re-start)
- Additional clean up changes are included
- Fixes in LDAP Driver 184.108.40.206
- Bug 757515 - Driver no longer resets connection when eDirectory responds with error -601. (no such object)
- Bug 747204 - Sun Java Directory Password Plug-in believed to be causing a crash of their DS
- Bug 782793 - LDAP Paged Search Results control is sometimes not used even when server supports it
- Bug 574190 - Resolved an issue when adding a multi-line description
- Bug 574890 - Resolved issue with special Characters in CN getting encrypted coming in on the LDAP driver Publisher Channel
- Bug 569622 - Resolved issue where line folding was not working properly on LDAP driver starting on version 3.5.8
- Bug 545640 - Resolved issue where postalAddress got padded with extra white lines. In order to implement the change
- Fixes in Identity Manager 4.0.1-3.5.1 LDAP Driver 220.127.116.11
- Bug 457321 - Driver LDAP shim properly handles unassociated group members
- Bug 703088 - Driver startup no longer fails with NoClassDefFoundError
- Fixes in Identity Manager 4.0.1
- Bug 642430 - Driver-LDAP Boolean attributes are correctly cased by the engine in the input document.
- Bug 661302 - Driver-LDAP Deleted values in OID changelog are no longer reported as a unicode characters instead of a remove-value in the XDS
- Bug 661385 - Driver no longer removes empty lines on multi-lined value modifies