NetIQ iManager 2.7.7 Readme

January 2014

NetIQ iManager 2.7.7 includes new features and resolves several previous issues. You can upgrade to iManager 2.7.7 from iManager 2.7.6 or later, or perform a new installation. iManager 2.7.7 includes all fixes and features addressed in each iManager 2.7.6 Service Pack and Field Patches.

For a full list of all issues resolved in NetIQ iManager 2.7, including all patches and service packs, refer to TID 7010166, “History of Issues Resolved in NetIQ iManager 2.7”.

For more information about this release and for the latest release notes, see the iManager Documentation Web site. To download this product, see the Novell Downloads Web site.

1.0 What’s New

The following sections outline the key features and functions provided by this version, as well as issues resolved in this release:

1.1 Enhancements

This version of iManager includes the following features and enhancements:

  • Support for the following:

    • IPv6

    • Tomcat 7.0.42

    • Java 1.7.0_25

    • Google Chrome 28

    • Mozilla Firefox 22

    • TLSv1.2 support

  • XDAS auditing

  • Improved upgrade process

1.2 Software Fixes

This version of iManager includes software fixes that resolve several previous issues.

  • Objects created with extended characters are displayed without any issues.

  • In a custom plug-in, the default value of an attribute is not appended to the new value when the default value is modified.

  • The text area height is now resized from 32 rows to 8 rows.

  • You can configure cipher levels.

  • Exporting DER certificates works without any issues.

  • XSS vulnerability is fixed in ICE plug-in.

1.3 Platform Support

This version of iManager supports the following platforms:

Windows

iManager Server

  • Windows Server 2012 R2

iManager Workstation

  • Windows 8.1 Enterprise Edition (64-bit)

Linux

iManager Server

  • Red Hat Enterprise Linux Server 6.5 (64-bit)

  • Red Hat Enterprise Linux Server 5.10 (64-bit)

iManager Workstation

  • Red Hat Enterprise Linux Server 6.5 (32-bit)

  • Red Hat Enterprise Linux Server 5.10 (32-bit)

1.4 Browser Support

In this release, the following browsers are certified:

  • Mozilla Firefox 26, 25

  • Google Chrome 31, 30

  • Internet Explorer 11

2.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, contact Technical Support.

2.1 Identity Manager Plug-in Returns Java Script Error

After upgrading to iManager 2.7.7, when you use the Identity Manager plug-in to manage your driver sets or drivers, you receive a Javascript warning. If you navigate to another location, such as View Objects, you immediately return to the login screen.

This issue occurs when your browser caches iManager information that does not have the necessary tokens. To resolve this issue, clear your browser cache, and then log back in to iManager. (816973)

2.2 Tomcat Service Does Not Start After Upgrade

After upgrading to iManager 2.7.7 on a Windows Server 2012 computer, the Tomcat service might not restart automatically. You must manually restart the service. (817022)

2.3 Cannot Start iManager Workstation on an openSUSE Computer

To run iManager Workstation on a computer running version 12.2 or 12.3 of the OpenSUSE operating system, ensure the following OpenSUSE packages are installed:

  • libgtk-2_0-0-32bit

  • libXt6-32bit

  • libgthread-2_0-0-32bit

  • libXtst6-32bit

2.4 IPv6 Issues

The following IPv6-related issues are present in iManager 2.7.7:

Symantec Network Threat Protection Conflicts with IPv6

Symantec Network Threat Protection conflicts with IPv6 addresses. To use IPv6 addresses in iManager 2.7.7, you must disable Network Threat Protection. (829853)

Firefox Does Not Support IPv6

The Firefox browser does not support IPv6 addresses. To use IPv6 addresses in iManager 2.7.7, you cannot use the Firefox browser. (829853)

Import Convert Export Wizard Does Not Work for IPv6 Addresses

If your iManager installation uses IPv4 addresses, and you use the Import Convert Export Wizard to connect to an eDirectory installation that uses IPv6 addresses, the wizard fails to connect and displays the following error:

Unable to connect to the requested server. Verify the name/address and port.

To configure iManager to handle IPv6 addresses, complete the following steps:

  1. Open the catalina.properties file, and comment out the following lines:

    java.net.preferIPv4Stack=false
    
    java.net.preferIPv4Addresses=true
    

    NOTE:The java.net.preferIPv4Stack property applies to communication between iManager and eDirectory. The java.net.preferIPv4Addresses property applies to communication between browsers and iManager.

  2. Restart Tomcat.

  3. In iManager, click Roles and Tasks.

  4. Click LDAP > LDAP Options, and then select the View LDAP Servers tab.

  5. Select the LDAP server you want to configure and click the Connections tab.

  6. Under LDAP Server, add LDAP interfaces for the IPv6-format addresses, including the port numbers, as follows:

    ldap://[xx::xx]:389
    ldaps://[xx::xx]:636
    
  7. Click OK.

  8. Configure the Role-Based Services, then log out from the session and log in again.

(831049)

2.5 Tree View Issues

The following issues in the Tree tab of the Object View are present in iManager 2.7.7:

Tree View Does Not Save State Information

The Tree view does not save its state, including the current position within the tree, when you switch between the Tree view and the Browse/Search tabs. (266401)

Operations under View Objects Do Not Function Properly in Internet Explorer 10 Default Mode

When you click View objects, you cannot perform any pop-up related operations in Tree view, Browse, and Search tabs.

To workaround this issue, launch Internet Explorer 10 in compatibility mode.

2.6 iManager Does Not Support the Metro User Interface View in Internet Explorer 10 on Windows 7 and 8

iManager 2.7.7 does not support metro user interface view for Internet Explorer 10.0 in Windows 7.0 and 8.0 versions.

2.7 File Not Found Error with RHEL Platform

While installing the latest eDirectory plug-in on RHEL 5.8 (64-bit), iManager returns the following exception message:

File not found exception message

To workaround this issue, restart Tomcat.

2.8 Unsupported Platform Error with RHEL 6.5 and RHEL 5.10

While installing iManager 2.7.7 on RHEL Server release 6.5 and RHEL Server release version 5.10, the installer displays a warning message stating that the platform is unsupported.

To workaround this issue, include Redhat Enterprise Linux Server release 6.5 and Redhat Enterprise Linux Server release 5.10 in the platforms.xml file. For more information about installing iManager on unsupported platforms, see Installing iManager on Unsupported Platforms in the NetIQ iManager Installation Guide.

2.9 iManager Dependency on Novell Client with NMAS Support - iManager

iManager requires NMAS support to be installed on the Windows system on which iManager is installed. It does not require the Novell Client. If you are going to use the Novell Client, iManager requires a version with NMAS support.

2.10 Newly Added Members to a Dynamic Group Are Not Displayed in the Corresponding Fields

When you access iManager by using an IPv6 address and then add new members to a dynamic group, the members are not displayed in the Included Members and All Members fields.

To work around this issue, you can configure LDAP by using iManager or the eDirectory command prompt.

Configuring LDAP by Using iManager

To configure LDAP by using iManager, complete the following steps:

  1. Install eDirectory 8.8 SP8.

  2. In iManager, go to Roles and Tasks list, and then click LDAP > LDAP options.

  3. Click the View LDAP Servers tab, then select the appropriate server.

  4. On the LDAP Server page, click the Connections tab, add a new LDAP server (for example, ldaps: [ipv6_address]:LDAP_SSL_PORT) in the LDAP Interfaces field, then click OK.

  5. Click Apply, then click OK.

Configuring LDAP Using the eDirectory Command Prompt

To determine whether LDAP is configured for IPv6, enter the ldapconfig get command in the eDirectory command prompt. The following values are listed in the result if LDAP is configured:

ldapInterfaces: ldaps://[ipv6_address]:LDAP_SSL_PORT
Require TLS for Simple Binds with Password: yes

If LDAP is not configured, enter the following command to configure it:

ldapconfig set "ldapInterfaces= ldaps://[ipv6_address]:LDAP_SSL_PORT"

2.11 Groups Plug-in Does Not Handle Unspecified Addresses in ldapInterfaces

The Groups plug-in reports an error if there are unspecified addresses in the ldapInterfaces attribute of the LDAP server.

During installation or configuration, eDirectory automatically configures the LDAP server to listen on all available interfaces by adding ldap://:389 and ldaps://:636 to the ldapInterfaces attribute. The plug-in interprets these values incorrectly and tries to connect to the LDAPS port on the iManager server computer. The connection fails, and the Groups plug-in displays the following error messages:

Unable to obtain a valid LDAP context.
Creating secure SSL LDAP context failed:
localhost:636

To work around this issue, remove unspecified addresses and add specific IP addresses to ldapInterfaces. (838833)

2.12 Novell Logo Appears in the iManager Login Page After Upgrading to NetIQ iManager 2.7.7

Novell logo appears in the iManager Login page after upgrading it from previous versions to iManager 2.7.7.

To workaround this issue, clear the browser cache and relaunch iManager.

2.13 Base Content is Displayed After Upgrading to iManager 2.7.7 on Windows Platform

When iManager 2.7.6 is upgraded to iManager 2.7.7, iManager Base Content is displayed in the Available NetIQ Plug-in Modules list. Though it appears in the list of available plug-ins, the Base Content is installed during the upgrade process.

It is safe to ignore it and continue working on iManager because it does not affect the iManager functionality in any way. However, if you do not want the Base Content to display in the list, select iManager Base Content, click Install, and then restart Tomcat.

2.14 iManager Login Fails if NICI 2.7.6 is Installed On Windows Workstation

iManager 2.7.7 fails to login and displays the following error message, if you have installed NICI 2.7.6:

Unable to create AdminNamespace.java.lang.NoClassDefFoundError: Could not initialize class novell.jclient.JClient

To workaround this issue, remove NICI 2.7.6 using the Add or Remove Programs option in Control Panel and then install NICI 2.7.7, which is available in the iManager 2.7.7 build.

2.15 Plug-ins Selected from Local Disk are Not Listed in the Installation Summary

While installing iManager 2.7.7 plug-ins, the ones selected from the local disk are not listed in the Installation Summary page, whereas the plug-ins selected from the NetIQ download page are listed.

However, the plug-ins selected from the local disk are installed even though they are not listed in the Installation Summary page.

2.16 IDM Plug-in Does Not Work in iManager 2.7.7

IDM plug-in does not work in iManager 2.7.7, if you have selected both IDM plug-in and SecretStore plug-in while installing iManager.

To workaround this issue, select only IDM plug-in while installing iManager. Alternatively, install IDM plug-in by using the iManager UI, and then install SecretStore plug-in separately.

2.17 Some Plug-ins Are Not Listed in the Available NetIQ Plug-in Modules Page

In the standalone iManager 2.7.7 Patch 1 release, the following plug-ins are not listed in the Available NetIQ Plug-in Modules page:

  • DNS Management

  • DNSDHCP

  • FTP

  • Novell iFolder 3

  • iPrint Linux Management Plug-in

  • iPrint Management Plugin for Netware

  • LinuxUserManagement Module

  • DHCP Management for NetWare

  • NetStorage Management

  • DHCP OES Linux

  • QuickFinder Server Management

  • SMS Module

This is because the fix provided for preventing Cross-Site Request Forgery (CSRF) attack breaks these plug-ins.

3.0 Legal Notice

NetIQ Corporation, and its affiliates, have intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents and one or more additional patents or pending patent applications in the U.S. and in other countries.

THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.

For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.

This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.

U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.

© 2013 NetIQ Corporation and its affiliates. All Rights Reserved.

For information about NetIQ trademarks, see http://www.netiq.com/company/legal/.