December 13, 2011
This document contains the known issues for Novell Identity Manager version 3.6.1.
This Readme contains the known issues for Identity Manager version 3.6.1. In addition to this Readme, separate Readmes are available for Designer 3.5 and the User Application Roles Based Provisioning Module:
Additional documentation resources are also available for the following:
The following sections provide information for known issues at the time of the product release.
The following sections describe issues you might encounter during installation of the Identity Manager Metadirectory engine and drivers.
If you are using a previous version of Identity Manager, manually copy the files.
You should ignore the given options to install in other languages.
When you install Identity Manager 3.6.1 on Red Hat 5.0 and SLES 11, the installation program might exit without finishing, and give the following console message:
/tmp/install.dir.3693/Linux/resource/jre/bin/java: symbol lookup error: /tmp/lib/libspmclnt.so: undefined symbol: DDCDuplicateContext
Work around: This is one-time error. Re-run the installation program.
During the installation of the metadirectory engine, drivers, and utilities, Identity Manager 3.6.1 installation stops and does not display any errors.
Work around: Re-run the installation program.
Because the user variables such as %USERPROFILE%\Local Settings\Temp and %USERPROFILE%\Local Settings\Temp are not available in the environment variables on the server, the Identity Manager 3.6.1 installer cannot find any files in the tmp/temp directory.
Work around: Define the user variables and ensure that the temp/tmp directory resides in the C: drive.
When you install Identity Manager 3.6.1 on Solaris, on some French locales, the installation fails displaying the following error:
JClient introuvable/version de JClient non prise en charge Installez la version appropriée de JClient avant d'installer le serveur méta-annuaire IDM.
The following is a list of French locales on which the Identity Manager installation fails:
Work around: In the installation terminal session, change the existing locale to a working locale:
Set locale in the terminal.
In the terminal, run the following command to get a list of available locales:
Select the desired locale and run the following commands:
export LANG LC_ALL
Run the following command to start the Identity Manager installation:
Selectfrom the drop down list in the splash screen.
When installing to AIX 5L version 5.3 with eDirectory 8.8.5, the only supported AIX maintenance level is 5300-09. Newer or older maintenance levels are not supported.
When upgrading from an earlier version of Identity Manager on the Windows* platform, you should use the same Administrator account that was used to install eDirectory. For example, if a domain Administrator account was used to install eDirectory, you should use the domain Administrator account again when installing Identity Manager and not use a local Administrator account.
If you do not use the same Administrator account, users’ answers for their Challenge Response questions are no longer accessible. This occurs because the tree key is re-created during the installation (because of the different Administrator account) and the new tree key does not provide the correct access to the stored answers. Users are prompted for new Challenge Response answers when they log in.
Work around: For successful installation of Identity Manager, do the following:
Create the following symbolic links:
/var/sadm/pkg/NDSserv that points to /var/sadm/pkg/NDSservx
/%path to%/eDirectory/setup/NDSserv.pkg that points to /%path to%/eDirectory/setup/NDSservx.pkg
For example: /export/home/installs/eDirectory/setup/NDSserv.pkg that points to /export/home/installs/eDirectory/setup/NDSservx.pkg
Run the following commands to make sure that the symbolic links, which you have created in Step 1, work:
The commands return the eDirectory version if valid.
Re-install Identity Manager.
You cannot install the Linux/UNIX Bidirectional driver on a Solaris zone that contains a read-only /usr partition. If you select the driver for installation, IDM installer reports an error.
On Windows, if you have installed eDirectory in a non-default location with a non-default location of dib files, and install Identity Manager, the installation completes with errors. The errors occur because of the schema extension failure.
Work around: You must manually extend the schema as follows:
After installing Identity Manager, stop eDirectory.
Run the following command to extend the schema:
<eDirLocation>\schemaStart.bat <eDirLocation> yes <admin name with tree> <password> yes 6 " " " <schemafileName>" "<serverName>" <dibPathLocation>
NOTE:<dibPathLocation> must contain the DIBFiles folder.
C:\eDir\NDS\schemaStart.bat "C:\eDir\NDS" yes ".cn=admin.o=n.T=IDM-INSTALLISSUE." "n" yes 6 " " "C:\eDir\NDS\sch_nt.cfg" ".CN=WIN2008-64-NDS.O=n.T=IDM-INSTALLISSUE." "C:\DIB\NDS\DIBFiles"
Extend the Role-Based schema files srvprv.sch and nrf-extensions.sch. For this, you should use the eDirectory NDS console.
From the NDS console, start the Novell eDirectory Install Utility (install.dlm service) and click .
Selectand click .
Specify the Administrative User Name, Context, and Password in the corresponding fields and click.
Browse for the schema file srvprv.sch from eDirectory installation location (for example, C:\novell\nds) and Click .
Extend the nrf-extensions.sch schema file by following the steps 1 through 4.
Work around: Install eDirectory and IDM in the following sequence:
Install eDirectory 8.8.5.
Install IDM 3.6.1.
Install eDirectory 8.8.5 FTF1.
Configure a driver and start it.
While upgrading from eDirectory 8.8 SP5 64-bit to eDirectory to 8.8 SP6, the new Platform Agent RPM is not automatically installed. You must install the new Platform Agent to avoid the creation of multiple ndsd processes:
Remove the previously installed Platform Agent.
Manually add the new Platform Agent.
The following section describes issues you might encounter as you use the Remote Loader.
On Windows 2008 Server Core, in the Remote Loader console, when you click, the corresponding help page is not displayed.
Work around: Install a browser (for example, Internet Explorer) on your machine and clickin the Remote Loader console.
Sometimes while starting a Remote Loader instance from the Remote Loader console, the following error message is displayed:
Socket Error: Permission Denied
Work around: Do one of the following:
Restart the machine.
Change the Remote Loader instance command port.
Work around: Run the following commands:
Stop the Remote Loader if it is running.
Stop the LCache process.
kill -9 ‘pgrep lcache‘
Start the Remote Loader.
The errors occur because the Roles Service driver is not installed. However, Roles Service driver cannot work with Remote Loader.
The following section describes issues you might encounter as you use the Identity Manager drivers.
The currently supported version of JCO for SAP HR driver is 2.1.8. SAP HR driver does not work on Windows Server 2008 because JCO 2.1.8 does not support Windows Server 2008.
The upgrade operation fails when you upgrade JDBC driver from a version earlier than 3.5.1, to the version 3.5.1 or later.
The operation fails because of one of the following reasons:
The driver could not read the metadata of tables by using the mysql-connector-java-3.1.11-bin.jar driver classes.
You could not get the information from state files because the serialVersionUID of the class JDBMKeyComparator has changed after the upgrade.
Work around: The following are the work arounds which are based on the reasons for the upgrade failure:
Upgrade the third party driver class from mysql-connector-java-3.1.11-bin.jar to mysql-connector-java-5.1.6-bin.jar.
Delete the state files and restart the driver.
While running the LDAP driver, core dump is caused by java during compilation by the Just In Time (JIT) compiler, with the following error in hs_err_<pid> file.
C2:952 ! com.novell.nds.dirxml.driver.ldap.LDAPPublisher.processModifyValue
Sample core stack:
#0 0xffffe410 in __kernel_vsyscall () #1 0xb7b8c8d0 in raise () from /lib/libc.so.6 #2 0xb7b8dff3 in abort () from /lib/libc.so.6 #3 0x064fa73b in os::abort () from //opt/novell/eDirectory/lib/nds-modules/jre/lib/i386/server/libjvm.so #4 0x065ed0d1 in VMError::report_and_die () from //opt/novell/eDirectory/lib/nds-modules/jre/lib/i386/server/libjvm.so #5 0x064ff659 in JVM_handle_linux_signal () from //opt/novell/eDirectory/lib/nds-modules/jre/lib/i386/server/libjvm.so #6 0x064fc648 in signalHandler () from //opt/novell/eDirectory/lib/nds-modules/jre/lib/i386/server/libjvm.so #7 <signal handler called> #8 0x0625665c in PhaseChaitin::gather_lrg_masks () from //opt/novell/eDirectory/lib/nds-modules/jre/lib/i386/server/libjvm.so #9 0x06255bb5 in PhaseChaitin::Register_Allocate () from //opt/novell/eDirectory/lib/nds-modules/jre/lib/i386/server/libjvm.so #10 0x062a2acd in Compile::Code_Gen () from //opt/novell/eDirectory/lib/nds-modules/jre/lib/i386/server/libjvm.so #11 0x0629f950 in Compile::Compile ()
Work around: Disable the JIT compiler by using the following methods:
Log in to iManager.
Click to display the Identity Manager Administration page.
In thelist, click .
Under thetab, click the driver set to open the Driver Set Overview Page.
Click themenu, then click .
Clickto display the property page that contains the Java environment parameters.
Setunder to contain the following:
Restart eDirectory for the environment parameters to take effect.
Open your project in the Modeler.
Right-click the driver set icon , then click.
Selectfrom the list.
Setunder to contain the following:
Right-click the driver set icon , then clickto update the changes.
Restart eDirectory for the environment parameters to take effect.
The following sections describe issues you might encounter as you use the Identity Manager:
Work around: For better performance of Identity Manager on Windows, enable Write Caching on the disk as follows:
Right-click the drive, on which eDirectory/Identity Manager is installed, and click.
If password sync filter is installed on a 64-bit machine having Remote Loader 3.5.1, the password sync fails. It returns the error that password sync is not installed on the domain.
Work around: Add HKEY_LOCAL_MACHINE\SOFTWARE\NOVELL\Pwfilter file.value to the
When you start Identity Manager 3.6.1 on Solaris 10, you might sporadically encounter the unsatisfied link error.
Work around: From /opt/novell/eDirectory/lib/, manually delete the following zero-size files:
The following sections describe issues you might encounter as you use iManager.
When you are in iManager, particularly the Policy Builder, Internet Explorer* 7 continually prompts you for access to the Clipboard. To disable prompting:
Click thetab, then click .
Click> , then select .
After you restart Internet Explorer, the prompting stops.
If you want to use the NDS-to-NDS Driver Certificates Wizard, you must download and install the iManager plug-in for Novell Certificate Server.
The following sections describe issues you might encounter related to eDirectory:
When running Identity Manager on AIX with eDirectory 8.8.5, you need to increase the eDirectory stack size.
Increase the stack size:
ldedit -b maxstack=0x10000000 /opt/novell/eDirectory/sbin/ndsd
When installing 32-bit eDirectory 8.8.5 on servers that use AMD Opteron* (X86_64) processors, the installation generates a segmentation fault during installation of NICI (Novell International Cryptographic Infrastructure) and NICI is not installed properly.
Novell Support can provide a patch to fix this issue. For information, see Technical Information Document 7000979.
This issue occurs if the query performed uses an index that has been created with eDirectory versions 8.8.5 patch6 or 8.8.6 patch2. These eDirectory versions create indexes with AncestorsID information.
There are two possible workarounds for this issue:
Modify the query that uses a sub-tree search to use base container for the search if your requirements can be fulfilled with a base search.
Upgrade eDirectory to 8.8.6 patch3 or a patch later than eDirectory 8.8.5 patch6. If the index has been created with eDirectory 8.8.5 patch6 or 8.8.6 patch2, delete the index that the query is using, then create it again. By creating index with 8.8.6 patch3, the AncestorsID is not automatically added. This holds true for later patches of eDirectory 8.8.5 as well.
The issue does not occur if the query uses an index that has been created with an older version of eDirectory, even if the query is performed against a server running eDirectory 8.8.5 patch6 or 8.8.6 patch2.
You might encounter the following issues during uninstallation of the Identity Manager Metadirectory engine and drivers.
Identity Manager 3.6.1 uninstallation fails without removing any installed files. A Null Pointer exception is reported. The issue occurs if:
You haven’t properly installed iManager.
You have partially installed iManager plug-ins for Identity Manager.
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.
A trademark symbol (®, ™, etc.) denotes a Novell® trademark; an asterisk (*) denotes a third-party trademark.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page and one or more additional patents or pending patent applications in the U.S. and in other countries.
For Novell trademarks, see the Novell Trademark and Service Mark list.
All third-party trademarks are the property of their respective owners.