This document contains the known issues for Novell Identity Manager 4.0.2.
The following sections provide information on known issues at the time of the product release.
You might encounter the following issues during the installation of the Identity Manager framework installer:
Ensure that the specified path doesn’t contain any spaces.
You cannot install the Linux/UNIX Bidirectional driver in a Solaris zone that contains a read-only/usr partition. If you select the driver for installation, the Identity Manager framework installer reports an error.
If Platform Agent is already installed on a computer where you are installing Identity Manager, the Identity Manager installer will replace it. However, if the Platform Agent version installed on the computer is higher than 2.02-62, it is downgraded to 2.02-62 version.
To workaround this issue, reinstall the latest version of Platform Agent after the Identity Manager installation is complete.
If you install Identity Manager 4.0.2 on a computer running eDirectory 8.8 SP8, the installer displays the following error:
Valid version of NMAS not found
The error message states NMAS 8.8.8 is not a valid version and asks if you want to proceed with the installation process. Ignore the error, and proceed with the installation. The installation completes successfully.
Though Identity_Manager_4.0.2_Solaris_Advanced.iso includes User Application, Novell does not support installing it on Solaris.
You might encounter the following issues when you use the Identity Manager integrated installer:
You cannot use UNC paths for installation and configuration when you use the Identity Manager integrated installer (for example, \\myserver\share\Identity_Manager_4.0.2_Windows_Enterprise).
To workaround this issue, create an actual mapped drive.
The integrated installer does not perform a health check before the secondary server addition.
You must run ndscheck command if you are adding secondary server through the integrated installer. On Windows, run the ndscheck command from the <install location>\NDS folder. On Linux/Solaris, run it from the /opt/novell/eDirectory/bin/ndscheck directory. Specify the mandatory parameters and run the command as follows:
ndscheck [-h <hostname port]>] [-a <admin FDN>] [[-w <password>]
NOTE:Running the ndscheck command on Windows causes eMbox warnings to display on the screen. Don't treat these warnings as eDirectory health check failure. It is safe to ignore them.
The configuration fails with an exit value of 13. For a successful configuration of RBPM and Identity Reporting Module, ensure that the number of open connections for the server is increased from a default value of 1024 before configuration is started.
To increase the open connections upto 4096, execute the ulimit -n 4096 command in the terminal where configuration is invoked. Ensure that your console terminal shows open files (-n) 4096 when you run the ulimit -n command.
This attribute is not listed under
in iManager. To workaround this issue, perform the following steps:Select authsamlProviderID in the
list and move it to the list by clicking on the left arrow.In the input field, enter a value in the following format:
cn=<Name of the SAML Object>
For example:
cn=SCCp16ouo,cn=nids,ou=accessManagerContainer,o=novell
This behavior occurs only on the Windows server platform when Access Manager creates the SAML authorization object.
This warning is displayed only on Solaris. It is safe to ignore the warning and continue with the installation.
You might encounter the following issue as you use the Identity Manager drivers:
At times, you cannot select drop-down options when creating or configuring a driver. To workaround this issue:
Click the drop-down menu and continue to hold the left mouse button until the desired option is highlighted.
Release the left mouse button to select the option.
You cannot create an entitlement policy in Identity Manager with eDirectory 8.8 SP8.
To work around this issue, go to IP is appended to the existing port values.
> > and change the existing values of the port to ldap://IP:389 and ldaps://IP:636. Note thatAfter applying Novell Identity Manager 4.0.2 Patch 4, Office 365 driver does not start.
To workaround this issue, change the order of supportedRuntime version (specify the lower version before the higher version) in the RemoteLoader.exe.config file and the RemoteLoaderSvc.exe.config files, as shown in the following code snippet:
<?xml version="1.0"?>
<configuration>
<runtime>
<NetFx40_LegacySecurityPolicy enabled="true"/>
</runtime>
<startup>
<supportedRuntime version="v2.0.50727"/>
<supportedRuntime version="v4.0.30319"/>
</startup>
</configuration>
You might encounter the following issues when you use the Identity Reporting Module:
If you remove an attribute that was added to the Data Collection Service driver filter policy, the attribute is not removed from the extended attributes tables (idmrpt_ext_attr, which tracks the attributes) and no data is removed from the idmrpt_ext_item_attr table.
In Firefox, if the
on the Calendar page are set to show 1 week, clicking Today displays a day one week ahead of today.To see today’s schedule in the Calendar page, press the up-arrow to go back one week. This issue does not occur in Internet Explorer.
Under the following circumstances, the logevent.conf is overwritten without prompting during the installation of the reporting module:
There is already a logevent.conf file in /etc/ directory.
EAS is installed on the same machine.
During the reporting installation, you replace the value of localhost
and enter the machine's actual IP address for the EAS server.
To workaround this issue, manually update the /etc/logevent.conf file after the installation is complete.
If EAS is remotely installed and you want to test the connection to EAS during the Identity Reporting Module installation, the parent directory of your chosen install directory must exist prior to running the installation. Without an existing parent directory, the installation directory cannot be created in order to write the JDBC JAR file used for testing the connection. For example, if you are installing the Identity Reporting Module to /opt/novell/IdentityReporting, ensure that the /opt/novell directory exists before beginning the installation.
This problem has only been observed on WebSphere.
When you add an application in the Reporting Module, you might notice that a valid certificate is not properly converted. The following actions might cause this problem to occur:
Log in to the Identity Reporting Module with valid credentials.
Navigate to the Applications page and click the
button.Fill in all the mandatory fields and browse for the certificate by selecting the
check-box and clicking .The certificate should be converted, but this does not occur.
To workaround this issue, copy and paste the content of the certificate into the text area on the form.
You cannot modify the frequency of a schedule. To change the frequency (from week to month, for example), delete the schedule and create a new one.
In the Identity Reporting Module, if an .rpz file is downloaded by using the Internet Explorer browser, the file might change its extension from.rpz to .zip file format. This change does not cause any issues. The Reporting Module correctly handles the upload and import of the reports with the .zip file extension.This issue is not reported on Firefox.
If you use Internet Explorer browser in HTTPS to access the Reporting Module, the following pop-up message is displayed:
Do you want to view only the webpage content that was delivered securely? This webpage contains content that will not be delivered using a secure HTTPS connection, which could compromise the security of the entire webpage.
If you select http://. This behavior is not observed with FireFox.
, the login screen for the Reporting Module does not appear. You must select . The behavior is observed because the download site for the new reports only supports the HTTP protocol. The link to that site is constructed if you useYou might encounter the following issues when you use the Roles Based Provisioning Module:
In Firefox or Dojo, if you attempt to copy text in the Detail portlet, an error message is displayed.
The following actions cause this message to appear:
Log in to the User application as administrator and go to the
tab.Click
in Portlet Applications.Click
.Click the
icon and enter some sample text, such as “TEST”.Select the text and click the
icon.If you follow these steps, you see the following error message:
“Exception... "Access to XPConnect service denied" code: "1011" nsresult: "0x805303f3 (NS_ERROR_DOM_XPCONNECT_ACCESS_DENIED)" location: "http://172.16.1.99:8180/IDMProv/resource//portal-general/javascript/html_editor.js Line: 531" ” when clicked on Copy button.
You might also see this message when performing cut and paste operations.
The Roles Based Provisioning Module reports provided under
on the tab have been deprecated from Identity Manager 4.0 onwards. These reports will be removed in a future release.On WebSphere, if you create a new user with a slash (/) or backslash (\) in the name, the user cannot log in to the User Application. For example, if you create a user as /Test// from the page, an error is displayed when the new user tries to log in to the User Application.
If you redeploy the User Application driver from Designer after running the integrated installer, the trustees for the Attestation Report provisioning request definitions are deleted and no one can execute the report. This is because the trustees are added to the Attestation Report provisioning request definitions when the User Application starts. Because Designer does not know about the trustees, an attempt to redeploy the User Application driver from Designer removes the trustees. Therefore, you need to import these objects from eDirectory after User Application startup to synchronize the trustees.
If you install PostgreSQL on a server that is set up with Simplified Chinese as the number format (by using
), PostgreSQL does not install successfully. Ensure that the Simplified Chinese Number format is changed on the server where you are installing PostgresSQL.When the User Application is accessed in a language other than the default language (for example, accessing in Spanish while the default language is set to English), if a resource is added to a role, ensure that a value is supplied for the default language in the
field. To do this, press the button after the field and enter a value in the language that is marked with the (the default language). If a value is not entered for the default language, you get an error and you cannot add the resource to the role.If an administrator deletes a role that requires a workflow after a user has made a role request, the workflow addressee for the role request still sees the workflow in the Task List and be able to approve or deny the request.
When the User Application is deployed on WebSphere 7, if you access a Web Service home page either directly or from the Administration page, you see a broken image on the page. It also throws a java.lang.NullPointerException in the SystemOut.log file. However, there is no loss of functionality. You can still download the WSDL file and use the Web Services.
If you create the tables for the User Application during installation, you might still see messages in the log that indicate that the database is being updated at start-up time when you start the User Application. This is caused by a limitation in Liquibase 2.0.1.
To workaround this issue, set the create-db-on-startup parameter to false in the web.xml file, as shown below:
<init-param> <param-name>create-db-on-startup</param-name> <param-value>false</param-value> </init-param>
Novell provides the JBossPostgreSQL utility as a convenience. If your company does not already provide an application server and a database server, you can use the JBossPostgreSQL utility to install an Open Source version of these components. By running this utility, you can install these components without having to download them separately. If you need support, go to the third party provider of the component. Novell does not provide updates for these components, or administration, configuration, or tuning information for these components, beyond what it is outlined in the RBPM documentation.
You might encounter the following issue as you use Role Mapping Administrator.
When you make changes to the active profile in the Role Mapping Administrator configuration page, all the cached authorizations are cleared from the database. You must reload the authorizations after changes are made to the active profile. For more information, see loading authorizations in the Identity Manager Role Mapping Administrator 4.0.2 User Guide.
A Stack Overflow message is displayed if you enter a wrong password on the SSPR Web page when SSPR is invoked using the Client Login Extension.
You can simply click
and continue working. It is safe to ignore the message.You might encounter the following issues during uninstallation of the Identity Manager engine and drivers.
On Windows, the jar files from the lib directory are not removed. On Solaris, the DXMLnotes.pkg is not removed. You need to remove them manually.
If you select Brazilian Portuguese, Danish, Dutch, English, French, German, Italian, Swedish, Spanish, or Russian as your choice of language for installing Identity Manager, the installer displays corrupt characters during installation.
If you select English, the installer contains a corrupt character on the Select Language page of the installation program. However, the characters display correctly for the Asian languages when the installer is run on Asian Windows.
For the characters to display correctly, ensure that you change the default font of your Windows machine to Lucida Console by using the following steps before installing Identity Manager:
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage and change the OEMCP value from 850 to 1252.
For Russian, change the OEMCP value from 866 to 1251 in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\CodePage directory.
Go to cmd in the text box, then press Enter to launch the command prompt.
, typeRight-click the title bar of the cmd window to open the pop-up menu.
Scroll down in the pop-up menu and select the
option to open the Console Windows Properties dialog box.Click the Raster to Lucida Console ( ).
tab and change the default font fromClick
.Restart the machine.
A Microsoft Visual C++ 2005 Redistributable error message displays when Identity Manager is installed on Russian Windows 2008 SP2. When you click
in the error message, the installation completes successfully.To avoid this error, visit the Microsoft support site and run the steps specified in the Let me fix it myself section of the online page.
Ensure that you install the following libraries before installing Identity Manager on RHEL 6.0:
For GUI Install: Before invoking the Identity Manager installer, manually install the dependant libraries.
For a 64-bit RHEL: Install the following libraries in the same order:
libXau-1.0.5-1.el6.i686.rpm
libxcb-1.5-1.el6.i686.rpm
libX11-1.3-2.el6.i686.rpm
libXext-1.1-3.el6.i686.rpm
libXi-1.3-3.el6.i686.rpm
libXtst-1.0.99.2-3.el6.i686.rpm
glibc-2.12-1.7.el6.i686.rpm
libstdc++-4.4.4-13.el6.i686.rpm
libgcc-4.4.4-13.el6.i686.rpm
compat-libstdc++-33-3.2.3-69.el6.x86_64.rpm
compat-libstdc++-33-3.2.3-69.el6.i686.rpm
For a 32-bit RHEL: Install the following library:
compat-libstdc++-33-3.2.3-69.el6.i686.rpm
For Package Install on RHEL 6.x: Before invoking the Identity Manager installer, you must manually setup a repository for the installation media.
(Conditional) If you are copying the ISO to the server, run the following command:
#mount-o loop <path to iso>/mnt/rhes62
(Conditional) If you are copying to a CD or a DVD, and to the server, run the following command:
#mount /dev/cdrom/mnt/rhes62
(Conditional) If you have mounted the ISO, create a repository file in the /etc/yum.repos.d location and perform the following configuration steps:
#vi/etc/yum.repos.d/rhes.repo [redhat-enterprise] name=RedHat Enterprise $releasever - $basearch baseurl=file:///mnt/rhes62/ enabled=1
(Optional) If you are using an installation server, configure the following in vi /etc/yum.repos.d/rhes.repo:
[redhat-enterprise] name=RedHat Enterprise $releasever - $basearch baseurl=<url to the installation source> enabled=1
Run the following commands after setting up the repository:
# yum clean all # yum repolist # yum makecache
To install the 32-bit packages, change “exactarch=1” to “exactarch=0” in the /etc/yum.conf file.
Install the GPG key by using the rpm import <path / url> to RPM-GPG-KEY-redhat-release command:
# rpm --import /mnt/rhes62/RPM-GPG-KEY-redhat-release
or
# rpm --import http://<url>/RPM-GPG-KEY-redhat-release
(Optional) To install the required packages for Identity Manager 4.x, execute the following script:
#!/bin/bash PKGS="libXau.i686 libxcb.i686 libX11.i686 libXext.i686 libXi.i686 libXtst.i686 glibc.i686 libstdc++.i686 libgcc.i686 compat-libstdc++-33.i686 compat-libstdc++-33.x86_64" for PKG in $PKGS ; do yum -y install "$PKG" done
NOTE:The script cannot locate the compat-libstdc++-33.x86_64 library in the 32-bit repository unless you have modified the 64-bit repository and installed the RPM separately.
For Non-GUI Install: Before invoking the Identity Manager installer, manually install the dependant libraries.
For a 64-bit RHEL: Install the following libraries in the same order:
glibc-2.12-1.7.el6.i686.rpm
libstdc++-4.4.4-13.el6.i686.rpm
libgcc-4.4.4-13.el6.i686.rpm
compat-libstdc++-33-3.2.3-69.el6.x86_64.rpm
compat-libstdc++-33-3.2.3-69.el6.i686.rpm
For a 32-bit RHEL: Install the following library:
compat-libstdc++-33-3.2.3-69.el6.i686.rpm
NOTE:Ensure that the unzip rpm is installed before installing Identity Manager. This applies to all Linux platforms.
To workaround this issue, manually start JBoss after system reboot.
To workaround this issue, manually start the Role Mapping Administrator service after completing the Identity Manager installation.
The upgrade replaces the JRE folder but deletes all custom certificates from it. For example, the certificates are placed in the /opt/novell/eDirectory/lib64/nds-modules/jre/lib/security/cacerts directory on 64-bit Linux platforms.
To work around this issue:
Save the CA certificates in a custom location.
Upgrade Identity Manager 4.0.1 to 4.0.2.
Copy the certificates back to the JRE directory depending on your platform.
After the upgrade, verify the JRE version is 1.6.0_31.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2013 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
For Novell trademarks, see the Novell Trademark and Service Mark list.
All third-party trademarks are the property of their respective owners.