Google G Suite Driver 4.2.2.0

Created by Michael Weaver, last modified on 7/1/2022
Date: 7/1/2022
Download: Google G Suite Driver 4.2.2.0 Release

Release Notes

NetIQ Google G Suite Driver 4.2.2.0 Patch
Build 4.2.2.0

PATCHES THIS PATCH SUPERSEDES

All prior versions, including:

ABSTRACT

Patch for the NetIQ Identity Manager Google G Suite Driver. This will take the driver build version to 4.2.2.0. You must have the NetIQ G Suite Driver 4.2.0.0 or newer to apply this patch. This patch contains the following changes:

  1. Corrected issue where a modify event on user names could fail due to source data missing the UserName object. (GADRIVER-384)
  2. Corrected issue preventing multivalued ExternalId attributes on user creation events from adding all values. (GADRIVER-385, SR 101318791801)
  3. Removed diagnostic trace messages which inadvertently exposed user password changes in clear text into trace logs. (GADRIVER-387, Support Case 2047869)
  4. Corrected issue preventing the remove-all-values command from working with custom schema attributes. (GADRIVER-388)
  5. Fixed rare issue causing a user modify event to error with a missing password response from the Google servers. (GADRIVER-390)
  6. Corrected a class cast exception caused when adding values to a multivalued custom schema attribute. (GADRIVER-391)

The only updated file is gmailshim.jar. If updating from 4.2.x.x, no other changes are required.

DETAILS

Overview: This is a patch for the Google Apps Driver.
System Requirements: Novell Identity Manager 4.5 or higher

Files provided with this update (with MD5 sum):
ed448347fc0104034aa14c8189bf37de *commons-logging-1.1.1.jar
b7a3bbb7c6832cd48b889a079614e7d8 *DirectoryScopes.txt
517c607196bebc0adf5cdb26fec27cd2 *gdata-appsforyourdomain-1.0.jar
3f2292058cda93293052c162512b27ed *gdata-appsforyourdomain-meta-1.0.jar
2b5ae2c5542606c442b6c4d729d0b658 *gdata-base-1.0.jar
cd00dc4999d7813f16401582dd93a948 *gdata-client-1.0.jar
bfe3dff20944012d465faa4a28e123d6 *gdata-client-meta-1.0.jar
d07fc71e005171d359440f4a7222f7ad *gdata-contacts-3.0.jar
39197de58161b57bb0b862a4b31fe83f *gdata-contacts-meta-3.0.jar
c51dc9b54e15af5a7de9684cb4516bb1 *gdata-core-1.0.jar
08e3385d9e6e1e26cac0b2d2bbb14351 *gmailshim.jar
3724eb4fd83f192bd7a6738082aaa4b8 *google-api-client-java6.jar
90f1abbbeace9963044767bf1a7adaf3 *google-api-client.jar
fc39b8362ecb614040385209bffa84e8 *google-api-services-admin-directory.jar
aa60435557b8374fae9fcc148251eb92 *google-api-services-gmail.jar
abfeed1ad975c3e6f08b819c31e323c3 *google-api-services-groupssettings.jar
b3fab879762996affd762315da019a0c *google-api-services-oauth2.jar
1d582258e6a198882a3b9bc21017ef2e *google-http-client-gson.jar
89ad7e003c21f760bec82afef1e214af *google-http-client-jackson2.jar
feb4d41ef809977d6da6915b76e94099 *google-http-client.jar
518e414cccc81ab8ffb117059b13b4d0 *google-oauth-client-java6.jar
88a3cd45e727d0c457e9e11e3c506334 *google-oauth-client-jetty.jar
1dc684593fa1e1af1d812f494081b306 *google-oauth-client.jar
e16b1b8fca0980263f764f633ec91dd6 *gson.jar
eae9048a7177a69881323c08c5122aa4 *guava.jar
1d5a772e400b04bb67a7ef4a0e0996d8 *jsr305-1.3.9.jar
d41d8cd98f00b204e9800998ecf8427e *sums.txt
33ec8d237cbaceeffb2c2a7f52afd79a *xercesImpl.jar

Linux:

Upload the novell-DXMLGoogleApps.rpm file to the linux server.

  1. Stop all drivers
  2. Stop eDirectory
  3. Run rpm -U novell-DXMLGoogleApps.rpm
  4. Restart eDirectory

Windows:

The connector binary and accessory jar files are located in the eDirectory DirXML class library path. This path is dependent on your install location. On Windows hosts, it is typically [Install_Location]\NDS\lib

  1. Stop all drivers
  2. Stop eDirectory
  3. Copy the provided files to the DirXML class library path
  4. Delete older duplicate files, such as v1.22 google libraries and guava ensuring that only one copy of each provided file is present.
  5. Restart eDirectory

Remote Loader:

Remote loader driver paths are dependent on how the remote loader is installed. Locate the existing gmailshim.jar on the remote loader host to identify the correct path.

  1. Stop the remote loader instance
  2. Copy the provided files to the correct remote loader path
  3. Delete older duplicate files, such as v1.22 google libraries and guava ensuring that only one copy of each provided file is present
  4. Restart remote loader instance

TECHNICAL SUPPORT INFORMATION

Fixes made in the NetIQ IDM 4.2.2.0 Google G Suite Driver:

  1. Corrected issue where a modify event on user names could fail due to source data missing the UserName object. (GADRIVER-384)
  2. Corrected issue preventing multivalued ExternalId attributes on user creation events from adding all values. (GADRIVER-385, SR 101318791801)
  3. Removed diagnostic trace messages which inadvertently exposed user password changes in clear text into trace logs. (GADRIVER-387, Support Case 2047869)
  4. Corrected issue preventing the remove-all-values command from working with custom schema attributes. (GADRIVER-388)
  5. Fixed rare issue causing a user modify event to error with a missing password response from the Google servers. (GADRIVER-390)
  6. Corrected a class cast exception caused when adding values to a multivalued custom schema attribute. (GADRIVER-391)

KNOWN ISSUES

Google API servers will sometimes not process user changes in a timely fashion. This can result in user data models retrieved from the API servers to have old, out-dated (stale) information. Though the driver attempts to mitigate any harm from this, there will, at times, be cases where this stale data from Google will cause previously executed user updates to be reverted. This includes moves from or to OrgUnits, suspended state changes, and any attribute value changes. The set of phone numbers, addresses, email addresses, and Org attributes (such as title and department) are particularly vulnerable to this. The stale data issue is most often seen with multiple transactions on the same user object in rapid sequence, such as modify, rename, and move done in rapid sequence (around a second or so). If this happens frequently, it is recommended that the sequential events be spread out in time, either by adding other events in between or by adding a small delay in the driver channel. Further research and work into methods to detect and eliminate this problem are ongoing.

Due to apparent propogation delays within the G-Suite API services, it is not possible to set GmailSettings attribute values during use creation. Please set them at least five seconds after user creation to avoid errors from the Gmail API service.

At this time, setting values for GmailSettingsEnableIMAP and GmailSettingsEnablePOP does not appear to work. The driver can query, however modifications do not cause a change on the user object.