NetIQ iManager 2.7.7 Patch 4 includes new features and resolves several previous issues. The installation program provides the ability to upgrade from iManager 2.7.7 or later to the latest version or perform a new installation.
For a full list of all issues resolved in NetIQ iManager 2.7, including all patches and service packs, refer to TID 7010166, “History of Issues Resolved in NetIQ iManager 2.7”.
The following sections outline the key features and functions provided by this version, as well as issues resolved in this release:
This version of iManager includes the following features and enhancements:
Support for the following:
Google Chrome 40
Mozilla Firefox 34
Improved upgrade process
This version of iManager includes software fixes that resolve several previous issues.
Objects created with extended characters are displayed without any issues.
In a custom plug-in, the default value of an attribute is not appended to the new value when the default value is modified.
The text area height is now resized from 32 rows to 8 rows.
You can configure cipher levels.
Exporting DER certificates works without any issues.
XSS vulnerability is fixed in ICE plug-in.
This version of iManager supports the following platforms:
Windows Server 2012 R2
Windows 8.1 Enterprise Edition (64-bit)
Windows 7 Service Pack 1 (SP1)
Red Hat Enterprise Linux Server 6.5 (64-bit)
Red Hat Enterprise Linux Server 5.10 (64-bit)
Red Hat Enterprise Linux Server 5.11 (64-bit)
Red Hat Enterprise Linux Server 6.6 (64-bit)
SUSE Linux Enterprise 12 (64-bit)
NOTE:Install libXtst6-32bit for SUSE Linux Enterprise 12 (64-bit) as a prerequisite.
Red Hat Enterprise Linux Server 6.5 (32-bit)
Red Hat Enterprise Linux Server 5.10 (32-bit)
Red Hat Enterprise Linux Server 6.6 (32-bit)
openSUSE 13.2 (32-bit)
openSUSE 13.2 (64-bit)
SUSE Linux Enterprise Desktop 12 (64-bit)
NOTE:For iManager workstation to work on openSUSE 13.2 (32-bit), openSUSE 13.2 (64-bit), and SLE 12 Desktop install the following rpms:
This patch release adds support to the following browsers, in addition to the browsers introduced in iManager 2.7.7 Patch 1 or earlier releases:
Mozilla Firefox 34, 33, 32, 26, 25
Google Chrome 40, 39, 38, 37, 31, 30
Microsoft Internet Explorer 11
Apple Safari 8 and 7.0.6
iManager managing eDirectory servers is not supported with NAT network address translation.
To configure NAudit for Linux, do the following:
Install iManager 2.7.7 Patch 4.
Login to iManager and navigate to> > and click .
Select, and select the required iManager events to audit.
From eDirectory 8.8.8 Patch 5 installation package, install Platform Agent.
Modify the logevent file depending on your platform.
Linux: Do the following actions:
Edit the following entries in the logevent.conf file from the /etc/ location:
LogHost=IP_Address_of_secure_logging_server JLogCacheDir=/var/opt/novell/naudit/jcache JLogCachePort=1287 LogCachePort=1288 LogJavaClassPath=/var/opt/novell/iManager/nps/WEB-INF/lib/NAuditPA.jar LogMaxBigData=8192 LogEnginePort=1289 LogCacheUnload=no LogCacheSecure=no LogCacheLimitAction=keep logging
Manually create the naudit folder in the /var/opt/novell/ location.
Grant novlwww user permission for the /var/opt/novell/naudit folder by running the following command:
chown -R novlwww:novlwww naudit/
Windows: Edit the following entries in the logevent.cfg from C:\windows location:
LogHost=IP_Address_of_secure_logging_server JLogCacheDir=C:\Program Files\Novell\Nsure Audit\jcache JLogCachePort=1287 LogCachePort=1288 LogJavaClassPath=C:\Program Files (x86)\Novell\Tomcat\webapps\nps\WEB-INF\lib\NAuditPA.jar LogMaxBigData=8192 LogEnginePort=1289 LogCacheUnload=no LogCacheSecure=no LogCacheLimitAction=keep loggin
Depending on the platform, uncomment the appender file as follows:
Linux: Uncomment <appender-ref ref="NAUDIT_APPENDER"/> entry in the imanager_logging.xml located in /var/opt/novell/iManager/nps/WEB-INF/ directory.
Windows: Uncomment <appender-ref ref="NAUDIT_APPENDER"/> entry in the imanager_logging.xml file from C:\Program Files (x86)\Novell\Tomcat\webapps\nps\WEB-INF\directory.
Verify if the events are logged into the logging server.
Linux: Stop jcache and restart Tomcat. Generate events and check the logging server.
Windows: Generate events and check the logging server.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, contact Technical Support.
This issue occurs when your browser caches iManager information that does not have the necessary tokens. To resolve this issue, clear your browser cache, and then log back in to iManager. (816973)
After upgrading to iManager 2.7.7 on a Windows Server 2012 computer, the Tomcat service might not restart automatically. You must manually restart the service.
To run iManager Workstation on a computer running version 12.2 or 12.3 of the OpenSUSE operating system, ensure the following OpenSUSE packages are installed:
The following IPv6-related issues are present in iManager 2.7.7:
Symantec Network Threat Protection conflicts with IPv6 addresses. To use IPv6 addresses in iManager 2.7.7, you must disable Network Threat Protection.
To use IPv6 addresses in iManager 2.7.7, you can use the Firefox 32 browser.
If your iManager installation uses IPv4 addresses, and you use the Import Convert Export Wizard to connect to an eDirectory installation that uses IPv6 addresses, the wizard fails to connect and displays the following error:
Unable to connect to the requested server. Verify the name/address and port.
To configure iManager to handle IPv6 addresses, complete the following steps:
Open the catalina.properties file, and comment out the following lines:
NOTE:The java.net.preferIPv4Stack property applies to communication between iManager and eDirectory. The java.net.preferIPv4Addresses property applies to communication between browsers and iManager.
In iManager, click.
Click, and then select the View LDAP Servers tab.
Select the LDAP server you want to configure and click the Connections tab.
Under, add LDAP interfaces for the IPv6-format addresses, including the port numbers, as follows:
Configure the Role-Based Services, then log out from the session and log in again.
The following issues in thetab of the Object View are present in iManager 2.7.7:
The Tree view does not save its state, including the current position within the tree, when you switch between the Tree view and thetabs.
When you click, you cannot perform any pop-up related operations in , , and tabs.
To workaround this issue, launch Internet Explorer 10 in compatibility mode.
iManager 2.7.7 does not support metro user interface view for Internet Explorer 10.0 in Windows 7.0 and 8.0 versions.
While installing the latest eDirectory plug-in on RHEL 5.8 (64-bit), iManager returns the following exception message:
File not found exception message
To workaround this issue, restart Tomcat.
While installing iManager 2.7.7 on RHEL Server release 6.5 and RHEL Server release version 5.10, the installer displays a warning message stating that the platform is unsupported.
To workaround this issue, include Redhat Enterprise Linux Server release 6.5 and Redhat Enterprise Linux Server release 5.10 in the platforms.xml file. For more information about installing iManager on unsupported platforms, see Installing iManager on Unsupported Platforms in the NetIQ iManager Installation Guide.
iManager requires NMAS support to be installed on the Windows system on which iManager is installed. It does not require the Novell Client. If you are going to use the Novell Client, iManager requires a version with NMAS support.
When you access iManager by using an IPv6 address and then add new members to a dynamic group, the members are not displayed in thefields.
To work around this issue, you can configure LDAP by using iManager or the eDirectory command prompt.
To configure LDAP by using iManager, complete the following steps:
Install eDirectory 8.8 SP8.
In iManager, go tolist, and then click > .
Click thetab, then select the appropriate server.
On the LDAP Server page, click the ldaps: [ipv6_address]:LDAP_SSL_PORT) in the field, then click .tab, add a new LDAP server (for example,
Click, then click .
To determine whether LDAP is configured for IPv6, enter the ldapconfig get command in the eDirectory command prompt. The following values are listed in the result if LDAP is configured:
Require TLS for Simple Binds with Password: yes
If LDAP is not configured, enter the following command to configure it:
ldapconfig set "ldapInterfaces= ldaps://[ipv6_address]:LDAP_SSL_PORT"
The Groups plug-in reports an error if there are unspecified addresses in the ldapInterfaces attribute of the LDAP server.
During installation or configuration, eDirectory automatically configures the LDAP server to listen on all available interfaces by adding ldap://:389 and ldaps://:636 to the ldapInterfaces attribute. The plug-in interprets these values incorrectly and tries to connect to the LDAPS port on the iManager server computer. The connection fails, and the Groups plug-in displays the following error messages:
Unable to obtain a valid LDAP context.
Creating secure SSL LDAP context failed: localhost:636
To work around this issue, remove unspecified addresses and add specific IP addresses to ldapInterfaces.
Novell logo appears in the iManager Login page after upgrading it from previous versions to iManager 2.7.7.
To workaround this issue, clear the browser cache and relaunch iManager.
When iManager 2.7.6 is upgraded to iManager 2.7.7, iManager Base Content is displayed in thelist. Though it appears in the list of available plug-ins, the Base Content is installed during the upgrade process.
It is safe to ignore it and continue working on iManager because it does not affect the iManager functionality in any way. However, if you do not want the Base Content to display in the list, select, click , and then restart Tomcat.
iManager 2.7.7 fails to login and displays the following error message, if you have installed NICI 2.7.6:
Unable to create AdminNamespace.java.lang.NoClassDefFoundError: Could not initialize class novell.jclient.JClient
To workaround this issue, remove NICI 2.7.6 using theoption in and then install NICI 2.7.7, which is available in the iManager 2.7.7 build.
While installing iManager 2.7.7 plug-ins, the ones selected from the local disk are not listed in the Installation Summary page, whereas the plug-ins selected from the NetIQ download page are listed.
However, the plug-ins selected from the local disk are installed even though they are not listed in the Installation Summary page.
The Identity Manager plug-in does not work in iManager 2.7.7 if you have selected both Identity Manager plug-in and SecretStore plug-in options during iManager installation.
To workaround this issue, select only Identity Manager plug-in during iManager installation. Alternatively, use the iManager UI to install the Identity Manager plug-in and then separately install the SecretStore plug-in.
In the standalone iManager 2.7.7 Patch 1 release, the following plug-ins are not listed in thepage:
Novell iFolder 3
iPrint Linux Management Plug-in
iPrint Management Plugin for Netware
DHCP Management for NetWare
DHCP OES Linux
QuickFinder Server Management
This is because the fix provided for preventing Cross-Site Request Forgery (CSRF) attack breaks these plug-ins.
To workaround this issue, uncomment the appender that you want to enable. For example, To enable naudit appender uncomment the following line:
After this, restart Tomcat.
NetIQ Corporation, and its affiliates, have intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents and one or more additional patents or pending patent applications in the U.S. and in other countries.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
For purposes of clarity, any module, adapter or other similar material (“Module”) is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
© 2015 NetIQ Corporation. All Rights Reserved.
For information about NetIQ trademarks, see http://www.netiq.com/company/legal/.